<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<!DOCTYPE policy SYSTEM "policy.dtd">
<policy>
<layer name="admin">
<summary>
	Policy modules for administrative functions, such as package management.
</summary>
<module name="acct" filename="policy/modules/admin/acct.if">
<summary>Berkeley process accounting.</summary>
<interface name="acct_domtrans" lineno="14">
<summary>
Transition to the accounting
management domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="acct_exec" lineno="34">
<summary>
Execute accounting management tools
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acct_exec_data" lineno="54">
<summary>
Execute accounting management data
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acct_manage_data" lineno="74">
<summary>
Create, read, write, and delete
process accounting data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acct_admin" lineno="101">
<summary>
All of the rules required to
administrate an acct environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="aide" filename="policy/modules/admin/aide.if">
<summary>Aide filesystem integrity checker.</summary>
<interface name="aide_domtrans" lineno="13">
<summary>
Execute aide in the aide domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aide_run" lineno="39">
<summary>
Execute aide programs in the AIDE
domain and allow the specified role
the AIDE domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="aide_admin" lineno="65">
<summary>
All of the rules required to
administrate an aide environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="aide_mmap_files" dftval="false">
<desc>
<p>
Control if AIDE can mmap files.
AIDE can be compiled with the option 'with-mmap' in which case it will
attempt to mmap files while running.
</p>
</desc>
</tunable>
</module>
<module name="alsa" filename="policy/modules/admin/alsa.if">
<summary>Advanced Linux Sound Architecture utilities.</summary>
<interface name="alsa_domtrans" lineno="13">
<summary>
Execute a domain transition to run Alsa.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="alsa_run" lineno="39">
<summary>
Execute a domain transition to run
Alsa, and allow the specified role
the Alsa domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="alsa_rw_semaphores" lineno="58">
<summary>
Read and write Alsa semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_rw_shared_mem" lineno="76">
<summary>
Read and write Alsa shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_read_config" lineno="94">
<summary>
Read Alsa configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_manage_config" lineno="115">
<summary>
Manage Alsa config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_manage_home_files" lineno="137">
<summary>
Create, read, write, and delete
alsa home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_read_home_files" lineno="156">
<summary>
Read Alsa home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_relabel_home_files" lineno="175">
<summary>
Relabel alsa home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_home_filetrans_alsa_home" lineno="206">
<summary>
Create objects in user home
directories with the generic alsa
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="alsa_read_lib" lineno="224">
<summary>
Read Alsa lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_write_lib" lineno="243">
<summary>
Write Alsa lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="amanda" filename="policy/modules/admin/amanda.if">
<summary>Advanced Maryland Automatic Network Disk Archiver.</summary>
<interface name="amanda_domtrans_recover" lineno="14">
<summary>
Execute a domain transition to run
Amanda recover.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="amanda_run_recover" lineno="41">
<summary>
Execute a domain transition to run
Amanda recover, and allow the specified
role the Amanda recover domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="amanda_search_lib" lineno="60">
<summary>
Search Amanda library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amanda_dontaudit_read_dumpdates" lineno="79">
<summary>
Do not audit attempts to read /etc/dumpdates.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="amanda_rw_dumpdates_files" lineno="97">
<summary>
Read and write /etc/dumpdates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amanda_manage_lib" lineno="116">
<summary>
Manage Amanda library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amanda_append_log_files" lineno="135">
<summary>
Read and append amanda log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amanda_search_var_lib" lineno="154">
<summary>
Search Amanda var library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="amtu" filename="policy/modules/admin/amtu.if">
<summary>Abstract Machine Test Utility.</summary>
<interface name="amtu_domtrans" lineno="13">
<summary>
Execute a domain transition to run Amtu.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="amtu_run" lineno="39">
<summary>
Execute a domain transition to run
Amtu, and allow the specified role
the Amtu domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="amtu_admin" lineno="65">
<summary>
All of the rules required to
administrate an amtu environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="anaconda" filename="policy/modules/admin/anaconda.if">
<summary>Anaconda installer.</summary>
</module>
<module name="apt" filename="policy/modules/admin/apt.if">
<summary>Advanced package tool.</summary>
<interface name="apt_domtrans" lineno="13">
<summary>
Execute apt programs in the apt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apt_exec" lineno="32">
<summary>
Execute the apt in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_run" lineno="57">
<summary>
Execute apt programs in the apt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apt_use_fds" lineno="76">
<summary>
Use apt file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_dontaudit_use_fds" lineno="95">
<summary>
Do not audit attempts to use
apt file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apt_read_pipes" lineno="113">
<summary>
Read apt unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_rw_pipes" lineno="131">
<summary>
Read and write apt unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_use_ptys" lineno="149">
<summary>
Read and write apt ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_read_cache" lineno="167">
<summary>
Read apt package cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_manage_cache" lineno="187">
<summary>
Create, read, write, and delete apt package cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_read_db" lineno="207">
<summary>
Read apt package database content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_manage_db" lineno="229">
<summary>
Create, read, write, and delete
apt package database content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_dontaudit_manage_db" lineno="251">
<summary>
Do not audit attempts to create,
read, write, and delete apt
package database content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="backup" filename="policy/modules/admin/backup.if">
<summary>System backup scripts.</summary>
<interface name="backup_domtrans" lineno="13">
<summary>
Execute backup in the backup domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="backup_run" lineno="40">
<summary>
Execute backup in the backup
domain, and allow the specified
role the backup domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="backup_manage_store_files" lineno="60">
<summary>
Create, read, and write backup
store files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="bacula" filename="policy/modules/admin/bacula.if">
<summary>Cross platform network backup.</summary>
<interface name="bacula_domtrans_admin" lineno="14">
<summary>
Execute bacula admin bacula
admin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bacula_run_admin" lineno="41">
<summary>
Execute user interfaces in the
bacula admin domain, and allow the
specified role the bacula admin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bacula_admin" lineno="67">
<summary>
All of the rules required to
administrate an bacula environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bcfg2" filename="policy/modules/admin/bcfg2.if">
<summary>configuration management suite.</summary>
<interface name="bcfg2_domtrans" lineno="13">
<summary>
Execute bcfg2 in the bcfg2 domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bcfg2_initrc_domtrans" lineno="32">
<summary>
Execute bcfg2 server in the bcfg2 domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bcfg2_search_lib" lineno="50">
<summary>
Search bcfg2 lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_read_lib_files" lineno="69">
<summary>
Read bcfg2 lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_manage_lib_files" lineno="89">
<summary>
Create, read, write, and delete
bcfg2 lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_manage_lib_dirs" lineno="109">
<summary>
Create, read, write, and delete
bcfg2 lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_admin" lineno="135">
<summary>
All of the rules required to
administrate an bcfg2 environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="blueman" filename="policy/modules/admin/blueman.if">
<summary>Tool to manage Bluetooth devices.</summary>
<interface name="blueman_domtrans" lineno="13">
<summary>
Execute blueman in the blueman domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="blueman_dbus_chat" lineno="33">
<summary>
Send and receive messages from
blueman over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="blueman_search_lib" lineno="53">
<summary>
Search blueman lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="blueman_read_lib_files" lineno="72">
<summary>
Read blueman lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="blueman_manage_lib_files" lineno="92">
<summary>
Create, read, write, and delete
blueman lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="bootloader" filename="policy/modules/admin/bootloader.if">
<summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
<interface name="bootloader_domtrans" lineno="13">
<summary>
Execute bootloader in the bootloader domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bootloader_run" lineno="39">
<summary>
Execute bootloader interactively and do
a domain transition to the bootloader domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bootloader_exec" lineno="58">
<summary>
Execute bootloader in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bootloader_read_config" lineno="77">
<summary>
Read the bootloader configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bootloader_rw_config" lineno="97">
<summary>
Read and write the bootloader
configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bootloader_rw_tmp_files" lineno="116">
<summary>
Read and write the bootloader
temporary data in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bootloader_manage_tmp_files" lineno="135">
<summary>
manage the bootloader temporary files in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bootloader_map_tmp_files" lineno="155">
<summary>
map the bootloader temporary files in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bootloader_read_tmp_lnk_files" lineno="173">
<summary>
read bootloader link files under /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bootloader_create_runtime_file" lineno="192">
<summary>
Create, read and write the bootloader
runtime data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="brctl" filename="policy/modules/admin/brctl.if">
<summary>Utilities for configuring the Linux ethernet bridge.</summary>
<interface name="brctl_domtrans" lineno="13">
<summary>
Execute a domain transition to run brctl.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="brctl_run" lineno="38">
<summary>
Execute brctl in the brctl domain, and
allow the specified role the brctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="certwatch" filename="policy/modules/admin/certwatch.if">
<summary>Digital Certificate Tracking.</summary>
<interface name="certwatch_domtrans" lineno="13">
<summary>
Domain transition to certwatch.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="certwatch_run" lineno="41">
<summary>
Execute certwatch in the certwatch
domain, and allow the specified role
the certwatch domain.
backchannel.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cfengine" filename="policy/modules/admin/cfengine.if">
<summary>System administration tool for networks.</summary>
<template name="cfengine_domain_template" lineno="13">
<summary>
The template to define a cfengine domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="cfengine_read_lib_files" lineno="45">
<summary>
Read cfengine lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cfengine_dontaudit_write_log_files" lineno="65">
<summary>
Do not audit attempts to write
cfengine log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cfengine_admin" lineno="90">
<summary>
All of the rules required to
administrate an cfengine environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="chkrootkit" filename="policy/modules/admin/chkrootkit.if">
<summary>chkrootkit - rootkit checker.</summary>
<interface name="chkrootkit_domtrans" lineno="13">
<summary>
Execute a domain transition to run chkrootkit.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="chkrootkit_run" lineno="39">
<summary>
Execute chkrootkit in the chkrootkit domain,
and allow the specified role
the chkrootkit domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="consoletype" filename="policy/modules/admin/consoletype.if">
<summary>
Determine of the console connected to the controlling terminal.
</summary>
<interface name="consoletype_domtrans" lineno="15">
<summary>
Execute consoletype in the consoletype domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="consoletype_run" lineno="44">
<summary>
Execute consoletype in the consoletype domain, and
allow the specified role the consoletype domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="consoletype_exec" lineno="64">
<summary>
Execute consoletype in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ddcprobe" filename="policy/modules/admin/ddcprobe.if">
<summary>ddcprobe retrieves monitor and graphics card information.</summary>
<interface name="ddcprobe_domtrans" lineno="13">
<summary>
Execute ddcprobe in the ddcprobe domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ddcprobe_run" lineno="40">
<summary>
Execute ddcprobe in the ddcprobe
domain, and allow the specified
role the ddcprobe domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dmesg" filename="policy/modules/admin/dmesg.if">
<summary>Policy for dmesg.</summary>
<interface name="dmesg_domtrans" lineno="13">
<summary>
Execute dmesg in the dmesg domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dmesg_exec" lineno="33">
<summary>
Execute dmesg in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dmidecode" filename="policy/modules/admin/dmidecode.if">
<summary>Decode DMI data for x86/ia64 bioses.</summary>
<interface name="dmidecode_domtrans" lineno="13">
<summary>
Execute dmidecode in the dmidecode domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dmidecode_run" lineno="40">
<summary>
Execute dmidecode in the dmidecode
domain, and allow the specified
role the dmidecode domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dphysswapfile" filename="policy/modules/admin/dphysswapfile.if">
<summary>Set up, mount/unmount, and delete an swap file.</summary>
<interface name="dphysswapfile_admin" lineno="20">
<summary>
All of the rules required to
administrate an dphys-swapfile environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dpkg" filename="policy/modules/admin/dpkg.if">
<summary>Debian package manager.</summary>
<interface name="dpkg_domtrans" lineno="13">
<summary>
Execute dpkg programs in the dpkg domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dpkg_nnp_domtrans" lineno="32">
<summary>
Transition to dpkg_t when NNP has been set
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_run" lineno="57">
<summary>
Execute dpkg programs in the dpkg domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dpkg_exec" lineno="76">
<summary>
Execute the dkpg in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_domtrans_script" lineno="96">
<summary>
Execute dpkg_script programs in
the dpkg_script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dpkg_script_rw_pipes" lineno="117">
<summary>
access dpkg_script fifos
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="dpkg_use_fds" lineno="136">
<summary>
Inherit and use file descriptors from dpkg.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_read_pipes" lineno="154">
<summary>
Read from unnamed dpkg pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_rw_pipes" lineno="172">
<summary>
Read and write unnamed dpkg pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_use_script_fds" lineno="191">
<summary>
Inherit and use file descriptors
from dpkg scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_script_rw_inherited_pipes" lineno="210">
<summary>
Inherit and use file descriptors
from dpkg scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_read_db" lineno="229">
<summary>
Read dpkg package database content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_manage_db" lineno="251">
<summary>
Create, read, write, and delete
dpkg package database content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_dontaudit_manage_db" lineno="273">
<summary>
Do not audit attempts to create,
read, write, and delete dpkg
package database content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dpkg_lock_db" lineno="294">
<summary>
Create, read, write, and delete
dpkg lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_manage_script_tmp_files" lineno="314">
<summary>
manage dpkg_script_tmp_t files and dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_map_script_tmp_files" lineno="334">
<summary>
map dpkg_script_tmp_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_read_script_tmp_symlinks" lineno="352">
<summary>
read dpkg_script_tmp_t links
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_dbus_chat" lineno="370">
<summary>
send dbus messages to dpkg_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_read_state" lineno="388">
<summary>
read dpkg_t process state
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="fakehwclock" filename="policy/modules/admin/fakehwclock.if">
<summary>fake-hwclock - Control fake hardware clock.</summary>
<interface name="fakehwclock_admin" lineno="19">
<summary>
All the rules required to
administrate an fake-hwclock environment.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="firstboot" filename="policy/modules/admin/firstboot.if">
<summary>Initial system configuration utility.</summary>
<interface name="firstboot_domtrans" lineno="13">
<summary>
Execute firstboot in the firstboot domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="firstboot_run" lineno="39">
<summary>
Execute firstboot in the firstboot
domain, and allow the specified role
the firstboot domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="firstboot_use_fds" lineno="58">
<summary>
Inherit and use firstboot file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firstboot_dontaudit_use_fds" lineno="77">
<summary>
Do not audit attempts to inherit
firstboot file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="firstboot_write_pipes" lineno="95">
<summary>
Write firstboot unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firstboot_rw_pipes" lineno="113">
<summary>
Read and Write firstboot unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firstboot_dontaudit_rw_pipes" lineno="132">
<summary>
Do not audit attempts to read and
write firstboot unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="firstboot_dontaudit_rw_stream_sockets" lineno="152">
<summary>
Do not audit attempts to read and
write firstboot unix domain
stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<tunable name="firstboot_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the firstboot domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="firstboot_read_all_user_content" dftval="false">
<desc>
<p>
Grant the firstboot domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="firstboot_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the firstboot domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="firstboot_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the firstboot domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="hwloc" filename="policy/modules/admin/hwloc.if">
<summary>Dump topology and locality information from hardware tables.</summary>
<interface name="hwloc_domtrans_dhwd" lineno="13">
<summary>
Execute hwloc dhwd in the hwloc dhwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hwloc_run_dhwd" lineno="38">
<summary>
Execute hwloc dhwd in the hwloc dhwd domain, and
allow the specified role the hwloc dhwd domain,
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="hwloc_exec_dhwd" lineno="57">
<summary>
Execute hwloc dhwd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hwloc_read_runtime_files" lineno="75">
<summary>
Read hwloc runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hwloc_admin" lineno="96">
<summary>
All of the rules required to
administrate an hwloc environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="kdump" filename="policy/modules/admin/kdump.if">
<summary>Kernel crash dumping mechanism.</summary>
<interface name="kdump_domtrans" lineno="13">
<summary>
Execute kdump in the kdump domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kdump_initrc_domtrans" lineno="33">
<summary>
Execute kdump init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kdump_read_config" lineno="51">
<summary>
Read kdump configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_manage_config" lineno="71">
<summary>
Create, read, write, and delete
kdmup configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_admin" lineno="97">
<summary>
All of the rules required to
administrate an kdump environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="kismet" filename="policy/modules/admin/kismet.if">
<summary>IEEE 802.11 wireless LAN sniffer.</summary>
<template name="kismet_role" lineno="18">
<summary>
Role access for kismet.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</template>
<interface name="kismet_domtrans" lineno="51">
<summary>
Execute a domain transition to run kismet.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kismet_run" lineno="76">
<summary>
Execute kismet in the kismet domain, and
allow the specified role the kismet domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="kismet_read_pid_files" lineno="95">
<summary>
Read kismet pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_pid_files" lineno="111">
<summary>
Create, read, write, and delete
kismet pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_read_runtime_files" lineno="126">
<summary>
Read kismet runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_runtime_files" lineno="146">
<summary>
Create, read, write, and delete
kismet runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_search_lib" lineno="165">
<summary>
Search kismet lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_read_lib_files" lineno="184">
<summary>
Read kismet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_lib_files" lineno="205">
<summary>
Create, read, write, and delete
kismet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_lib" lineno="225">
<summary>
Create, read, write, and delete
kismet lib content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_read_log" lineno="247">
<summary>
Read kismet log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kismet_append_log" lineno="266">
<summary>
Append kismet log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_log" lineno="286">
<summary>
Create, read, write, and delete
kismet log content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_admin" lineno="314">
<summary>
All of the rules required to
administrate an kismet environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="logrotate" filename="policy/modules/admin/logrotate.if">
<summary>Rotates, compresses, removes and mails system log files.</summary>
<interface name="logrotate_domtrans" lineno="13">
<summary>
Execute logrotate in the logrotate domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logrotate_run" lineno="40">
<summary>
Execute logrotate in the logrotate
domain, and allow the specified
role the logrotate domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logrotate_exec" lineno="59">
<summary>
Execute logrotate in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logrotate_use_fds" lineno="78">
<summary>
Inherit and use logrotate file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logrotate_dontaudit_use_fds" lineno="97">
<summary>
Do not audit attempts to inherit
logrotate file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="logrotate_read_tmp_files" lineno="115">
<summary>
Read logrotate temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="logwatch" filename="policy/modules/admin/logwatch.if">
<summary>System log analyzer and reporter.</summary>
<interface name="logwatch_read_tmp_files" lineno="13">
<summary>
Read logwatch temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logwatch_search_cache_dir" lineno="32">
<summary>
Search logwatch cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="logwatch_can_network_connect_mail" dftval="false">
<desc>
<p>
Determine whether logwatch can connect
to mail over the network.
</p>
</desc>
</tunable>
</module>
<module name="mcelog" filename="policy/modules/admin/mcelog.if">
<summary>Linux hardware error daemon.</summary>
<interface name="mcelog_domtrans" lineno="13">
<summary>
Execute a domain transition to run mcelog.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mcelog_admin" lineno="39">
<summary>
All of the rules required to
administrate an mcelog environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="mcelog_client" dftval="false">
<desc>
<p>
Determine whether mcelog supports
client mode.
</p>
</desc>
</tunable>
<tunable name="mcelog_exec_scripts" dftval="true">
<desc>
<p>
Determine whether mcelog can execute scripts.
</p>
</desc>
</tunable>
<tunable name="mcelog_foreground" dftval="false">
<desc>
<p>
Determine whether mcelog can use all
the user ttys.
</p>
</desc>
</tunable>
<tunable name="mcelog_server" dftval="false">
<desc>
<p>
Determine whether mcelog supports
server mode.
</p>
</desc>
</tunable>
<tunable name="mcelog_syslog" dftval="false">
<desc>
<p>
Determine whether mcelog can use syslog.
</p>
</desc>
</tunable>
</module>
<module name="mrtg" filename="policy/modules/admin/mrtg.if">
<summary>Network traffic graphing.</summary>
<interface name="mrtg_read_config" lineno="13">
<summary>
Read mrtg configuration
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mrtg_append_create_logs" lineno="31">
<summary>
Create and append mrtg log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mrtg_admin" lineno="58">
<summary>
All of the rules required to
administrate an mrtg environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ncftool" filename="policy/modules/admin/ncftool.if">
<summary>Cross-platform network configuration library.</summary>
<interface name="ncftool_domtrans" lineno="13">
<summary>
Execute a domain transition to run ncftool.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ncftool_run" lineno="39">
<summary>
Execute ncftool in the ncftool
domain, and allow the specified
role the ncftool domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="netutils" filename="policy/modules/admin/netutils.if">
<summary>Network analysis utilities</summary>
<interface name="netutils_domtrans" lineno="13">
<summary>
Execute network utilities in the netutils domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="netutils_run" lineno="39">
<summary>
Execute network utilities in the netutils domain, and
allow the specified role the netutils domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_exec" lineno="58">
<summary>
Execute network utilities in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_signal" lineno="77">
<summary>
Send generic signals to network utilities.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_domtrans_ping" lineno="95">
<summary>
Execute ping in the ping domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="netutils_kill_ping" lineno="114">
<summary>
Send a kill (SIGKILL) signal to ping.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_signal_ping" lineno="132">
<summary>
Send generic signals to ping.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_run_ping" lineno="157">
<summary>
Execute ping in the ping domain, and
allow the specified role the ping domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_run_ping_cond" lineno="183">
<summary>
Conditionally execute ping in the ping domain, and
allow the specified role the ping domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_exec_ping" lineno="206">
<summary>
Execute ping in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_domtrans_traceroute" lineno="225">
<summary>
Execute traceroute in the traceroute domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="netutils_run_traceroute" lineno="251">
<summary>
Execute traceroute in the traceroute domain, and
allow the specified role the traceroute domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_run_traceroute_cond" lineno="277">
<summary>
Conditionally execute traceroute in the traceroute domain, and
allow the specified role the traceroute domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_exec_traceroute" lineno="300">
<summary>
Execute traceroute in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="user_ping" dftval="false">
<desc>
<p>
Control users use of ping and traceroute
</p>
</desc>
</tunable>
</module>
<module name="passenger" filename="policy/modules/admin/passenger.if">
<summary>Ruby on rails deployment for Apache and Nginx servers.</summary>
<interface name="passenger_domtrans" lineno="13">
<summary>
Execute passenger in the passenger domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="passenger_exec" lineno="32">
<summary>
Execute passenger in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_read_lib_files" lineno="51">
<summary>
Read passenger lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="portage" filename="policy/modules/admin/portage.if">
<summary>Package Management System.</summary>
<interface name="portage_domtrans" lineno="13">
<summary>
Execute emerge in the portage domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portage_run" lineno="40">
<summary>
Execute emerge in the portage domain,
and allow the specified role the
portage domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portage_compile_domain" lineno="65">
<summary>
Template for portage sandbox.
</summary>
<desc>
<p>
Template for portage sandbox.  Portage
does all compiling in the sandbox.
</p>
</desc>
<param name="domain">
<summary>
Domain Allowed Access
</summary>
</param>
</interface>
<interface name="portage_domtrans_fetch" lineno="211">
<summary>
Execute tree management functions
(fetching, layman, ...) in the
portage fetch domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portage_run_fetch" lineno="240">
<summary>
Execute tree management functions
(fetching, layman, ...) in the
portage fetch domain, and allow
the specified role the portage
fetch domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portage_domtrans_gcc_config" lineno="259">
<summary>
Execute gcc-config in the gcc config domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portage_run_gcc_config" lineno="286">
<summary>
Execute gcc-config in the gcc config
domain, and allow the specified role
the gcc_config domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portage_dontaudit_use_fds" lineno="306">
<summary>
Do not audit attempts to use
portage file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="portage_dontaudit_search_tmp" lineno="325">
<summary>
Do not audit attempts to search the
portage temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="portage_dontaudit_rw_tmp_files" lineno="344">
<summary>
Do not audit attempts to read and write
the portage temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<tunable name="portage_use_nfs" dftval="false">
<desc>
<p>
Determine whether portage can
use nfs filesystems.
</p>
</desc>
</tunable>
</module>
<module name="prelink" filename="policy/modules/admin/prelink.if">
<summary>Prelink ELF shared library mappings.</summary>
<interface name="prelink_domtrans" lineno="13">
<summary>
Execute prelink in the prelink domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="prelink_exec" lineno="37">
<summary>
Execute prelink in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_run" lineno="64">
<summary>
Execute prelink in the prelink
domain, and allow the specified role
the prelink domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="prelink_object_file" lineno="83">
<summary>
Make the specified file type prelinkable.
</summary>
<param name="file_type">
<summary>
File type to be prelinked.
</summary>
</param>
</interface>
<interface name="prelink_read_cache" lineno="101">
<summary>
Read prelink cache files.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_delete_cache" lineno="120">
<summary>
Delete prelink cache files.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_manage_log" lineno="140">
<summary>
Create, read, write, and delete
prelink log files.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_manage_lib" lineno="160">
<summary>
Create, read, write, and delete
prelink var_lib files.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_relabelfrom_lib" lineno="179">
<summary>
Relabel from prelink lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_relabel_lib" lineno="198">
<summary>
Relabel prelink lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="puppet" filename="policy/modules/admin/puppet.if">
<summary>Configuration management system.</summary>
<interface name="puppet_domtrans_puppetca" lineno="14">
<summary>
Execute puppetca in the puppetca
domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="puppet_run_puppetca" lineno="41">
<summary>
Execute puppetca in the puppetca
domain and allow the specified
role the puppetca domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="puppet_read_config" lineno="60">
<summary>
Read puppet configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_read_lib_files" lineno="81">
<summary>
Read Puppet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_manage_lib_files" lineno="101">
<summary>
Create, read, write, and delete
puppet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_append_log_files" lineno="120">
<summary>
Append puppet log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_create_log_files" lineno="139">
<summary>
Create puppet log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_read_log_files" lineno="158">
<summary>
Read puppet log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_rw_tmp" lineno="177">
<summary>
Read and write to puppet tempoprary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_admin" lineno="203">
<summary>
All of the rules required to
administrate an puppet environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="puppet_manage_all_files" dftval="false">
<desc>
<p>
Determine whether puppet can
manage all non-security files.
</p>
</desc>
</tunable>
</module>
<module name="quota" filename="policy/modules/admin/quota.if">
<summary>File system quota management.</summary>
<interface name="quota_domtrans" lineno="13">
<summary>
Execute quota management tools in the quota domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="quota_run" lineno="40">
<summary>
Execute quota management tools in
the quota domain, and allow the
specified role the quota domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="quota_domtrans_nld" lineno="59">
<summary>
Execute quota nld in the quota nld domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="quota_manage_db_files" lineno="79">
<summary>
Create, read, write, and delete
quota db files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="quota_spec_filetrans_db" lineno="114">
<summary>
Create specified objects in specified
directories with a type transition to
the quota db file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
Directory to transition on.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="quota_dontaudit_getattr_db" lineno="133">
<summary>
Do not audit attempts to get attributes
of filesystem quota data files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="quota_manage_flags" lineno="152">
<summary>
Create, read, write, and delete
quota flag files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="quota_admin" lineno="178">
<summary>
All of the rules required to
administrate an quota environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rkhunter" filename="policy/modules/admin/rkhunter.if">
<summary>rkhunter - rootkit checker.</summary>
<interface name="rkhunter_domtrans" lineno="13">
<summary>
Execute a domain transition to run rkhunter.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rkhunter_run" lineno="39">
<summary>
Execute rkhunter in the rkhunter domain,
and allow the specified role
the rkhunter domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<tunable name="rkhunter_connect_http" dftval="false">
<desc>
<p>
Determine whether rkhunter can connect
to http ports. This is required by the
--update option.
</p>
</desc>
</tunable>
</module>
<module name="rpm" filename="policy/modules/admin/rpm.if">
<summary>Redhat package manager.</summary>
<interface name="rpm_domtrans" lineno="13">
<summary>
Execute rpm in the rpm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpm_debuginfo_domtrans" lineno="33">
<summary>
Execute debuginfo install
in the rpm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpm_domtrans_script" lineno="52">
<summary>
Execute rpm scripts in the rpm script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpm_run" lineno="82">
<summary>
Execute rpm in the rpm domain,
and allow the specified roles the
rpm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpm_exec" lineno="101">
<summary>
Execute the rpm in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_signull" lineno="120">
<summary>
Send null signals to rpm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_use_fds" lineno="138">
<summary>
Inherit and use file descriptors from rpm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_pipes" lineno="156">
<summary>
Read rpm unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_rw_pipes" lineno="174">
<summary>
Read and write rpm unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_dbus_chat" lineno="193">
<summary>
Send and receive messages from
rpm over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_dbus_chat" lineno="214">
<summary>
Do not audit attempts to send and
receive messages from rpm over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rpm_script_dbus_chat" lineno="235">
<summary>
Send and receive messages from
rpm script over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_search_log" lineno="255">
<summary>
Search rpm log directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_append_log" lineno="274">
<summary>
Append rpm log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_log" lineno="294">
<summary>
Create, read, write, and delete
rpm log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_use_script_fds" lineno="313">
<summary>
Inherit and use rpm script file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_script_tmp_files" lineno="332">
<summary>
Create, read, write, and delete
rpm script temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_append_tmp_files" lineno="351">
<summary>
Append rpm temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_tmp_files" lineno="371">
<summary>
Create, read, write, and delete
rpm temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_script_tmp_files" lineno="390">
<summary>
Read rpm script temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_cache" lineno="410">
<summary>
Read rpm cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_cache" lineno="432">
<summary>
Create, read, write, and delete
rpm cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_db" lineno="453">
<summary>
Read rpm lib content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_delete_db" lineno="475">
<summary>
Delete rpm lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_db" lineno="495">
<summary>
Create, read, write, and delete
rpm lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_manage_db" lineno="517">
<summary>
Do not audit attempts to create, read,
write, and delete rpm lib content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rpm_read_pid_files" lineno="538">
<summary>
Read rpm pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_pid_files" lineno="553">
<summary>
Create, read, write, and delete
rpm pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_pid_filetrans_rpm_pid" lineno="579">
<summary>
Create specified objects in pid directories
with the rpm pid file type.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="rpm_manage_runtime_files" lineno="594">
<summary>
Create, read, write, and delete
rpm runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_admin" lineno="620">
<summary>
All of the rules required to
administrate an rpm environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="samhain" filename="policy/modules/admin/samhain.if">
<summary>Check file integrity.</summary>
<template name="samhain_service_template" lineno="13">
<summary>
The template to define a samhain domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="samhain_domtrans" lineno="38">
<summary>
Execute samhain in the samhain domain
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samhain_run" lineno="82">
<summary>
Execute samhain in the samhain
domain with the clearance security
level and allow the specifiled role
the samhain domain.
</summary>
<desc>
<p>
Execute samhain in the samhain
domain with the clearance security
level and allow the specifiled role
the samhain domain.
</p>
<p>
The range_transition rule used in
this interface requires that the
calling domain should have the
clearance security level otherwise
the MLS constraint for process
transition would fail.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed to access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samhain_manage_config_files" lineno="107">
<summary>
Create, read, write, and delete
samhain configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samhain_manage_db_files" lineno="127">
<summary>
Create, read, write, and delete
samhain database files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samhain_manage_init_script_files" lineno="147">
<summary>
Create, read, write, and delete
samhain init script files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samhain_manage_log_files" lineno="167">
<summary>
Create, read, write, and delete
samhain log and log.lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samhain_manage_pid_files" lineno="187">
<summary>
Create, read, write, and delete
samhain pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samhain_admin" lineno="208">
<summary>
All of the rules required to
administrate the samhain environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role" unused="true">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sblim" filename="policy/modules/admin/sblim.if">
<summary>Standards Based Linux Instrumentation for Manageability.</summary>
<interface name="sblim_domtrans_gatherd" lineno="13">
<summary>
Execute gatherd in the gatherd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sblim_read_pid_files" lineno="32">
<summary>
Read gatherd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sblim_admin" lineno="53">
<summary>
All of the rules required to
administrate an sblim environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="shorewall" filename="policy/modules/admin/shorewall.if">
<summary>Shoreline Firewall high-level tool for configuring netfilter.</summary>
<interface name="shorewall_domtrans" lineno="13">
<summary>
Execute a domain transition to run shorewall.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="shorewall_lib_domtrans" lineno="33">
<summary>
Execute a domain transition to run shorewall
using executables from /var/lib.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="shorewall_read_config" lineno="52">
<summary>
Read shorewall configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_read_lib_files" lineno="71">
<summary>
Read shorewall lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_rw_lib_files" lineno="90">
<summary>
Read and write shorewall lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_read_tmp_files" lineno="109">
<summary>
Read shorewall temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_admin" lineno="135">
<summary>
All of the rules required to
administrate an shorewall environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="shutdown" filename="policy/modules/admin/shutdown.if">
<summary>System shutdown command.</summary>
<interface name="shutdown_role" lineno="18">
<summary>
Role access for shutdown.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="shutdown_domtrans" lineno="39">
<summary>
Execute a domain transition to run shutdown.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="shutdown_run" lineno="65">
<summary>
Execute shutdown in the shutdown
domain, and allow the specified role
the shutdown domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="shutdown_signal" lineno="84">
<summary>
Send generic signals to shutdown.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shutdown_sigchld" lineno="102">
<summary>
Send SIGCHLD signals to shutdown.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shutdown_getattr_exec_files" lineno="120">
<summary>
Get attributes of shutdown executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sosreport" filename="policy/modules/admin/sosreport.if">
<summary>Generate debugging information for system.</summary>
<interface name="sosreport_domtrans" lineno="13">
<summary>
Execute a domain transition to run sosreport.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sosreport_run" lineno="39">
<summary>
Execute sosreport in the sosreport
domain, and allow the specified
role the sosreport domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="sosreport_role" lineno="63">
<summary>
Role access for sosreport.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="sosreport_read_tmp_files" lineno="84">
<summary>
Read sosreport temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sosreport_append_tmp_files" lineno="103">
<summary>
Append sosreport temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sosreport_delete_tmp_files" lineno="122">
<summary>
Delete sosreport temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="su" filename="policy/modules/admin/su.if">
<summary>Run shells with substitute user and group.</summary>
<template name="su_restricted_domain_template" lineno="31">
<summary>
Restricted su domain template.
</summary>
<desc>
<p>
This template creates a derived domain which is allowed
to change the linux user id, to run shells as a different
user.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
</template>
<template name="su_role_template" lineno="138">
<summary>
The role template for the su module.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="su_exec" lineno="270">
<summary>
Execute su in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sudo" filename="policy/modules/admin/sudo.if">
<summary>Execute a command with a substitute user</summary>
<template name="sudo_role_template" lineno="31">
<summary>
The role template for the sudo module.
</summary>
<desc>
<p>
This template creates a derived domain which is allowed
to change the linux user id, to run commands as a different
user.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The user role.
</summary>
</param>
<param name="user_domain">
<summary>
The user domain associated with the role.
</summary>
</param>
</template>
<interface name="sudo_sigchld" lineno="185">
<summary>
Send a SIGCHLD signal to the sudo domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="sudo_all_tcp_connect_http_port" dftval="false">
<desc>
<p>
Determine whether all sudo domains
can connect to TCP HTTP ports. This
is needed if an additional authentication
mechanism via an HTTP server is
required for users to use sudo.
</p>
</desc>
</tunable>
</module>
<module name="sxid" filename="policy/modules/admin/sxid.if">
<summary>SUID/SGID program monitoring.</summary>
<interface name="sxid_read_log" lineno="14">
<summary>
Read sxid log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="tboot" filename="policy/modules/admin/tboot.if">
<summary>Utilities for the tboot TXT module.</summary>
<interface name="tboot_domtrans_txtstat" lineno="13">
<summary>
Execute txt-stat in the txtstat domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tboot_run_txtstat" lineno="38">
<summary>
Execute txt-stat in the txtstat domain, and
allow the specified role the txtstat domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the txtstat domain.
</summary>
</param>
</interface>
</module>
<module name="tmpreaper" filename="policy/modules/admin/tmpreaper.if">
<summary>Manage temporary directory sizes and file ages.</summary>
<interface name="tmpreaper_exec" lineno="13">
<summary>
Execute tmpreaper in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="tripwire" filename="policy/modules/admin/tripwire.if">
<summary>File integrity checker.</summary>
<interface name="tripwire_domtrans_tripwire" lineno="13">
<summary>
Execute tripwire in the tripwire domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tripwire_run_tripwire" lineno="40">
<summary>
Execute tripwire in the tripwire
domain, and allow the specified
role the tripwire domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tripwire_domtrans_twadmin" lineno="59">
<summary>
Execute twadmin in the twadmin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tripwire_run_twadmin" lineno="86">
<summary>
Execute twadmin in the twadmin
domain, and allow the specified
role the twadmin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tripwire_domtrans_twprint" lineno="105">
<summary>
Execute twprint in the twprint domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tripwire_run_twprint" lineno="132">
<summary>
Execute twprint in the twprint
domain, and allow the specified
role the twprint domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tripwire_domtrans_siggen" lineno="151">
<summary>
Execute siggen in the siggen domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tripwire_run_siggen" lineno="178">
<summary>
Execute siggen in the siggen domain,
and allow the specified role
the siggen domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="tzdata" filename="policy/modules/admin/tzdata.if">
<summary>Time zone updater.</summary>
<interface name="tzdata_domtrans" lineno="13">
<summary>
Execute a domain transition to run tzdata.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tzdata_run" lineno="40">
<summary>
Execute tzdata in the tzdata domain,
and allow the specified role
the tzdata domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="updfstab" filename="policy/modules/admin/updfstab.if">
<summary>Red Hat utility to change fstab.</summary>
<interface name="updfstab_domtrans" lineno="13">
<summary>
Execute updfstab in the updfstab domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="usbguard" filename="policy/modules/admin/usbguard.if">
<summary>
Usbguard enforces the USB device authorization policy for all USB
devices.
</summary>
<interface name="usbguard_stream_connect" lineno="16">
<summary>
Connect to usbguard with a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="usbguard_user_modify_rule_files" dftval="false">
<desc>
<p>
Determine whether authorized users can control the daemon,
which requires usbguard-daemon to be able modify its rules in
/etc/usbguard.
</p>
</desc>
</tunable>
</module>
<module name="usbmodules" filename="policy/modules/admin/usbmodules.if">
<summary>List kernel modules of USB devices.</summary>
<interface name="usbmodules_domtrans" lineno="13">
<summary>
Execute usbmodules in the usbmodules domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usbmodules_run" lineno="40">
<summary>
Execute usbmodules in the usbmodules
domain, and allow the specified
role the usbmodules domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="usermanage" filename="policy/modules/admin/usermanage.if">
<summary>Policy for managing user accounts.</summary>
<interface name="usermanage_domtrans_chfn" lineno="13">
<summary>
Execute chfn in the chfn domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usermanage_run_chfn" lineno="42">
<summary>
Execute chfn in the chfn domain, and
allow the specified role the chfn domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_domtrans_groupadd" lineno="61">
<summary>
Execute groupadd in the groupadd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usermanage_run_groupadd" lineno="91">
<summary>
Execute groupadd in the groupadd domain, and
allow the specified role the groupadd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="usermanage_domtrans_passwd" lineno="110">
<summary>
Execute passwd in the passwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usermanage_kill_passwd" lineno="133">
<summary>
Send sigkills to passwd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_check_exec_passwd" lineno="151">
<summary>
Check if the passwd binary is executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_run_passwd" lineno="175">
<summary>
Execute passwd in the passwd domain, and
allow the specified role the passwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_domtrans_admin_passwd" lineno="195">
<summary>
Execute password admin functions in
the admin passwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usermanage_run_admin_passwd" lineno="222">
<summary>
Execute passwd admin functions in the admin
passwd domain, and allow the specified role
the admin passwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="usermanage_dontaudit_use_useradd_fds" lineno="241">
<summary>
Do not audit attempts to use useradd fds.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="usermanage_domtrans_useradd" lineno="259">
<summary>
Execute useradd in the useradd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usermanage_check_exec_useradd" lineno="282">
<summary>
Check if the useradd binaries are executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_run_useradd" lineno="307">
<summary>
Execute useradd in the useradd domain, and
allow the specified role the useradd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="usermanage_read_crack_db" lineno="326">
<summary>
Read the crack database.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="vbetool" filename="policy/modules/admin/vbetool.if">
<summary>run real-mode video BIOS code to alter hardware state.</summary>
<interface name="vbetool_domtrans" lineno="13">
<summary>
Execute vbetool in the vbetool domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vbetool_run" lineno="39">
<summary>
Execute vbetool in the vbetool
domain, and allow the specified
role the vbetool domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<tunable name="vbetool_mmap_zero_ignore" dftval="false">
<desc>
<p>
Determine whether attempts by
vbetool to mmap low regions should
be silently blocked.
</p>
</desc>
</tunable>
</module>
<module name="vpn" filename="policy/modules/admin/vpn.if">
<summary>Virtual Private Networking client.</summary>
<interface name="vpn_domtrans" lineno="13">
<summary>
Execute vpn clients in the vpnc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vpn_run" lineno="40">
<summary>
Execute vpn clients in the vpnc
domain, and allow the specified
role the vpnc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="vpn_kill" lineno="59">
<summary>
Send kill signals to vpnc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_signal" lineno="77">
<summary>
Send generic signals to vpnc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_signull" lineno="95">
<summary>
Send null signals to vpnc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_dbus_chat" lineno="114">
<summary>
Send and receive messages from
vpnc over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_relabelfrom_tun_socket" lineno="134">
<summary>
Relabelfrom from vpnc socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
</layer>
<layer name="apps">
<summary>Policy modules for applications</summary>
<module name="awstats" filename="policy/modules/apps/awstats.if">
<summary>Log file analyzer for advanced statistics.</summary>
<interface name="awstats_domtrans" lineno="14">
<summary>
Execute the awstats program in
the awstats domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="awstats_purge_apache_log_files" dftval="false">
<desc>
<p>
Determine whether awstats can
purge httpd log files.
</p>
</desc>
</tunable>
<tunable name="allow_httpd_awstats_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="calamaris" filename="policy/modules/apps/calamaris.if">
<summary>Squid log analysis.</summary>
<interface name="calamaris_domtrans" lineno="14">
<summary>
Execute the calamaris in
the calamaris domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="calamaris_run" lineno="40">
<summary>
Execute calamaris in the
calamaris domain, and allow the
specified role the calamaris domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="calamaris_read_www_files" lineno="59">
<summary>
Read calamaris www files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="calamaris_admin" lineno="86">
<summary>
All of the rules required to
administrate an calamaris environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cdrecord" filename="policy/modules/apps/cdrecord.if">
<summary>Record audio or data Compact Discs from a master.</summary>
<interface name="cdrecord_role" lineno="18">
<summary>
Role access for cdrecord.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="cdrecord_exec" lineno="44">
<summary>
Execute cdrecord in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="cdrecord_read_content" dftval="false">
<desc>
<p>
Determine whether cdrecord can read
various content. nfs, samba, removable
devices, user temp and untrusted
content files
</p>
</desc>
</tunable>
</module>
<module name="chromium" filename="policy/modules/apps/chromium.if">
<summary>Chromium browser</summary>
<interface name="chromium_role" lineno="18">
<summary>
Role access for chromium
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="chromium_rw_tmp_pipes" lineno="68">
<summary>
Read-write access to Chromiums' temporary fifo files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="chromium_tmp_filetrans" lineno="97">
<summary>
Automatically use the specified type for resources created in chromium's
temporary locations
</summary>
<param name="domain">
<summary>
Domain that creates the resource(s)
</summary>
</param>
<param name="class">
<summary>
Type of the resource created
</summary>
</param>
<param name="filename" optional="true">
<summary>
The name of the resource being created
</summary>
</param>
</interface>
<interface name="chromium_domtrans" lineno="116">
<summary>
Execute a domain transition to the chromium domain (chromium_t)
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="chromium_run" lineno="142">
<summary>
Execute chromium in the chromium domain and allow the specified role to access the chromium domain
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
</interface>
<tunable name="chromium_dri" dftval="true">
<desc>
<p>
Allow chromium to access direct rendering interface
</p>
<p>
Needed for good performance on complex sites
</p>
</desc>
</tunable>
<tunable name="chromium_read_system_info" dftval="false">
<desc>
<p>
Allow chromium to read system information
</p>
<p>
Although not needed for regular browsing, this will allow chromium to update
its own memory consumption based on system state, support additional
debugging, detect specific devices, etc.
</p>
</desc>
</tunable>
<tunable name="chromium_bind_tcp_unreserved_ports" dftval="false">
<desc>
<p>
Allow chromium to bind to tcp ports
</p>
<p>
Although not needed for regular browsing, some chrome extensions need to
bind to tcp ports and accept connections.
</p>
</desc>
</tunable>
<tunable name="chromium_rw_usb_dev" dftval="false">
<desc>
<p>
Allow chromium to read/write USB devices
</p>
<p>
Although not needed for regular browsing, used for debugging over usb
or using FIDO U2F tokens.
</p>
</desc>
</tunable>
<tunable name="chromium_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the chromium domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="chromium_read_all_user_content" dftval="false">
<desc>
<p>
Grant the chromium domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="chromium_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the chromium domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="chromium_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the chromium domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="cpufreqselector" filename="policy/modules/apps/cpufreqselector.if">
<summary>Command-line CPU frequency settings.</summary>
<interface name="cpufreqselector_dbus_chat" lineno="14">
<summary>
Send and receive messages from
cpufreq-selector over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cryfs" filename="policy/modules/apps/cryfs.if">
<summary>CryFS and similar other tools which mount encrypted directories using FUSE.</summary>
<interface name="cryfs_role" lineno="18">
<summary>
Role access for CryFS.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<tunable name="cryfs_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the cryfs domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="cryfs_read_all_user_content" dftval="false">
<desc>
<p>
Grant the cryfs domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="cryfs_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the cryfs domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="cryfs_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the cryfs domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="evolution" filename="policy/modules/apps/evolution.if">
<summary>Evolution email client.</summary>
<interface name="evolution_role" lineno="18">
<summary>
Role access for evolution.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="evolution_home_filetrans" lineno="99">
<summary>
Create objects in the evolution home
directories with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
Private file type.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="evolution_read_home_files" lineno="118">
<summary>
Read evolution home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="evolution_stream_connect" lineno="137">
<summary>
Connect to evolution using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="evolution_read_orbit_tmp_files" lineno="158">
<summary>
Read evolution orbit temporary
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="evolution_dbus_chat" lineno="179">
<summary>
Send and receive messages from
evolution over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="evolution_alarm_dbus_chat" lineno="200">
<summary>
Send and receive messages from
evolution_alarm over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="evolution_domtrans" lineno="221">
<summary>
Make a domain transition to the
evolution target domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="evolution_manage_user_certs" dftval="false">
<desc>
<p>
Allow evolution to create and write
user certificates in addition to
being able to read them
</p>
</desc>
</tunable>
<tunable name="evolution_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the evolution domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="evolution_read_all_user_content" dftval="false">
<desc>
<p>
Grant the evolution domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="evolution_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the evolution domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="evolution_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the evolution domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="games" filename="policy/modules/apps/games.if">
<summary>Various games.</summary>
<interface name="games_role" lineno="18">
<summary>
Role access for games.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="games_rw_data" lineno="52">
<summary>
Read and write games data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="games_domtrans" lineno="71">
<summary>
Run a game in the game domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="games_dbus_chat" lineno="91">
<summary>
Send and receive messages from
games over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="gitosis" filename="policy/modules/apps/gitosis.if">
<summary>Tools for managing and hosting git repositories.</summary>
<interface name="gitosis_domtrans" lineno="13">
<summary>
Execute a domain transition to run gitosis.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gitosis_run" lineno="39">
<summary>
Execute gitosis-serve in the
gitosis domain, and allow the
specified role the gitosis domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="gitosis_read_lib_files" lineno="58">
<summary>
Read gitosis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gitosis_manage_lib_files" lineno="80">
<summary>
Create, read, write, and delete
gitosis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="gitosis_can_sendmail" dftval="false">
<desc>
<p>
Determine whether Gitosis can send mail.
</p>
</desc>
</tunable>
</module>
<module name="gnome" filename="policy/modules/apps/gnome.if">
<summary>GNU network object model environment.</summary>
<template name="gnome_role_template" lineno="24">
<summary>
The role template for gnome.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="gnome_exec_gconf" lineno="125">
<summary>
Execute gconf in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_gconf_config" lineno="144">
<summary>
Read gconf configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_dontaudit_read_inherited_gconf_config_files" lineno="166">
<summary>
Do not audit attempts to read
inherited gconf configuration files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="gnome_manage_gconf_config" lineno="185">
<summary>
Create, read, write, and delete
gconf configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_stream_connect_gconf" lineno="207">
<summary>
Connect to gconf using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_domtrans_gconfd" lineno="226">
<summary>
Run gconfd in gconfd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gnome_create_generic_home_dirs" lineno="245">
<summary>
Create generic gnome home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_setattr_generic_home_dirs" lineno="264">
<summary>
Set attributes of generic gnome
user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_generic_home_content" lineno="283">
<summary>
Read generic gnome home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_generic_home_content" lineno="307">
<summary>
Create, read, write, and delete
generic gnome home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_search_generic_home" lineno="330">
<summary>
Search generic gnome home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_home_filetrans" lineno="365">
<summary>
Create objects in gnome user home
directories with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
Private file type.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="gnome_create_generic_gconf_home_dirs" lineno="384">
<summary>
Create generic gconf home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_generic_gconf_home_content" lineno="402">
<summary>
Read generic gconf home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_generic_gconf_home_content" lineno="426">
<summary>
Create, read, write, and delete
generic gconf home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_search_generic_gconf_home" lineno="449">
<summary>
Search generic gconf home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_home_filetrans_gconf_home" lineno="480">
<summary>
Create objects in user home
directories with the generic gconf
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="gnome_home_filetrans_gnome_home" lineno="510">
<summary>
Create objects in user home
directories with the generic gnome
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="gnome_gconf_home_filetrans" lineno="544">
<summary>
Create objects in gnome gconf home
directories with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
Private file type.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="gnome_user_home_dir_filetrans_gstreamer_orcexec" lineno="575">
<summary>
Create objects in user home
directories with the gstreamer
orcexec type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="gnome_user_runtime_filetrans_gstreamer_orcexec" lineno="605">
<summary>
Create objects in the user
runtime directories with the
gstreamer orcexec type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="gnome_read_keyring_home_files" lineno="623">
<summary>
Read generic gnome keyring home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_dbus_chat_gconfd" lineno="650">
<summary>
Send and receive messages from
gnome configuration daemon over
dbus.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_dbus_chat_gkeyringd" lineno="677">
<summary>
Send and receive messages from
gnome keyring daemon over dbus.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_dbus_chat_all_gkeyringd" lineno="698">
<summary>
Send and receive messages from all
gnome keyring daemon over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_spec_domtrans_all_gkeyringd" lineno="718">
<summary>
Run all gkeyringd in gkeyringd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gnome_stream_connect_gkeyringd" lineno="745">
<summary>
Connect to gnome keyring daemon
with a unix stream socket.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_stream_connect_all_gkeyringd" lineno="766">
<summary>
Connect to all gnome keyring daemon
with a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_gstreamer_orcexec" lineno="788">
<summary>
Manage gstreamer ORC optimized
code.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_mmap_gstreamer_orcexec" lineno="807">
<summary>
Mmap gstreamer ORC optimized
code.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_watch_xdg_config_dirs" lineno="825">
<summary>
watch gnome_xdg_config_t dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="gpg" filename="policy/modules/apps/gpg.if">
<summary>Policy for GNU Privacy Guard and related programs.</summary>
<interface name="gpg_role" lineno="18">
<summary>
Role access for gpg.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="gpg_domtrans" lineno="72">
<summary>
Execute the gpg in the gpg domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gpg_exec" lineno="91">
<summary>
Execute the gpg in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_spec_domtrans" lineno="125">
<summary>
Execute gpg in a specified domain.
</summary>
<desc>
<p>
Execute gpg in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="gpg_exec_agent" lineno="144">
<summary>
Execute the gpg-agent in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_entry_type" lineno="164">
<summary>
Make gpg executable files an
entrypoint for the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which gpg_exec_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="gpg_signal" lineno="182">
<summary>
Send generic signals to gpg.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_enter_user_gpg_agent_domain" lineno="205">
<summary>
Transition to $2_gpg_agent_t from another domain via gpg_agent_exec_t
</summary>
<param name="domain">
<summary>
source domain
</summary>
</param>
<param name="domain">
<summary>
base of target domain
</summary>
</param>
</interface>
<interface name="gpg_rw_agent_pipes" lineno="222">
<summary>
Read and write gpg agent pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_stream_connect_agent" lineno="240">
<summary>
Connect to gpg agent socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_search_agent_tmp_dirs" lineno="262">
<summary>
Search gpg agent dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_agent_tmp_filetrans" lineno="280">
<summary>
filetrans in gpg_agent_tmp_t dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_agent_tmp_unlink_sock" lineno="299">
<summary>
unlink gpg_agent_tmp_t sock_file
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_runtime_filetrans" lineno="317">
<summary>
filetrans in gpg_runtime_t dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_secret_filetrans" lineno="336">
<summary>
filetrans in gpg_secret_t dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_pinentry_dbus_chat" lineno="357">
<summary>
Send messages to and from gpg
pinentry over DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_list_user_secrets" lineno="377">
<summary>
List gpg user secrets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="gpg_agent_env_file" dftval="false">
<desc>
<p>
Determine whether GPG agent can manage
generic user home content files. This is
required by the --write-env-file option.
</p>
</desc>
</tunable>
<tunable name="gpg_agent_use_card" dftval="false">
<desc>
<p>
Determine whether GPG agent can use OpenPGP
cards or Yubikeys over USB
</p>
</desc>
</tunable>
<tunable name="gpg_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the gpg domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="gpg_read_all_user_content" dftval="false">
<desc>
<p>
Grant the gpg domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="gpg_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the gpg domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="gpg_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the gpg domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="irc" filename="policy/modules/apps/irc.if">
<summary>IRC client policy.</summary>
<interface name="irc_role" lineno="18">
<summary>
Role access for IRC.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<tunable name="irc_use_any_tcp_ports" dftval="false">
<desc>
<p>
Determine whether irc clients can
listen on and connect to any
unreserved TCP ports.
</p>
</desc>
</tunable>
<tunable name="irc_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the irc domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="irc_read_all_user_content" dftval="false">
<desc>
<p>
Grant the irc domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="irc_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the irc domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="irc_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the irc domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="java" filename="policy/modules/apps/java.if">
<summary>Java virtual machine</summary>
<interface name="java_role" lineno="18">
<summary>
Role access for java.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<template name="java_role_template" lineno="81">
<summary>
The role template for the java module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for java applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="java_domtrans" lineno="139">
<summary>
Execute the java program in the java domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="java_run" lineno="164">
<summary>
Execute java in the java domain, and
allow the specified role the java domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="java_domtrans_unconfined" lineno="184">
<summary>
Execute the java program in the
unconfined java domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="java_run_unconfined" lineno="210">
<summary>
Execute the java program in the
unconfined java domain and allow the
specified role the java domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="java_exec" lineno="230">
<summary>
Execute the java program in
the callers domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="java_manage_generic_home_content" lineno="250">
<summary>
Create, read, write, and delete
generic java home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="java_manage_java_tmp" lineno="271">
<summary>
Create, read, write, and delete
temporary java content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="java_home_filetrans_java_home" lineno="302">
<summary>
Create specified objects in user home
directories with the generic java
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<tunable name="allow_java_execstack" dftval="false">
<desc>
<p>
Determine whether java can make
its stack executable.
</p>
</desc>
</tunable>
<tunable name="java_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the java domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="java_read_all_user_content" dftval="false">
<desc>
<p>
Grant the java domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="java_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the java domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="java_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the java domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="libmtp" filename="policy/modules/apps/libmtp.if">
<summary>libmtp: An Initiatior implementation of the Media Transfer Protocol (MTP).</summary>
<interface name="libmtp_role" lineno="18">
<summary>
Role access for libmtp.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<tunable name="libmtp_enable_home_dirs" dftval="false">
<desc>
<p>
Determine whether libmtp can read
and manage the user home directories
and files.
</p>
</desc>
</tunable>
</module>
<module name="lightsquid" filename="policy/modules/apps/lightsquid.if">
<summary>Log analyzer for squid proxy.</summary>
<interface name="lightsquid_domtrans" lineno="14">
<summary>
Execute the lightsquid program in
the lightsquid domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lightsquid_run" lineno="40">
<summary>
Execute lightsquid in the
lightsquid domain, and allow the
specified role the lightsquid domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="lightsquid_admin" lineno="66">
<summary>
All of the rules required to
administrate an lightsquid environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_httpd_lightsquid_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="livecd" filename="policy/modules/apps/livecd.if">
<summary>Tool for building alternate livecd for different os and policy versions.</summary>
<interface name="livecd_domtrans" lineno="13">
<summary>
Execute a domain transition to run livecd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="livecd_run" lineno="39">
<summary>
Execute livecd in the livecd
domain, and allow the specified
role the livecd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="livecd_read_tmp_files" lineno="58">
<summary>
Read livecd temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="livecd_rw_tmp_files" lineno="77">
<summary>
Read and write livecd temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="livecd_rw_semaphores" lineno="96">
<summary>
Read and write livecd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="loadkeys" filename="policy/modules/apps/loadkeys.if">
<summary>Load keyboard mappings.</summary>
<interface name="loadkeys_domtrans" lineno="14">
<summary>
Execute the loadkeys program in
the loadkeys domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="loadkeys_run" lineno="41">
<summary>
Execute the loadkeys program in
the loadkeys domain, and allow the
specified role the loadkeys domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="loadkeys_exec" lineno="60">
<summary>
Execute the loadkeys in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="lockdev" filename="policy/modules/apps/lockdev.if">
<summary>Library for locking devices.</summary>
<interface name="lockdev_role" lineno="18">
<summary>
Role access for lockdev.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
</module>
<module name="man2html" filename="policy/modules/apps/man2html.if">
<summary>A Unix manpage-to-HTML converter.</summary>
<tunable name="allow_httpd_man2html_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="mandb" filename="policy/modules/apps/mandb.if">
<summary>On-line manual database.</summary>
<interface name="mandb_domtrans" lineno="14">
<summary>
Execute the mandb program in
the mandb domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mandb_run" lineno="40">
<summary>
Execute mandb in the mandb
domain, and allow the specified
role the mandb domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="mandb_admin" lineno="66">
<summary>
All of the rules required to
administrate an mandb environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mono" filename="policy/modules/apps/mono.if">
<summary>Run .NET server and client applications on Linux.</summary>
<template name="mono_role_template" lineno="30">
<summary>
The role template for the mono module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for mono applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="mono_domtrans" lineno="80">
<summary>
Execute mono in the mono domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mono_run" lineno="105">
<summary>
Execute mono in the mono domain, and
allow the specified role the mono domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="mono_exec" lineno="124">
<summary>
Execute mono in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mono_rw_shm" lineno="143">
<summary>
Read and write mono shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mozilla" filename="policy/modules/apps/mozilla.if">
<summary>Policy for Mozilla and related web browsers.</summary>
<interface name="mozilla_role" lineno="18">
<summary>
Role access for mozilla.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="mozilla_role_plugin" lineno="90">
<summary>
Role access for mozilla plugin.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="mozilla_read_user_home_files" lineno="151">
<summary>
Read mozilla home directory content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_write_user_home_files" lineno="172">
<summary>
Write mozilla home directory files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_dontaudit_rw_user_home_files" lineno="192">
<summary>
Do not audit attempts to read and
write mozilla home directory files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mozilla_dontaudit_manage_user_home_files" lineno="212">
<summary>
Do not audit attempt to Create,
read, write, and delete mozilla
home directory content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mozilla_exec_user_plugin_home_files" lineno="232">
<summary>
Execute mozilla plugin home directory files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_execmod_user_plugin_home_files" lineno="252">
<summary>
Mozilla plugin home directory file
text relocation.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_read_tmp_files" lineno="270">
<summary>
Read temporary mozilla files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_domtrans" lineno="288">
<summary>
Run mozilla in the mozilla domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mozilla_domtrans_plugin" lineno="308">
<summary>
Execute a domain transition to
run mozilla plugin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mozilla_run_plugin" lineno="335">
<summary>
Execute mozilla plugin in the
mozilla plugin domain, and allow
the specified role the mozilla
plugin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_domtrans_plugin_config" lineno="355">
<summary>
Execute a domain transition to
run mozilla plugin config.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mozilla_run_plugin_config" lineno="382">
<summary>
Execute mozilla plugin config in
the mozilla plugin config domain,
and allow the specified role the
mozilla plugin config domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_dbus_chat" lineno="402">
<summary>
Send and receive messages from
mozilla over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_dbus_chat_plugin" lineno="423">
<summary>
Send and receive messages from
mozilla plugin over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_rw_tcp_sockets" lineno="443">
<summary>
Read and write mozilla TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_manage_plugin_rw_files" lineno="462">
<summary>
Create, read, write, and delete
mozilla plugin rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_plugin_read_tmpfs_files" lineno="481">
<summary>
Read mozilla_plugin tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_plugin_delete_tmpfs_files" lineno="500">
<summary>
Delete mozilla_plugin tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_manage_generic_plugin_home_content" lineno="520">
<summary>
Create, read, write, and delete
generic mozilla plugin home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_home_filetrans_plugin_home" lineno="555">
<summary>
Create objects in user home
directories with the generic mozilla
plugin home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<tunable name="mozilla_execstack" dftval="false">
<desc>
<p>
Determine whether mozilla can
make its stack executable.
</p>
</desc>
</tunable>
<tunable name="mozilla_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the mozilla domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="mozilla_read_all_user_content" dftval="false">
<desc>
<p>
Grant the mozilla domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="mozilla_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the mozilla domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="mozilla_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the mozilla domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="mplayer" filename="policy/modules/apps/mplayer.if">
<summary>Mplayer media player and encoder.</summary>
<interface name="mplayer_role" lineno="18">
<summary>
Role access for mplayer
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="mplayer_domtrans" lineno="65">
<summary>
Run mplayer in mplayer domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mplayer_exec" lineno="85">
<summary>
Execute mplayer in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mplayer_read_user_home_files" lineno="104">
<summary>
Read mplayer user home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mplayer_manage_generic_home_content" lineno="124">
<summary>
Create, read, write, and delete
generic mplayer home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mplayer_home_filetrans_mplayer_home" lineno="157">
<summary>
Create specified objects in user home
directories with the generic mplayer
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<tunable name="allow_mplayer_execstack" dftval="false">
<desc>
<p>
Determine whether mplayer can make
its stack executable.
</p>
</desc>
</tunable>
<tunable name="mplayer_mencoder_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the mplayer_mencoder domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="mplayer_mencoder_read_all_user_content" dftval="false">
<desc>
<p>
Grant the mplayer_mencoder domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="mplayer_mencoder_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the mplayer_mencoder domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="mplayer_mencoder_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the mplayer_mencoder domains manage rights on all user content
</p>
</desc>
</tunable>
<tunable name="mplayer_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the mplayer domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="mplayer_read_all_user_content" dftval="false">
<desc>
<p>
Grant the mplayer domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="mplayer_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the mplayer domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="mplayer_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the mplayer domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="openoffice" filename="policy/modules/apps/openoffice.if">
<summary>Openoffice suite.</summary>
<interface name="ooffice_role" lineno="18">
<summary>
Role access for openoffice.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="ooffice_domtrans" lineno="48">
<summary>
Run openoffice in its own domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ooffice_dontaudit_exec_tmp_files" lineno="67">
<summary>
Do not audit attempts to execute
files in temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ooffice_rw_tmp_files" lineno="86">
<summary>
Read and write temporary
openoffice files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ooffice_dbus_chat" lineno="106">
<summary>
Send and receive dbus messages
from and to the openoffice
domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ooffice_stream_connect" lineno="127">
<summary>
Connect to openoffice using a
unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="openoffice_allow_update" dftval="true">
<desc>
<p>
Determine whether openoffice can
download software updates from the
network (application and/or
extensions).
</p>
</desc>
</tunable>
<tunable name="openoffice_allow_email" dftval="false">
<desc>
<p>
Determine whether openoffice writer
can send emails directly (print to
email). This is different from the
functionality of sending emails
through external clients which is
always enabled.
</p>
</desc>
</tunable>
<tunable name="openoffice_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the openoffice domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="openoffice_read_all_user_content" dftval="false">
<desc>
<p>
Grant the openoffice domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="openoffice_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the openoffice domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="openoffice_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the openoffice domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="pulseaudio" filename="policy/modules/apps/pulseaudio.if">
<summary>Pulseaudio network sound server.</summary>
<interface name="pulseaudio_role" lineno="18">
<summary>
Role access for pulseaudio.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="pulseaudio_domtrans" lineno="56">
<summary>
Execute a domain transition to run pulseaudio.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pulseaudio_run" lineno="85">
<summary>
Execute pulseaudio in the pulseaudio
domain, and allow the specified role
the pulseaudio domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_exec" lineno="104">
<summary>
Execute pulseaudio in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_dontaudit_exec" lineno="123">
<summary>
Do not audit attempts to execute pulseaudio.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="pulseaudio_signull" lineno="142">
<summary>
Send null signals to pulseaudio.
processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_use_fds" lineno="161">
<summary>
Use file descriptors for
pulseaudio.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_dontaudit_use_fds" lineno="180">
<summary>
Do not audit attempts to use the
file descriptors for pulseaudio.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_stream_connect" lineno="199">
<summary>
Connect to pulseaudio with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_manage_tmp_dirs" lineno="218">
<summary>
Manage pulseaudio_tmp_t dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_dbus_chat" lineno="237">
<summary>
Send and receive messages from
pulseaudio over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_setattr_home_dir" lineno="257">
<summary>
Set attributes of pulseaudio home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_read_home" lineno="275">
<summary>
Read pulseaudio home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_rw_home_files" lineno="296">
<summary>
Read and write Pulse Audio files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_manage_home" lineno="317">
<summary>
Create, read, write, and delete
pulseaudio home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_home_filetrans_pulseaudio_home" lineno="350">
<summary>
Create objects in user home
directories with the pulseaudio
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="pulseaudio_tmpfs_content" lineno="369">
<summary>
Make the specified tmpfs file type
pulseaudio tmpfs content.
</summary>
<param name="file_type">
<summary>
File type to make pulseaudio tmpfs content.
</summary>
</param>
</interface>
<interface name="pulseaudio_read_tmpfs_files" lineno="387">
<summary>
Read pulseaudio tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_rw_tmpfs_files" lineno="407">
<summary>
Read and write pulseaudio tmpfs
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="pulseaudio_execmem" dftval="false">
<desc>
<p>
Allow pulseaudio to execute code in
writable memory
</p>
</desc>
</tunable>
</module>
<module name="qemu" filename="policy/modules/apps/qemu.if">
<summary>QEMU machine emulator and virtualizer.</summary>
<template name="qemu_domain_template" lineno="13">
<summary>
The template to define a qemu domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<template name="qemu_role" lineno="112">
<summary>
Role access for qemu.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</template>
<interface name="qemu_domtrans" lineno="133">
<summary>
Execute a domain transition to run qemu.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qemu_exec" lineno="152">
<summary>
Execute a qemu in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_run" lineno="179">
<summary>
Execute qemu in the qemu domain,
and allow the specified role the
qemu domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="qemu_read_state" lineno="198">
<summary>
Read qemu process state files.
</summary>
<param name="domain">
<summary>
Domain to allow access.
</summary>
</param>
</interface>
<interface name="qemu_setsched" lineno="219">
<summary>
Set qemu scheduler.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_signal" lineno="237">
<summary>
Send generic signals to qemu.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_kill" lineno="255">
<summary>
Send kill signals to qemu.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_stream_connect" lineno="274">
<summary>
Connect to qemu with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_delete_pid_sock_file" lineno="293">
<summary>
Unlink qemu socket  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_delete_runtime_sock_files" lineno="308">
<summary>
Unlink qemu runtime sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_domtrans_unconfined" lineno="327">
<summary>
Execute a domain transition to
run qemu unconfined.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qemu_manage_tmp_dirs" lineno="347">
<summary>
Create, read, write, and delete
qemu temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_manage_tmp_files" lineno="367">
<summary>
Create, read, write, and delete
qemu temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_spec_domtrans" lineno="401">
<summary>
Execute qemu in a specified domain.
</summary>
<desc>
<p>
Execute qemu in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="qemu_entry_type" lineno="421">
<summary>
Make qemu executable files an
entrypoint for the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which qemu_exec_t is an entrypoint.
</summary>
</param>
</interface>
<tunable name="qemu_full_network" dftval="false">
<desc>
<p>
Determine whether qemu has full
access to the network.
</p>
</desc>
</tunable>
</module>
<module name="rssh" filename="policy/modules/apps/rssh.if">
<summary>Restricted (scp/sftp) only shell.</summary>
<interface name="rssh_role" lineno="18">
<summary>
Role access for rssh.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="rssh_spec_domtrans" lineno="46">
<summary>
Execute rssh in the rssh domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rssh_exec" lineno="66">
<summary>
Execute the rssh program
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rssh_domtrans_chroot_helper" lineno="86">
<summary>
Execute a domain transition to
run rssh chroot helper.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rssh_read_ro_content" lineno="105">
<summary>
Read users rssh read-only content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="screen" filename="policy/modules/apps/screen.if">
<summary>GNU terminal multiplexer.</summary>
<template name="screen_role_template" lineno="24">
<summary>
The role template for the screen module.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
</module>
<module name="seunshare" filename="policy/modules/apps/seunshare.if">
<summary>Filesystem namespacing/polyinstantiation application.</summary>
<interface name="seunshare_domtrans" lineno="13">
<summary>
Execute a domain transition to run seunshare.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seunshare_run" lineno="37">
<summary>
Execute seunshare in the seunshare domain, and
allow the specified role the seunshare domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="seunshare_role" lineno="69">
<summary>
Role access for seunshare
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
</module>
<module name="sigrok" filename="policy/modules/apps/sigrok.if">
<summary>sigrok signal analysis software suite.</summary>
<interface name="sigrok_run" lineno="18">
<summary>
Execute sigrok in its domain.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
</module>
<module name="slocate" filename="policy/modules/apps/slocate.if">
<summary>Update database for mlocate.</summary>
<interface name="locate_read_lib_files" lineno="13">
<summary>
Read locate lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="syncthing" filename="policy/modules/apps/syncthing.if">
<summary>Application that lets you synchronize your files across multiple devices.</summary>
<interface name="syncthing_role" lineno="18">
<summary>
Role access for Syncthing
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<tunable name="syncthing_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the syncthing domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="syncthing_read_all_user_content" dftval="false">
<desc>
<p>
Grant the syncthing domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="syncthing_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the syncthing domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="syncthing_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the syncthing domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="telepathy" filename="policy/modules/apps/telepathy.if">
<summary>Telepathy communications framework.</summary>
<template name="telepathy_domain_template" lineno="13">
<summary>
The template to define a telepathy domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<template name="telepathy_role_template" lineno="59">
<summary>
The role template for the telepathy module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for window manager applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="telepathy_gabble_stream_connect" lineno="137">
<summary>
Connect to gabble with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_gabble_dbus_chat" lineno="157">
<summary>
Send dbus messages to and from
gabble.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_mission_control_dbus_chat" lineno="178">
<summary>
Send dbus messages to and from
mission control.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_mission_control_read_state" lineno="198">
<summary>
Read mission control process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_msn_stream_connect" lineno="220">
<summary>
Connect to msn with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_salut_stream_connect" lineno="240">
<summary>
Connect to salut with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="telepathy_tcp_connect_generic_network_ports" dftval="false">
<desc>
<p>
Determine whether telepathy connection
managers can connect to generic tcp ports.
</p>
</desc>
</tunable>
<tunable name="telepathy_connect_all_ports" dftval="false">
<desc>
<p>
Determine whether telepathy connection
managers can connect to any port.
</p>
</desc>
</tunable>
</module>
<module name="thunderbird" filename="policy/modules/apps/thunderbird.if">
<summary>Thunderbird email client.</summary>
<interface name="thunderbird_role" lineno="18">
<summary>
Role access for thunderbird.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="thunderbird_domtrans" lineno="52">
<summary>
Execute thunderbird in the thunderbird domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="thunderbird_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the thunderbird domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="thunderbird_read_all_user_content" dftval="false">
<desc>
<p>
Grant the thunderbird domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="thunderbird_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the thunderbird domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="thunderbird_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the thunderbird domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="tvtime" filename="policy/modules/apps/tvtime.if">
<summary>High quality television application.</summary>
<interface name="tvtime_role" lineno="18">
<summary>
Role access for tvtime
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
</module>
<module name="uml" filename="policy/modules/apps/uml.if">
<summary>User mode linux tools and services.</summary>
<interface name="uml_role" lineno="18">
<summary>
Role access for uml.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="uml_setattr_util_sockets" lineno="55">
<summary>
Set attributes of uml pid sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uml_manage_util_files" lineno="74">
<summary>
Create, read, write, and delete
uml pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="userhelper" filename="policy/modules/apps/userhelper.if">
<summary>A wrapper that helps users run system programs.</summary>
<template name="userhelper_role_template" lineno="24">
<summary>
The role template for the userhelper module.
</summary>
<param name="userrole_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The user role.
</summary>
</param>
<param name="user_domain">
<summary>
The user domain associated with the role.
</summary>
</param>
</template>
<interface name="userhelper_search_config" lineno="110">
<summary>
Search userhelper configuration directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userhelper_dontaudit_search_config" lineno="129">
<summary>
Do not audit attempts to search
userhelper configuration directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userhelper_dbus_chat_all_consolehelper" lineno="148">
<summary>
Send and receive messages from
consolehelper over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userhelper_use_fd" lineno="168">
<summary>
Use userhelper all userhelper file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userhelper_sigchld" lineno="186">
<summary>
Send child terminated signals to all userhelper.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userhelper_exec" lineno="204">
<summary>
Execute the userhelper program in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userhelper_exec_consolehelper" lineno="224">
<summary>
Execute the consolehelper program
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="usernetctl" filename="policy/modules/apps/usernetctl.if">
<summary>User network interface configuration helper.</summary>
<interface name="usernetctl_domtrans" lineno="13">
<summary>
Execute usernetctl in the usernetctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usernetctl_run" lineno="40">
<summary>
Execute usernetctl in the usernetctl
domain, and allow the specified role
the usernetctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="vlock" filename="policy/modules/apps/vlock.if">
<summary>Lock one or more sessions on the Linux console.</summary>
<interface name="vlock_domtrans" lineno="13">
<summary>
Execute vlock in the vlock domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vlock_run" lineno="40">
<summary>
Execute vlock in the vlock domain,
and allow the specified role
the vlock domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed to access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="vmware" filename="policy/modules/apps/vmware.if">
<summary>VMWare Workstation virtual machines.</summary>
<interface name="vmware_role" lineno="18">
<summary>
Role access for vmware.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="vmware_exec_host" lineno="50">
<summary>
Execute vmware host executables
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vmware_read_system_config" lineno="69">
<summary>
Read vmware system configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vmware_append_system_config" lineno="88">
<summary>
Append vmware system configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vmware_append_log" lineno="107">
<summary>
Append vmware log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="webalizer" filename="policy/modules/apps/webalizer.if">
<summary>Web server log analysis.</summary>
<interface name="webalizer_domtrans" lineno="13">
<summary>
Execute webalizer in the webalizer domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="webalizer_run" lineno="40">
<summary>
Execute webalizer in the webalizer
domain, and allow the specified
role the webalizer domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="manage_webalizer_var_lib" lineno="60">
<summary>
Manage webalizer usage files
</summary>
<param name="domain">
<summary>
Domain allowed to manage webalizer usage files
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_httpd_webalizer_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="wine" filename="policy/modules/apps/wine.if">
<summary>Run Windows programs in Linux.</summary>
<interface name="wine_role" lineno="18">
<summary>
Role access for wine.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<template name="wine_role_template" lineno="73">
<summary>
The role template for the wine module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for wine applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="wine_domtrans" lineno="114">
<summary>
Execute the wine program in the wine domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="wine_run" lineno="140">
<summary>
Execute wine in the wine domain,
and allow the specified role
the wine domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="wine_rw_shm" lineno="160">
<summary>
Read and write wine Shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="wine_mmap_zero_ignore" dftval="false">
<desc>
<p>
Determine whether attempts by
wine to mmap low regions should
be silently blocked.
</p>
</desc>
</tunable>
</module>
<module name="wireshark" filename="policy/modules/apps/wireshark.if">
<summary>Wireshark packet capture tool.</summary>
<interface name="wireshark_role" lineno="18">
<summary>
Role access for wireshark.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="wireshark_domtrans" lineno="50">
<summary>
Execute wireshark in wireshark domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="wireshark_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the wireshark domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="wireshark_read_all_user_content" dftval="false">
<desc>
<p>
Grant the wireshark domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="wireshark_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the wireshark domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="wireshark_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the wireshark domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="wm" filename="policy/modules/apps/wm.if">
<summary>X Window Managers.</summary>
<template name="wm_role_template" lineno="30">
<summary>
The role template for the wm module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for window manager applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="wm_exec" lineno="137">
<summary>
Execute wm in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wm_dbus_chat" lineno="163">
<summary>
Send and receive messages from
specified wm over dbus.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wm_dontaudit_exec_tmp_files" lineno="184">
<summary>
Do not audit attempts to execute
files in temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="wm_dontaudit_exec_tmpfs_files" lineno="203">
<summary>
Do not audit attempts to execute
files in temporary filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="wm_application_domain" lineno="246">
<summary>
Create a domain for applications
that are launched by the window
manager.
</summary>
<desc>
<p>
Create a domain for applications that are launched by the
window manager (implying a domain transition).  Typically
these are graphical applications that are run interactively.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
</desc>
<param name="target_domain">
<summary>
Type to be used in the domain transition as the application
domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="source_domain">
<summary>
Type to be used as the source window manager domain.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="wm_write_pipes" lineno="271">
<summary>
Write wm unnamed pipes.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="wm_write_xdg_data" dftval="false">
<desc>
<p>
Grant the window manager domains write access to xdg data
</p>
</desc>
</tunable>
</module>
<module name="xscreensaver" filename="policy/modules/apps/xscreensaver.if">
<summary>Modular screen saver and locker for X11.</summary>
<interface name="xscreensaver_role" lineno="18">
<summary>
Role access for xscreensaver.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<tunable name="xscreensaver_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the xscreensaver domains read access to generic user content
</p>
</desc>
</tunable>
</module>
</layer>
<layer name="kernel">
<summary>Policy modules for kernel resources.</summary>
<module name="corecommands" filename="policy/modules/kernel/corecommands.if">
<summary>
Core policy for shells, and generic programs
in /bin, /sbin, /usr/bin, and /usr/sbin.
</summary>
<required val="true">
Contains the base bin and sbin directory types
which need to be searched for the kernel to
run init.
</required>
<interface name="corecmd_executable_file" lineno="23">
<summary>
Make the specified type usable for files
that are executables, such as binary programs.
This does not include shared libraries.
</summary>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
</interface>
<interface name="corecmd_bin_entry_type" lineno="44">
<summary>
Make general programs in bin an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which bin_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="corecmd_shell_entry_type" lineno="62">
<summary>
Make the shell an entrypoint for the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which the shell is an entrypoint.
</summary>
</param>
</interface>
<interface name="corecmd_search_bin" lineno="81">
<summary>
Search the contents of bin directories.
Also allow to read a possible /bin->/usr/bin symlink.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_search_bin" lineno="100">
<summary>
Do not audit attempts to search the contents of bin directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_list_bin" lineno="118">
<summary>
List the contents of bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_write_bin_dirs" lineno="137">
<summary>
Do not audit attempts to write bin directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_getattr_bin_files" lineno="155">
<summary>
Get the attributes of files in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_getattr_bin_files" lineno="174">
<summary>
Do not audit attempts to get the attributes of files in bin directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_check_exec_bin_files" lineno="193">
<summary>
Check if files in bin directories are executable (DAC-wise)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_bin_files" lineno="212">
<summary>
Read files in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_write_bin_files" lineno="231">
<summary>
Do not audit attempts to write bin files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_read_bin_pipes" lineno="249">
<summary>
Read pipes in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_bin_sockets" lineno="268">
<summary>
Read named sockets in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_exec_bin" lineno="308">
<summary>
Execute generic programs in bin directories,
in the caller domain.
</summary>
<desc>
<p>
Allow the specified domain to execute generic programs
in system bin directories (/bin, /sbin, /usr/bin,
/usr/sbin) a without domain transition.
</p>
<p>
Typically, this interface should be used when the domain
executes general system programs within the privileges
of the source domain.  Some examples of these programs
are ls, cp, sed, python, and tar. This does not include
shells, such as bash.
</p>
<p>
Related interface:
</p>
<ul>
<li>corecmd_exec_shell()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_manage_bin_files" lineno="327">
<summary>
Create, read, write, and delete bin files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_relabel_bin_files" lineno="346">
<summary>
Relabel to and from the bin type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_mmap_bin_files" lineno="365">
<summary>
Mmap a bin file as executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_bin_spec_domtrans" lineno="410">
<summary>
Execute a file in a bin directory
in the specified domain but do not
do it automatically. This is an explicit
transition, requiring the caller to use setexeccon().
</summary>
<desc>
<p>
Execute a file in a bin directory
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.  This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
the userhelper policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="corecmd_bin_domtrans" lineno="453">
<summary>
Execute a file in a bin directory
in the specified domain.
</summary>
<desc>
<p>
Execute a file in a bin directory
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.  This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="corecmd_check_exec_shell" lineno="472">
<summary>
Check if a shell is executable (DAC-wise).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_exec_shell" lineno="509">
<summary>
Execute shells in the caller domain.
</summary>
<desc>
<p>
Allow the specified domain to execute shells without
a domain transition.
</p>
<p>
Typically, this interface should be used when the domain
executes shells within the privileges
of the source domain.  Some examples of these programs
are bash, tcsh, and zsh.
</p>
<p>
Related interface:
</p>
<ul>
<li>corecmd_exec_bin()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_shell_spec_domtrans" lineno="547">
<summary>
Execute a shell in the target domain.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<desc>
<p>
Execute a shell in the target domain.  This
is an explicit transition, requiring the
caller to use setexeccon().
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the shell process.
</summary>
</param>
</interface>
<interface name="corecmd_shell_domtrans" lineno="581">
<summary>
Execute a shell in the specified domain.
</summary>
<desc>
<p>
Execute a shell in the specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the shell process.
</summary>
</param>
</interface>
<interface name="corecmd_exec_chroot" lineno="600">
<summary>
Execute chroot in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_getattr_all_executables" lineno="621">
<summary>
Get the attributes of all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_read_all_executables" lineno="642">
<summary>
Read all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_exec_all_executables" lineno="662">
<summary>
Execute all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_dontaudit_exec_all_executables" lineno="683">
<summary>
Do not audit attempts to execute all executables.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_manage_all_executables" lineno="702">
<summary>
Create, read, write, and all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_relabel_all_executables" lineno="724">
<summary>
Relabel to and from the bin type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_mmap_all_executables" lineno="744">
<summary>
Mmap all executables as executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="corenetwork" filename="policy/modules/kernel/corenetwork.if">
<summary>Policy controlling access to network objects</summary>
<required val="true">
Contains the initial SIDs for network objects.
</required>
<interface name="corenet_port" lineno="29">
<summary>
Define type to be a network port type
</summary>
<desc>
<p>
Define type to be a network port type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for network ports.
</summary>
</param>
</interface>
<interface name="corenet_reserved_port" lineno="56">
<summary>
Define network type to be a reserved port (lt 1024)
</summary>
<desc>
<p>
Define network type to be a reserved port (lt 1024)
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for network ports.
</summary>
</param>
</interface>
<interface name="corenet_rpc_port" lineno="83">
<summary>
Define network type to be a rpc port ( 512 lt PORT lt 1024)
</summary>
<desc>
<p>
Define network type to be a rpc port ( 512 lt PORT lt 1024)
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for network ports.
</summary>
</param>
</interface>
<interface name="corenet_node" lineno="110">
<summary>
Define type to be a network node type
</summary>
<desc>
<p>
Define type to be a network node type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for network nodes.
</summary>
</param>
</interface>
<interface name="corenet_packet" lineno="137">
<summary>
Define type to be a network packet type
</summary>
<desc>
<p>
Define type to be a network packet type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for a network packet.
</summary>
</param>
</interface>
<interface name="corenet_client_packet" lineno="164">
<summary>
Define type to be a network client packet type
</summary>
<desc>
<p>
Define type to be a network client packet type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for a network client packet.
</summary>
</param>
</interface>
<interface name="corenet_server_packet" lineno="191">
<summary>
Define type to be a network server packet type
</summary>
<desc>
<p>
Define type to be a network server packet type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for a network server packet.
</summary>
</param>
</interface>
<interface name="corenet_spd_type" lineno="210">
<summary>
Make the specified type usable
for labeled ipsec.
</summary>
<param name="domain">
<summary>
Type to be used for labeled ipsec.
</summary>
</param>
</interface>
<interface name="corenet_ib_pkey" lineno="237">
<summary>
Define type to be an infiniband pkey type
</summary>
<desc>
<p>
Define type to be an infiniband pkey type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for infiniband pkeys.
</summary>
</param>
</interface>
<interface name="corenet_ib_endport" lineno="264">
<summary>
Define type to be an infiniband endport
</summary>
<desc>
<p>
Define type to be an infiniband endport
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for infiniband endports.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_generic_if" lineno="310">
<summary>
Send and receive TCP network traffic on generic interfaces.
</summary>
<desc>
<p>
Allow the specified domain to send and receive TCP network
traffic on generic network interfaces.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_node()</li>
<li>corenet_tcp_sendrecv_all_ports()</li>
<li>corenet_tcp_connect_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_generic_if" lineno="328">
<summary>
Send UDP network traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_send_generic_if" lineno="347">
<summary>
Dontaudit attempts to send UDP network traffic
on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_generic_if" lineno="365">
<summary>
Receive UDP network traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_receive_generic_if" lineno="384">
<summary>
Do not audit attempts to receive UDP network
traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_generic_if" lineno="428">
<summary>
Send and receive UDP network traffic on generic interfaces.
</summary>
<desc>
<p>
Allow the specified domain to send and receive UDP network
traffic on generic network interfaces.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_udp_sendrecv_generic_node()</li>
<li>corenet_udp_sendrecv_all_ports()</li>
</ul>
<p>
Example client being able to send to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:udp_socket create_socket_perms;
corenet_udp_sendrecv_generic_if(myclient_t)
corenet_udp_sendrecv_generic_node(myclient_t)
corenet_udp_sendrecv_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_generic_if" lineno="444">
<summary>
Do not audit attempts to send and receive UDP network
traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_raw_send_generic_if" lineno="459">
<summary>
Send raw IP packets on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_generic_if" lineno="477">
<summary>
Receive raw IP packets on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_generic_if" lineno="495">
<summary>
Send and receive raw IP packets on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_out_generic_if" lineno="511">
<summary>
Allow outgoing network traffic on the generic interfaces.
</summary>
<param name="domain">
<summary>
The peer label of the outgoing network traffic.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_in_generic_if" lineno="530">
<summary>
Allow incoming traffic on the generic interfaces.
</summary>
<param name="domain">
<summary>
The peer label of the incoming network traffic.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_inout_generic_if" lineno="549">
<summary>
Allow incoming and outgoing network traffic on the generic interfaces.
</summary>
<param name="domain">
<summary>
The peer label of the network traffic.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_tcp_sendrecv_all_if" lineno="564">
<summary>
Send and receive TCP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_all_if" lineno="582">
<summary>
Send UDP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_if" lineno="600">
<summary>
Receive UDP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_if" lineno="618">
<summary>
Send and receive UDP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_send_all_if" lineno="633">
<summary>
Send raw IP packets on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_sendrecv_generic_node" lineno="651">
<summary>
Send and receive SCTP network traffic on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_all_if" lineno="669">
<summary>
Receive raw IP packets on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_all_if" lineno="687">
<summary>
Send and receive raw IP packets on all interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_generic_node" lineno="730">
<summary>
Send and receive TCP network traffic on generic nodes.
</summary>
<desc>
<p>
Allow the specified domain to send and receive TCP network
traffic to/from generic network nodes (hostnames/networks).
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_if()</li>
<li>corenet_tcp_sendrecv_all_ports()</li>
<li>corenet_tcp_connect_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_generic_node" lineno="748">
<summary>
Send UDP network traffic on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_generic_node" lineno="766">
<summary>
Receive UDP network traffic on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_generic_node" lineno="810">
<summary>
Send and receive UDP network traffic on generic nodes.
</summary>
<desc>
<p>
Allow the specified domain to send and receive UDP network
traffic to/from generic network nodes (hostnames/networks).
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_udp_sendrecv_generic_if()</li>
<li>corenet_udp_sendrecv_all_ports()</li>
</ul>
<p>
Example client being able to send to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:udp_socket create_socket_perms;
corenet_udp_sendrecv_generic_if(myclient_t)
corenet_udp_sendrecv_generic_node(myclient_t)
corenet_udp_sendrecv_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_raw_send_generic_node" lineno="825">
<summary>
Send raw IP packets on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_generic_node" lineno="843">
<summary>
Receive raw IP packets on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_generic_node" lineno="861">
<summary>
Send and receive raw IP packets on generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_generic_node" lineno="876">
<summary>
Bind SCTP sockets to generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_generic_node" lineno="909">
<summary>
Bind TCP sockets to generic nodes.
</summary>
<desc>
<p>
Bind TCP sockets to generic nodes.  This is
necessary for binding a socket so it
can be used for servers to listen
for incoming connections.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_udp_bind_generic_node()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="corenet_udp_bind_generic_node" lineno="942">
<summary>
Bind UDP sockets to generic nodes.
</summary>
<desc>
<p>
Bind UDP sockets to generic nodes.  This is
necessary for binding a socket so it
can be used for servers to listen
for incoming connections.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_tcp_bind_generic_node()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="corenet_raw_bind_generic_node" lineno="961">
<summary>
Bind raw sockets to generic nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_out_generic_node" lineno="980">
<summary>
Allow outgoing network traffic to generic nodes.
</summary>
<param name="domain">
<summary>
The peer label of the outgoing network traffic.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_in_generic_node" lineno="999">
<summary>
Allow incoming network traffic from generic nodes.
</summary>
<param name="domain">
<summary>
The peer label of the incoming network traffic.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_inout_generic_node" lineno="1018">
<summary>
Allow incoming and outgoing network traffic with generic nodes.
</summary>
<param name="domain">
<summary>
The peer label of the network traffic.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_tcp_sendrecv_all_nodes" lineno="1033">
<summary>
Send and receive TCP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_all_nodes" lineno="1051">
<summary>
Send UDP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_send_all_nodes" lineno="1070">
<summary>
Do not audit attempts to send UDP network
traffic on any nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_sctp_sendrecv_all_nodes" lineno="1088">
<summary>
Send and receive SCTP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_nodes" lineno="1106">
<summary>
Receive UDP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_receive_all_nodes" lineno="1125">
<summary>
Do not audit attempts to receive UDP
network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_nodes" lineno="1143">
<summary>
Send and receive UDP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_all_nodes" lineno="1159">
<summary>
Do not audit attempts to send and receive UDP
network traffic on any nodes nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_raw_send_all_nodes" lineno="1174">
<summary>
Send raw IP packets on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_all_nodes" lineno="1192">
<summary>
Receive raw IP packets on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_all_nodes" lineno="1210">
<summary>
Send and receive raw IP packets on all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_nodes" lineno="1225">
<summary>
Bind TCP sockets to all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_nodes" lineno="1243">
<summary>
Bind UDP sockets to all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_bind_all_nodes" lineno="1262">
<summary>
Bind raw sockets to all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_generic_port" lineno="1280">
<summary>
Send and receive TCP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_all_nodes" lineno="1294">
<summary>
Bind SCTP sockets to all nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_sendrecv_generic_port" lineno="1313">
<summary>
Do not audit send and receive TCP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_generic_port" lineno="1327">
<summary>
Send UDP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_generic_port" lineno="1341">
<summary>
Receive UDP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_generic_port" lineno="1355">
<summary>
Send and receive UDP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_generic_port" lineno="1369">
<summary>
Bind TCP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_generic_port" lineno="1389">
<summary>
Do not audit bind TCP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_generic_port" lineno="1407">
<summary>
Bind UDP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_generic_port" lineno="1427">
<summary>
Connect TCP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_all_ports" lineno="1471">
<summary>
Send and receive TCP network traffic on all ports.
</summary>
<desc>
<p>
Send and receive TCP network traffic on all ports.
Related interfaces:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_if()</li>
<li>corenet_tcp_sendrecv_generic_node()</li>
<li>corenet_tcp_connect_all_ports()</li>
<li>corenet_tcp_bind_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_all_ports" lineno="1485">
<summary>
Send UDP network traffic on all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_generic_port" lineno="1499">
<summary>
Bind SCTP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_ports" lineno="1519">
<summary>
Receive UDP network traffic on all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_ports" lineno="1557">
<summary>
Send and receive UDP network traffic on all ports.
</summary>
<desc>
<p>
Send and receive UDP network traffic on all ports.
Related interfaces:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_udp_sendrecv_generic_if()</li>
<li>corenet_udp_sendrecv_generic_node()</li>
<li>corenet_udp_bind_all_ports()</li>
</ul>
<p>
Example client being able to send to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:udp_socket create_socket_perms;
corenet_udp_sendrecv_generic_if(myclient_t)
corenet_udp_sendrecv_generic_node(myclient_t)
corenet_udp_sendrecv_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sctp_bind_generic_port" lineno="1572">
<summary>
Do not audit attempts to bind SCTP
sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_ports" lineno="1590">
<summary>
Bind TCP sockets to all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_all_ports" lineno="1609">
<summary>
Do not audit attepts to bind TCP sockets to any ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_ports" lineno="1627">
<summary>
Bind UDP sockets to all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_connect_generic_port" lineno="1646">
<summary>
Connect SCTP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_bind_all_ports" lineno="1664">
<summary>
Do not audit attepts to bind UDP sockets to any ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_ports" lineno="1710">
<summary>
Connect TCP sockets to all ports.
</summary>
<desc>
<p>
Connect TCP sockets to all ports
</p>
<p>
Related interfaces:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_if()</li>
<li>corenet_tcp_sendrecv_generic_node()</li>
<li>corenet_tcp_sendrecv_all_ports()</li>
<li>corenet_tcp_bind_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="1"/>
</interface>
<interface name="corenet_dontaudit_tcp_connect_all_ports" lineno="1729">
<summary>
Do not audit attempts to connect TCP sockets
to all ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_reserved_port" lineno="1747">
<summary>
Send and receive TCP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_reserved_port" lineno="1761">
<summary>
Send UDP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_reserved_port" lineno="1775">
<summary>
Receive UDP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_reserved_port" lineno="1789">
<summary>
Send and receive UDP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_reserved_port" lineno="1803">
<summary>
Bind TCP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_all_ports" lineno="1822">
<summary>
Bind SCTP sockets to all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_reserved_port" lineno="1841">
<summary>
Bind UDP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_reserved_port" lineno="1860">
<summary>
Connect TCP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_sctp_bind_all_ports" lineno="1878">
<summary>
Do not audit attepts to bind SCTP sockets to any ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_all_reserved_ports" lineno="1896">
<summary>
Send and receive TCP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_all_reserved_ports" lineno="1910">
<summary>
Send UDP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_reserved_ports" lineno="1924">
<summary>
Receive UDP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_reserved_ports" lineno="1938">
<summary>
Send and receive UDP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_connect_all_ports" lineno="1952">
<summary>
Connect SCTP sockets to all ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_reserved_ports" lineno="1970">
<summary>
Bind TCP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_all_reserved_ports" lineno="1989">
<summary>
Do not audit attempts to bind TCP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_reserved_ports" lineno="2007">
<summary>
Bind UDP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_bind_all_reserved_ports" lineno="2026">
<summary>
Do not audit attempts to bind UDP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_sctp_connect_all_ports" lineno="2045">
<summary>
Do not audit attempts to connect SCTP sockets
to all ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_unreserved_ports" lineno="2063">
<summary>
Bind TCP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_unreserved_ports" lineno="2081">
<summary>
Bind UDP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_reserved_ports" lineno="2099">
<summary>
Connect TCP sockets to reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_connect_all_unreserved_ports" lineno="2117">
<summary>
Connect SCTP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_unreserved_ports" lineno="2135">
<summary>
Connect TCP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_all_reserved_ports" lineno="2154">
<summary>
Do not audit attempts to connect TCP sockets
all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_rpc_ports" lineno="2172">
<summary>
Connect TCP sockets to rpc ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_all_rpc_ports" lineno="2191">
<summary>
Do not audit attempts to connect TCP sockets
all rpc ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_reserved_port" lineno="2209">
<summary>
Bind SCTP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_read_tun_tap_dev" lineno="2228">
<summary>
Read the TUN/TAP virtual network device.
</summary>
<param name="domain">
<summary>
The domain read allowed access.
</summary>
</param>
</interface>
<interface name="corenet_write_tun_tap_dev" lineno="2247">
<summary>
Write the TUN/TAP virtual network device.
</summary>
<param name="domain">
<summary>
The domain allowed write access.
</summary>
</param>
</interface>
<interface name="corenet_rw_tun_tap_dev" lineno="2266">
<summary>
Read and write the TUN/TAP virtual network device.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_connect_reserved_port" lineno="2285">
<summary>
Connect SCTP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_rw_tun_tap_dev" lineno="2304">
<summary>
Do not audit attempts to read or write the TUN/TAP
virtual network device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_getattr_ppp_dev" lineno="2322">
<summary>
Getattr the point-to-point device.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_rw_ppp_dev" lineno="2340">
<summary>
Read and write the point-to-point device.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_rpc_ports" lineno="2359">
<summary>
Bind TCP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_all_rpc_ports" lineno="2378">
<summary>
Do not audit attempts to bind TCP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_rpc_ports" lineno="2396">
<summary>
Bind UDP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_bind_all_rpc_ports" lineno="2415">
<summary>
Do not audit attempts to bind UDP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_all_reserved_ports" lineno="2433">
<summary>
Bind SCTP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_recvfrom_netlabel" lineno="2452">
<summary>
Receive TCP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_recvfrom_unlabeled" lineno="2471">
<summary>
Receive TCP packets from an unlabled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_sctp_bind_all_reserved_ports" lineno="2491">
<summary>
Do not audit attempts to bind SCTP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_recvfrom_netlabel" lineno="2510">
<summary>
Do not audit attempts to receive TCP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_recvfrom_unlabeled" lineno="2530">
<summary>
Do not audit attempts to receive TCP packets from an unlabeled
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_recvfrom_netlabel" lineno="2550">
<summary>
Receive UDP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_recvfrom_unlabeled" lineno="2569">
<summary>
Receive UDP packets from an unlabeled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_bind_all_unreserved_ports" lineno="2589">
<summary>
Bind SCTP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_recvfrom_netlabel" lineno="2608">
<summary>
Do not audit attempts to receive UDP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_recvfrom_unlabeled" lineno="2628">
<summary>
Do not audit attempts to receive UDP packets from an unlabeled
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_raw_recvfrom_netlabel" lineno="2648">
<summary>
Receive Raw IP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_recvfrom_unlabeled" lineno="2667">
<summary>
Receive Raw IP packets from an unlabeled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_raw_recvfrom_netlabel" lineno="2688">
<summary>
Do not audit attempts to receive Raw IP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_sctp_connect_all_reserved_ports" lineno="2707">
<summary>
Connect SCTP sockets to reserved ports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_raw_recvfrom_unlabeled" lineno="2726">
<summary>
Do not audit attempts to receive Raw IP packets from an unlabeled
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_all_recvfrom_unlabeled" lineno="2758">
<summary>
Receive packets from an unlabeled connection.
</summary>
<desc>
<p>
Allow the specified domain to receive packets from an
unlabeled connection.  On machines that do not utilize
labeled networking, this will be required on all
networking domains.  On machines that do utilize
labeled networking, this will be required for any
networking domain that is allowed to receive
network traffic that does not have a label.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_all_recvfrom_netlabel" lineno="2791">
<summary>
Receive packets from a NetLabel connection.
</summary>
<desc>
<p>
Allow the specified domain to receive NetLabel
network traffic, which utilizes the Commercial IP
Security Option (CIPSO) to set the MLS level
of the network packets.  This is required for
all networking domains that receive NetLabel
network traffic.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_all_recvfrom_unlabeled" lineno="2810">
<summary>
Do not audit attempts to receive packets from an unlabeled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_sctp_connect_all_reserved_ports" lineno="2833">
<summary>
Do not audit attempts to connect SCTP sockets
all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_all_recvfrom_netlabel" lineno="2852">
<summary>
Do not audit attempts to receive packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_recvfrom_labeled" lineno="2884">
<summary>
Rules for receiving labeled TCP packets.
</summary>
<desc>
<p>
Rules for receiving labeled TCP packets.
</p>
<p>
Due to the nature of TCP, this is bidirectional.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_udp_recvfrom_labeled" lineno="2912">
<summary>
Rules for receiving labeled UDP packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_raw_recvfrom_labeled" lineno="2937">
<summary>
Rules for receiving labeled raw IP packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_all_recvfrom_labeled" lineno="2971">
<summary>
Rules for receiving labeled packets via TCP, UDP and raw IP.
</summary>
<desc>
<p>
Rules for receiving labeled packets via TCP, UDP and raw IP.
</p>
<p>
Due to the nature of TCP, the rules (for TCP
networking only) are bidirectional.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_setcontext_all_spds" lineno="2989">
<summary>
Allow specified type to set the context of
a SPD entry for labeled ipsec associations.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_generic_client_packets" lineno="3007">
<summary>
Send generic client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_generic_client_packets" lineno="3025">
<summary>
Receive generic client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_generic_client_packets" lineno="3043">
<summary>
Send and receive generic client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_generic_client_packets" lineno="3058">
<summary>
Relabel packets to the generic client packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_generic_server_packets" lineno="3076">
<summary>
Send generic server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_generic_server_packets" lineno="3094">
<summary>
Receive generic server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_generic_server_packets" lineno="3112">
<summary>
Send and receive generic server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_generic_server_packets" lineno="3127">
<summary>
Relabel packets to the generic server packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_unlabeled_packets" lineno="3152">
<summary>
Send and receive unlabeled packets.
</summary>
<desc>
<p>
Send and receive unlabeled packets.
These packets do not match any netfilter
SECMARK rules.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_all_client_packets" lineno="3166">
<summary>
Send all client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_all_client_packets" lineno="3184">
<summary>
Receive all client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_all_client_packets" lineno="3202">
<summary>
Send and receive all client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_all_client_packets" lineno="3217">
<summary>
Relabel packets to any client packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_all_server_packets" lineno="3235">
<summary>
Send all server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_recvfrom_netlabel" lineno="3253">
<summary>
Receive SCTP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_all_server_packets" lineno="3271">
<summary>
Receive all server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_all_server_packets" lineno="3289">
<summary>
Send and receive all server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_all_server_packets" lineno="3304">
<summary>
Relabel packets to any server packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_recvfrom_unlabeled" lineno="3322">
<summary>
Receive SCTP packets from an unlabled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_all_packets" lineno="3337">
<summary>
Send all packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_all_packets" lineno="3355">
<summary>
Receive all packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_all_packets" lineno="3373">
<summary>
Send and receive all packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_all_packets" lineno="3388">
<summary>
Relabel packets to any packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_ib_access_unlabeled_pkeys" lineno="3406">
<summary>
Access unlabeled infiniband pkeys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_ib_access_all_pkeys" lineno="3420">
<summary>
Access all labeled infiniband pkeys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_ib_manage_subnet_all_endports" lineno="3438">
<summary>
Manage subnets on all labeled Infiniband endports
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_ib_manage_subnet_unlabeled_endports" lineno="3456">
<summary>
Manage subnet on all unlabeled Infiniband endports
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sctp_recvfrom_labeled" lineno="3475">
<summary>
Rules for receiving labeled SCTP packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_unconfined" lineno="3498">
<summary>
Unconfined access to network objects.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_icmp_packets" lineno="3518">
<summary>
Send icmp packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_icmp_packets" lineno="3537">
<summary>
Do not audit attempts to send icmp packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_icmp_packets" lineno="3556">
<summary>
Receive icmp packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_icmp_packets" lineno="3575">
<summary>
Do not audit attempts to receive icmp packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_icmp_packets" lineno="3594">
<summary>
Send and receive icmp packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_icmp_packets" lineno="3610">
<summary>
Do not audit attempts to send and receive icmp packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_icmp_packets" lineno="3625">
<summary>
Relabel packets to icmp the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_bos_port" lineno="3647">
<summary>
Send and receive TCP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_bos_port" lineno="3662">
<summary>
Send UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_bos_port" lineno="3677">
<summary>
Do not audit attempts to send UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_bos_port" lineno="3692">
<summary>
Receive UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_bos_port" lineno="3707">
<summary>
Do not audit attempts to receive UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_bos_port" lineno="3722">
<summary>
Send and receive UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_bos_port" lineno="3738">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_bos_port" lineno="3753">
<summary>
Bind TCP sockets to the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_bos_port" lineno="3773">
<summary>
Bind UDP sockets to the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_bos_port" lineno="3792">
<summary>
Make a TCP connection to the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_bos_client_packets" lineno="3812">
<summary>
Send afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_bos_client_packets" lineno="3831">
<summary>
Do not audit attempts to send afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_bos_client_packets" lineno="3850">
<summary>
Receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_bos_client_packets" lineno="3869">
<summary>
Do not audit attempts to receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_bos_client_packets" lineno="3888">
<summary>
Send and receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_bos_client_packets" lineno="3904">
<summary>
Do not audit attempts to send and receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_bos_client_packets" lineno="3919">
<summary>
Relabel packets to afs_bos_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_bos_server_packets" lineno="3939">
<summary>
Send afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_bos_server_packets" lineno="3958">
<summary>
Do not audit attempts to send afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_bos_server_packets" lineno="3977">
<summary>
Receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_bos_server_packets" lineno="3996">
<summary>
Do not audit attempts to receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_bos_server_packets" lineno="4015">
<summary>
Send and receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_bos_server_packets" lineno="4031">
<summary>
Do not audit attempts to send and receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_bos_server_packets" lineno="4046">
<summary>
Relabel packets to afs_bos_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_fs_port" lineno="4068">
<summary>
Send and receive TCP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_fs_port" lineno="4083">
<summary>
Send UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_fs_port" lineno="4098">
<summary>
Do not audit attempts to send UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_fs_port" lineno="4113">
<summary>
Receive UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_fs_port" lineno="4128">
<summary>
Do not audit attempts to receive UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_fs_port" lineno="4143">
<summary>
Send and receive UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_fs_port" lineno="4159">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_fs_port" lineno="4174">
<summary>
Bind TCP sockets to the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_fs_port" lineno="4194">
<summary>
Bind UDP sockets to the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_fs_port" lineno="4213">
<summary>
Make a TCP connection to the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_fs_client_packets" lineno="4233">
<summary>
Send afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_fs_client_packets" lineno="4252">
<summary>
Do not audit attempts to send afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_fs_client_packets" lineno="4271">
<summary>
Receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_fs_client_packets" lineno="4290">
<summary>
Do not audit attempts to receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_fs_client_packets" lineno="4309">
<summary>
Send and receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_fs_client_packets" lineno="4325">
<summary>
Do not audit attempts to send and receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_fs_client_packets" lineno="4340">
<summary>
Relabel packets to afs_fs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_fs_server_packets" lineno="4360">
<summary>
Send afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_fs_server_packets" lineno="4379">
<summary>
Do not audit attempts to send afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_fs_server_packets" lineno="4398">
<summary>
Receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_fs_server_packets" lineno="4417">
<summary>
Do not audit attempts to receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_fs_server_packets" lineno="4436">
<summary>
Send and receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_fs_server_packets" lineno="4452">
<summary>
Do not audit attempts to send and receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_fs_server_packets" lineno="4467">
<summary>
Relabel packets to afs_fs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_ka_port" lineno="4489">
<summary>
Send and receive TCP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_ka_port" lineno="4504">
<summary>
Send UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_ka_port" lineno="4519">
<summary>
Do not audit attempts to send UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_ka_port" lineno="4534">
<summary>
Receive UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_ka_port" lineno="4549">
<summary>
Do not audit attempts to receive UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_ka_port" lineno="4564">
<summary>
Send and receive UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_ka_port" lineno="4580">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_ka_port" lineno="4595">
<summary>
Bind TCP sockets to the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_ka_port" lineno="4615">
<summary>
Bind UDP sockets to the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_ka_port" lineno="4634">
<summary>
Make a TCP connection to the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_ka_client_packets" lineno="4654">
<summary>
Send afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_ka_client_packets" lineno="4673">
<summary>
Do not audit attempts to send afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_ka_client_packets" lineno="4692">
<summary>
Receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_ka_client_packets" lineno="4711">
<summary>
Do not audit attempts to receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_ka_client_packets" lineno="4730">
<summary>
Send and receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_ka_client_packets" lineno="4746">
<summary>
Do not audit attempts to send and receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_ka_client_packets" lineno="4761">
<summary>
Relabel packets to afs_ka_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_ka_server_packets" lineno="4781">
<summary>
Send afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_ka_server_packets" lineno="4800">
<summary>
Do not audit attempts to send afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_ka_server_packets" lineno="4819">
<summary>
Receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_ka_server_packets" lineno="4838">
<summary>
Do not audit attempts to receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_ka_server_packets" lineno="4857">
<summary>
Send and receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_ka_server_packets" lineno="4873">
<summary>
Do not audit attempts to send and receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_ka_server_packets" lineno="4888">
<summary>
Relabel packets to afs_ka_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_pt_port" lineno="4910">
<summary>
Send and receive TCP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_pt_port" lineno="4925">
<summary>
Send UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_pt_port" lineno="4940">
<summary>
Do not audit attempts to send UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_pt_port" lineno="4955">
<summary>
Receive UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_pt_port" lineno="4970">
<summary>
Do not audit attempts to receive UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_pt_port" lineno="4985">
<summary>
Send and receive UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_pt_port" lineno="5001">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_pt_port" lineno="5016">
<summary>
Bind TCP sockets to the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_pt_port" lineno="5036">
<summary>
Bind UDP sockets to the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_pt_port" lineno="5055">
<summary>
Make a TCP connection to the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_pt_client_packets" lineno="5075">
<summary>
Send afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_pt_client_packets" lineno="5094">
<summary>
Do not audit attempts to send afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_pt_client_packets" lineno="5113">
<summary>
Receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_pt_client_packets" lineno="5132">
<summary>
Do not audit attempts to receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_pt_client_packets" lineno="5151">
<summary>
Send and receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_pt_client_packets" lineno="5167">
<summary>
Do not audit attempts to send and receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_pt_client_packets" lineno="5182">
<summary>
Relabel packets to afs_pt_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_pt_server_packets" lineno="5202">
<summary>
Send afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_pt_server_packets" lineno="5221">
<summary>
Do not audit attempts to send afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_pt_server_packets" lineno="5240">
<summary>
Receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_pt_server_packets" lineno="5259">
<summary>
Do not audit attempts to receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_pt_server_packets" lineno="5278">
<summary>
Send and receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_pt_server_packets" lineno="5294">
<summary>
Do not audit attempts to send and receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_pt_server_packets" lineno="5309">
<summary>
Relabel packets to afs_pt_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_vl_port" lineno="5331">
<summary>
Send and receive TCP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_vl_port" lineno="5346">
<summary>
Send UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_vl_port" lineno="5361">
<summary>
Do not audit attempts to send UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_vl_port" lineno="5376">
<summary>
Receive UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_vl_port" lineno="5391">
<summary>
Do not audit attempts to receive UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_vl_port" lineno="5406">
<summary>
Send and receive UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_vl_port" lineno="5422">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_vl_port" lineno="5437">
<summary>
Bind TCP sockets to the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_vl_port" lineno="5457">
<summary>
Bind UDP sockets to the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_vl_port" lineno="5476">
<summary>
Make a TCP connection to the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_vl_client_packets" lineno="5496">
<summary>
Send afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_vl_client_packets" lineno="5515">
<summary>
Do not audit attempts to send afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_vl_client_packets" lineno="5534">
<summary>
Receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_vl_client_packets" lineno="5553">
<summary>
Do not audit attempts to receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_vl_client_packets" lineno="5572">
<summary>
Send and receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_vl_client_packets" lineno="5588">
<summary>
Do not audit attempts to send and receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_vl_client_packets" lineno="5603">
<summary>
Relabel packets to afs_vl_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_vl_server_packets" lineno="5623">
<summary>
Send afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_vl_server_packets" lineno="5642">
<summary>
Do not audit attempts to send afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_vl_server_packets" lineno="5661">
<summary>
Receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_vl_server_packets" lineno="5680">
<summary>
Do not audit attempts to receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_vl_server_packets" lineno="5699">
<summary>
Send and receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_vl_server_packets" lineno="5715">
<summary>
Do not audit attempts to send and receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_vl_server_packets" lineno="5730">
<summary>
Relabel packets to afs_vl_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs3_callback_port" lineno="5752">
<summary>
Send and receive TCP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs3_callback_port" lineno="5767">
<summary>
Send UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs3_callback_port" lineno="5782">
<summary>
Do not audit attempts to send UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs3_callback_port" lineno="5797">
<summary>
Receive UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs3_callback_port" lineno="5812">
<summary>
Do not audit attempts to receive UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs3_callback_port" lineno="5827">
<summary>
Send and receive UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs3_callback_port" lineno="5843">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs3_callback_port" lineno="5858">
<summary>
Bind TCP sockets to the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs3_callback_port" lineno="5878">
<summary>
Bind UDP sockets to the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs3_callback_port" lineno="5897">
<summary>
Make a TCP connection to the afs3_callback port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs3_callback_client_packets" lineno="5917">
<summary>
Send afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs3_callback_client_packets" lineno="5936">
<summary>
Do not audit attempts to send afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs3_callback_client_packets" lineno="5955">
<summary>
Receive afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs3_callback_client_packets" lineno="5974">
<summary>
Do not audit attempts to receive afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs3_callback_client_packets" lineno="5993">
<summary>
Send and receive afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs3_callback_client_packets" lineno="6009">
<summary>
Do not audit attempts to send and receive afs3_callback_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs3_callback_client_packets" lineno="6024">
<summary>
Relabel packets to afs3_callback_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs3_callback_server_packets" lineno="6044">
<summary>
Send afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs3_callback_server_packets" lineno="6063">
<summary>
Do not audit attempts to send afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs3_callback_server_packets" lineno="6082">
<summary>
Receive afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs3_callback_server_packets" lineno="6101">
<summary>
Do not audit attempts to receive afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs3_callback_server_packets" lineno="6120">
<summary>
Send and receive afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs3_callback_server_packets" lineno="6136">
<summary>
Do not audit attempts to send and receive afs3_callback_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs3_callback_server_packets" lineno="6151">
<summary>
Relabel packets to afs3_callback_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_agentx_port" lineno="6173">
<summary>
Send and receive TCP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_agentx_port" lineno="6188">
<summary>
Send UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_agentx_port" lineno="6203">
<summary>
Do not audit attempts to send UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_agentx_port" lineno="6218">
<summary>
Receive UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_agentx_port" lineno="6233">
<summary>
Do not audit attempts to receive UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_agentx_port" lineno="6248">
<summary>
Send and receive UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_agentx_port" lineno="6264">
<summary>
Do not audit attempts to send and receive
UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_agentx_port" lineno="6279">
<summary>
Bind TCP sockets to the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_agentx_port" lineno="6299">
<summary>
Bind UDP sockets to the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_agentx_port" lineno="6318">
<summary>
Make a TCP connection to the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_agentx_client_packets" lineno="6338">
<summary>
Send agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_agentx_client_packets" lineno="6357">
<summary>
Do not audit attempts to send agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_agentx_client_packets" lineno="6376">
<summary>
Receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_agentx_client_packets" lineno="6395">
<summary>
Do not audit attempts to receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_agentx_client_packets" lineno="6414">
<summary>
Send and receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_agentx_client_packets" lineno="6430">
<summary>
Do not audit attempts to send and receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_agentx_client_packets" lineno="6445">
<summary>
Relabel packets to agentx_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_agentx_server_packets" lineno="6465">
<summary>
Send agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_agentx_server_packets" lineno="6484">
<summary>
Do not audit attempts to send agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_agentx_server_packets" lineno="6503">
<summary>
Receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_agentx_server_packets" lineno="6522">
<summary>
Do not audit attempts to receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_agentx_server_packets" lineno="6541">
<summary>
Send and receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_agentx_server_packets" lineno="6557">
<summary>
Do not audit attempts to send and receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_agentx_server_packets" lineno="6572">
<summary>
Relabel packets to agentx_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amanda_port" lineno="6594">
<summary>
Send and receive TCP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amanda_port" lineno="6609">
<summary>
Send UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amanda_port" lineno="6624">
<summary>
Do not audit attempts to send UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amanda_port" lineno="6639">
<summary>
Receive UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amanda_port" lineno="6654">
<summary>
Do not audit attempts to receive UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amanda_port" lineno="6669">
<summary>
Send and receive UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amanda_port" lineno="6685">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amanda_port" lineno="6700">
<summary>
Bind TCP sockets to the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amanda_port" lineno="6720">
<summary>
Bind UDP sockets to the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amanda_port" lineno="6739">
<summary>
Make a TCP connection to the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amanda_client_packets" lineno="6759">
<summary>
Send amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amanda_client_packets" lineno="6778">
<summary>
Do not audit attempts to send amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amanda_client_packets" lineno="6797">
<summary>
Receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amanda_client_packets" lineno="6816">
<summary>
Do not audit attempts to receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amanda_client_packets" lineno="6835">
<summary>
Send and receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amanda_client_packets" lineno="6851">
<summary>
Do not audit attempts to send and receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amanda_client_packets" lineno="6866">
<summary>
Relabel packets to amanda_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amanda_server_packets" lineno="6886">
<summary>
Send amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amanda_server_packets" lineno="6905">
<summary>
Do not audit attempts to send amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amanda_server_packets" lineno="6924">
<summary>
Receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amanda_server_packets" lineno="6943">
<summary>
Do not audit attempts to receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amanda_server_packets" lineno="6962">
<summary>
Send and receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amanda_server_packets" lineno="6978">
<summary>
Do not audit attempts to send and receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amanda_server_packets" lineno="6993">
<summary>
Relabel packets to amanda_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amavisd_recv_port" lineno="7015">
<summary>
Send and receive TCP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amavisd_recv_port" lineno="7030">
<summary>
Send UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amavisd_recv_port" lineno="7045">
<summary>
Do not audit attempts to send UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amavisd_recv_port" lineno="7060">
<summary>
Receive UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amavisd_recv_port" lineno="7075">
<summary>
Do not audit attempts to receive UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amavisd_recv_port" lineno="7090">
<summary>
Send and receive UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amavisd_recv_port" lineno="7106">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amavisd_recv_port" lineno="7121">
<summary>
Bind TCP sockets to the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amavisd_recv_port" lineno="7141">
<summary>
Bind UDP sockets to the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amavisd_recv_port" lineno="7160">
<summary>
Make a TCP connection to the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_recv_client_packets" lineno="7180">
<summary>
Send amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_recv_client_packets" lineno="7199">
<summary>
Do not audit attempts to send amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_recv_client_packets" lineno="7218">
<summary>
Receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_recv_client_packets" lineno="7237">
<summary>
Do not audit attempts to receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_recv_client_packets" lineno="7256">
<summary>
Send and receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_recv_client_packets" lineno="7272">
<summary>
Do not audit attempts to send and receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_recv_client_packets" lineno="7287">
<summary>
Relabel packets to amavisd_recv_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_recv_server_packets" lineno="7307">
<summary>
Send amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_recv_server_packets" lineno="7326">
<summary>
Do not audit attempts to send amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_recv_server_packets" lineno="7345">
<summary>
Receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_recv_server_packets" lineno="7364">
<summary>
Do not audit attempts to receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_recv_server_packets" lineno="7383">
<summary>
Send and receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_recv_server_packets" lineno="7399">
<summary>
Do not audit attempts to send and receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_recv_server_packets" lineno="7414">
<summary>
Relabel packets to amavisd_recv_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amavisd_send_port" lineno="7436">
<summary>
Send and receive TCP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amavisd_send_port" lineno="7451">
<summary>
Send UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amavisd_send_port" lineno="7466">
<summary>
Do not audit attempts to send UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amavisd_send_port" lineno="7481">
<summary>
Receive UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amavisd_send_port" lineno="7496">
<summary>
Do not audit attempts to receive UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amavisd_send_port" lineno="7511">
<summary>
Send and receive UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amavisd_send_port" lineno="7527">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amavisd_send_port" lineno="7542">
<summary>
Bind TCP sockets to the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amavisd_send_port" lineno="7562">
<summary>
Bind UDP sockets to the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amavisd_send_port" lineno="7581">
<summary>
Make a TCP connection to the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_send_client_packets" lineno="7601">
<summary>
Send amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_send_client_packets" lineno="7620">
<summary>
Do not audit attempts to send amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_send_client_packets" lineno="7639">
<summary>
Receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_send_client_packets" lineno="7658">
<summary>
Do not audit attempts to receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_send_client_packets" lineno="7677">
<summary>
Send and receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_send_client_packets" lineno="7693">
<summary>
Do not audit attempts to send and receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_send_client_packets" lineno="7708">
<summary>
Relabel packets to amavisd_send_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_send_server_packets" lineno="7728">
<summary>
Send amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_send_server_packets" lineno="7747">
<summary>
Do not audit attempts to send amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_send_server_packets" lineno="7766">
<summary>
Receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_send_server_packets" lineno="7785">
<summary>
Do not audit attempts to receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_send_server_packets" lineno="7804">
<summary>
Send and receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_send_server_packets" lineno="7820">
<summary>
Do not audit attempts to send and receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_send_server_packets" lineno="7835">
<summary>
Relabel packets to amavisd_send_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amqp_port" lineno="7857">
<summary>
Send and receive TCP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amqp_port" lineno="7872">
<summary>
Send UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amqp_port" lineno="7887">
<summary>
Do not audit attempts to send UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amqp_port" lineno="7902">
<summary>
Receive UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amqp_port" lineno="7917">
<summary>
Do not audit attempts to receive UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amqp_port" lineno="7932">
<summary>
Send and receive UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amqp_port" lineno="7948">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amqp_port" lineno="7963">
<summary>
Bind TCP sockets to the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amqp_port" lineno="7983">
<summary>
Bind UDP sockets to the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amqp_port" lineno="8002">
<summary>
Make a TCP connection to the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amqp_client_packets" lineno="8022">
<summary>
Send amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amqp_client_packets" lineno="8041">
<summary>
Do not audit attempts to send amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amqp_client_packets" lineno="8060">
<summary>
Receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amqp_client_packets" lineno="8079">
<summary>
Do not audit attempts to receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amqp_client_packets" lineno="8098">
<summary>
Send and receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amqp_client_packets" lineno="8114">
<summary>
Do not audit attempts to send and receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amqp_client_packets" lineno="8129">
<summary>
Relabel packets to amqp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amqp_server_packets" lineno="8149">
<summary>
Send amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amqp_server_packets" lineno="8168">
<summary>
Do not audit attempts to send amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amqp_server_packets" lineno="8187">
<summary>
Receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amqp_server_packets" lineno="8206">
<summary>
Do not audit attempts to receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amqp_server_packets" lineno="8225">
<summary>
Send and receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amqp_server_packets" lineno="8241">
<summary>
Do not audit attempts to send and receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amqp_server_packets" lineno="8256">
<summary>
Relabel packets to amqp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_aol_port" lineno="8278">
<summary>
Send and receive TCP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_aol_port" lineno="8293">
<summary>
Send UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_aol_port" lineno="8308">
<summary>
Do not audit attempts to send UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_aol_port" lineno="8323">
<summary>
Receive UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_aol_port" lineno="8338">
<summary>
Do not audit attempts to receive UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_aol_port" lineno="8353">
<summary>
Send and receive UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_aol_port" lineno="8369">
<summary>
Do not audit attempts to send and receive
UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_aol_port" lineno="8384">
<summary>
Bind TCP sockets to the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_aol_port" lineno="8404">
<summary>
Bind UDP sockets to the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_aol_port" lineno="8423">
<summary>
Make a TCP connection to the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_aol_client_packets" lineno="8443">
<summary>
Send aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_aol_client_packets" lineno="8462">
<summary>
Do not audit attempts to send aol_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_aol_client_packets" lineno="8481">
<summary>
Receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_aol_client_packets" lineno="8500">
<summary>
Do not audit attempts to receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_aol_client_packets" lineno="8519">
<summary>
Send and receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_aol_client_packets" lineno="8535">
<summary>
Do not audit attempts to send and receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_aol_client_packets" lineno="8550">
<summary>
Relabel packets to aol_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_aol_server_packets" lineno="8570">
<summary>
Send aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_aol_server_packets" lineno="8589">
<summary>
Do not audit attempts to send aol_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_aol_server_packets" lineno="8608">
<summary>
Receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_aol_server_packets" lineno="8627">
<summary>
Do not audit attempts to receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_aol_server_packets" lineno="8646">
<summary>
Send and receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_aol_server_packets" lineno="8662">
<summary>
Do not audit attempts to send and receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_aol_server_packets" lineno="8677">
<summary>
Relabel packets to aol_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_apcupsd_port" lineno="8699">
<summary>
Send and receive TCP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_apcupsd_port" lineno="8714">
<summary>
Send UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_apcupsd_port" lineno="8729">
<summary>
Do not audit attempts to send UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_apcupsd_port" lineno="8744">
<summary>
Receive UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_apcupsd_port" lineno="8759">
<summary>
Do not audit attempts to receive UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_apcupsd_port" lineno="8774">
<summary>
Send and receive UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_apcupsd_port" lineno="8790">
<summary>
Do not audit attempts to send and receive
UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_apcupsd_port" lineno="8805">
<summary>
Bind TCP sockets to the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_apcupsd_port" lineno="8825">
<summary>
Bind UDP sockets to the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_apcupsd_port" lineno="8844">
<summary>
Make a TCP connection to the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apcupsd_client_packets" lineno="8864">
<summary>
Send apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apcupsd_client_packets" lineno="8883">
<summary>
Do not audit attempts to send apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apcupsd_client_packets" lineno="8902">
<summary>
Receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apcupsd_client_packets" lineno="8921">
<summary>
Do not audit attempts to receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apcupsd_client_packets" lineno="8940">
<summary>
Send and receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apcupsd_client_packets" lineno="8956">
<summary>
Do not audit attempts to send and receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apcupsd_client_packets" lineno="8971">
<summary>
Relabel packets to apcupsd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apcupsd_server_packets" lineno="8991">
<summary>
Send apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apcupsd_server_packets" lineno="9010">
<summary>
Do not audit attempts to send apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apcupsd_server_packets" lineno="9029">
<summary>
Receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apcupsd_server_packets" lineno="9048">
<summary>
Do not audit attempts to receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apcupsd_server_packets" lineno="9067">
<summary>
Send and receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apcupsd_server_packets" lineno="9083">
<summary>
Do not audit attempts to send and receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apcupsd_server_packets" lineno="9098">
<summary>
Relabel packets to apcupsd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_apertus_ldp_port" lineno="9120">
<summary>
Send and receive TCP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_apertus_ldp_port" lineno="9135">
<summary>
Send UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_apertus_ldp_port" lineno="9150">
<summary>
Do not audit attempts to send UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_apertus_ldp_port" lineno="9165">
<summary>
Receive UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_apertus_ldp_port" lineno="9180">
<summary>
Do not audit attempts to receive UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_apertus_ldp_port" lineno="9195">
<summary>
Send and receive UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_apertus_ldp_port" lineno="9211">
<summary>
Do not audit attempts to send and receive
UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_apertus_ldp_port" lineno="9226">
<summary>
Bind TCP sockets to the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_apertus_ldp_port" lineno="9246">
<summary>
Bind UDP sockets to the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_apertus_ldp_port" lineno="9265">
<summary>
Make a TCP connection to the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apertus_ldp_client_packets" lineno="9285">
<summary>
Send apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apertus_ldp_client_packets" lineno="9304">
<summary>
Do not audit attempts to send apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apertus_ldp_client_packets" lineno="9323">
<summary>
Receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apertus_ldp_client_packets" lineno="9342">
<summary>
Do not audit attempts to receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apertus_ldp_client_packets" lineno="9361">
<summary>
Send and receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apertus_ldp_client_packets" lineno="9377">
<summary>
Do not audit attempts to send and receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apertus_ldp_client_packets" lineno="9392">
<summary>
Relabel packets to apertus_ldp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apertus_ldp_server_packets" lineno="9412">
<summary>
Send apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apertus_ldp_server_packets" lineno="9431">
<summary>
Do not audit attempts to send apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apertus_ldp_server_packets" lineno="9450">
<summary>
Receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apertus_ldp_server_packets" lineno="9469">
<summary>
Do not audit attempts to receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apertus_ldp_server_packets" lineno="9488">
<summary>
Send and receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apertus_ldp_server_packets" lineno="9504">
<summary>
Do not audit attempts to send and receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apertus_ldp_server_packets" lineno="9519">
<summary>
Relabel packets to apertus_ldp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_aptcacher_port" lineno="9541">
<summary>
Send and receive TCP traffic on the aptcacher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_aptcacher_port" lineno="9556">
<summary>
Send UDP traffic on the aptcacher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_aptcacher_port" lineno="9571">
<summary>
Do not audit attempts to send UDP traffic on the aptcacher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_aptcacher_port" lineno="9586">
<summary>
Receive UDP traffic on the aptcacher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_aptcacher_port" lineno="9601">
<summary>
Do not audit attempts to receive UDP traffic on the aptcacher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_aptcacher_port" lineno="9616">
<summary>
Send and receive UDP traffic on the aptcacher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_aptcacher_port" lineno="9632">
<summary>
Do not audit attempts to send and receive
UDP traffic on the aptcacher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_aptcacher_port" lineno="9647">
<summary>
Bind TCP sockets to the aptcacher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_aptcacher_port" lineno="9667">
<summary>
Bind UDP sockets to the aptcacher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_aptcacher_port" lineno="9686">
<summary>
Make a TCP connection to the aptcacher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_aptcacher_client_packets" lineno="9706">
<summary>
Send aptcacher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_aptcacher_client_packets" lineno="9725">
<summary>
Do not audit attempts to send aptcacher_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_aptcacher_client_packets" lineno="9744">
<summary>
Receive aptcacher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_aptcacher_client_packets" lineno="9763">
<summary>
Do not audit attempts to receive aptcacher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_aptcacher_client_packets" lineno="9782">
<summary>
Send and receive aptcacher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_aptcacher_client_packets" lineno="9798">
<summary>
Do not audit attempts to send and receive aptcacher_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_aptcacher_client_packets" lineno="9813">
<summary>
Relabel packets to aptcacher_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_aptcacher_server_packets" lineno="9833">
<summary>
Send aptcacher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_aptcacher_server_packets" lineno="9852">
<summary>
Do not audit attempts to send aptcacher_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_aptcacher_server_packets" lineno="9871">
<summary>
Receive aptcacher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_aptcacher_server_packets" lineno="9890">
<summary>
Do not audit attempts to receive aptcacher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_aptcacher_server_packets" lineno="9909">
<summary>
Send and receive aptcacher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_aptcacher_server_packets" lineno="9925">
<summary>
Do not audit attempts to send and receive aptcacher_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_aptcacher_server_packets" lineno="9940">
<summary>
Relabel packets to aptcacher_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_armtechdaemon_port" lineno="9962">
<summary>
Send and receive TCP traffic on the armtechdaemon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_armtechdaemon_port" lineno="9977">
<summary>
Send UDP traffic on the armtechdaemon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_armtechdaemon_port" lineno="9992">
<summary>
Do not audit attempts to send UDP traffic on the armtechdaemon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_armtechdaemon_port" lineno="10007">
<summary>
Receive UDP traffic on the armtechdaemon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_armtechdaemon_port" lineno="10022">
<summary>
Do not audit attempts to receive UDP traffic on the armtechdaemon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_armtechdaemon_port" lineno="10037">
<summary>
Send and receive UDP traffic on the armtechdaemon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_armtechdaemon_port" lineno="10053">
<summary>
Do not audit attempts to send and receive
UDP traffic on the armtechdaemon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_armtechdaemon_port" lineno="10068">
<summary>
Bind TCP sockets to the armtechdaemon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_armtechdaemon_port" lineno="10088">
<summary>
Bind UDP sockets to the armtechdaemon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_armtechdaemon_port" lineno="10107">
<summary>
Make a TCP connection to the armtechdaemon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_armtechdaemon_client_packets" lineno="10127">
<summary>
Send armtechdaemon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_armtechdaemon_client_packets" lineno="10146">
<summary>
Do not audit attempts to send armtechdaemon_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_armtechdaemon_client_packets" lineno="10165">
<summary>
Receive armtechdaemon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_armtechdaemon_client_packets" lineno="10184">
<summary>
Do not audit attempts to receive armtechdaemon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_armtechdaemon_client_packets" lineno="10203">
<summary>
Send and receive armtechdaemon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_armtechdaemon_client_packets" lineno="10219">
<summary>
Do not audit attempts to send and receive armtechdaemon_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_armtechdaemon_client_packets" lineno="10234">
<summary>
Relabel packets to armtechdaemon_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_armtechdaemon_server_packets" lineno="10254">
<summary>
Send armtechdaemon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_armtechdaemon_server_packets" lineno="10273">
<summary>
Do not audit attempts to send armtechdaemon_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_armtechdaemon_server_packets" lineno="10292">
<summary>
Receive armtechdaemon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_armtechdaemon_server_packets" lineno="10311">
<summary>
Do not audit attempts to receive armtechdaemon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_armtechdaemon_server_packets" lineno="10330">
<summary>
Send and receive armtechdaemon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_armtechdaemon_server_packets" lineno="10346">
<summary>
Do not audit attempts to send and receive armtechdaemon_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_armtechdaemon_server_packets" lineno="10361">
<summary>
Relabel packets to armtechdaemon_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_asterisk_port" lineno="10383">
<summary>
Send and receive TCP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_asterisk_port" lineno="10398">
<summary>
Send UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_asterisk_port" lineno="10413">
<summary>
Do not audit attempts to send UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_asterisk_port" lineno="10428">
<summary>
Receive UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_asterisk_port" lineno="10443">
<summary>
Do not audit attempts to receive UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_asterisk_port" lineno="10458">
<summary>
Send and receive UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_asterisk_port" lineno="10474">
<summary>
Do not audit attempts to send and receive
UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_asterisk_port" lineno="10489">
<summary>
Bind TCP sockets to the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_asterisk_port" lineno="10509">
<summary>
Bind UDP sockets to the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_asterisk_port" lineno="10528">
<summary>
Make a TCP connection to the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_asterisk_client_packets" lineno="10548">
<summary>
Send asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_asterisk_client_packets" lineno="10567">
<summary>
Do not audit attempts to send asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_asterisk_client_packets" lineno="10586">
<summary>
Receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_asterisk_client_packets" lineno="10605">
<summary>
Do not audit attempts to receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_asterisk_client_packets" lineno="10624">
<summary>
Send and receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_asterisk_client_packets" lineno="10640">
<summary>
Do not audit attempts to send and receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_asterisk_client_packets" lineno="10655">
<summary>
Relabel packets to asterisk_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_asterisk_server_packets" lineno="10675">
<summary>
Send asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_asterisk_server_packets" lineno="10694">
<summary>
Do not audit attempts to send asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_asterisk_server_packets" lineno="10713">
<summary>
Receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_asterisk_server_packets" lineno="10732">
<summary>
Do not audit attempts to receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_asterisk_server_packets" lineno="10751">
<summary>
Send and receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_asterisk_server_packets" lineno="10767">
<summary>
Do not audit attempts to send and receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_asterisk_server_packets" lineno="10782">
<summary>
Relabel packets to asterisk_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_audit_port" lineno="10804">
<summary>
Send and receive TCP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_audit_port" lineno="10819">
<summary>
Send UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_audit_port" lineno="10834">
<summary>
Do not audit attempts to send UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_audit_port" lineno="10849">
<summary>
Receive UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_audit_port" lineno="10864">
<summary>
Do not audit attempts to receive UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_audit_port" lineno="10879">
<summary>
Send and receive UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_audit_port" lineno="10895">
<summary>
Do not audit attempts to send and receive
UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_audit_port" lineno="10910">
<summary>
Bind TCP sockets to the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_audit_port" lineno="10930">
<summary>
Bind UDP sockets to the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_audit_port" lineno="10949">
<summary>
Make a TCP connection to the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_audit_client_packets" lineno="10969">
<summary>
Send audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_audit_client_packets" lineno="10988">
<summary>
Do not audit attempts to send audit_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_audit_client_packets" lineno="11007">
<summary>
Receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_audit_client_packets" lineno="11026">
<summary>
Do not audit attempts to receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_audit_client_packets" lineno="11045">
<summary>
Send and receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_audit_client_packets" lineno="11061">
<summary>
Do not audit attempts to send and receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_audit_client_packets" lineno="11076">
<summary>
Relabel packets to audit_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_audit_server_packets" lineno="11096">
<summary>
Send audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_audit_server_packets" lineno="11115">
<summary>
Do not audit attempts to send audit_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_audit_server_packets" lineno="11134">
<summary>
Receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_audit_server_packets" lineno="11153">
<summary>
Do not audit attempts to receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_audit_server_packets" lineno="11172">
<summary>
Send and receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_audit_server_packets" lineno="11188">
<summary>
Do not audit attempts to send and receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_audit_server_packets" lineno="11203">
<summary>
Relabel packets to audit_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_auth_port" lineno="11225">
<summary>
Send and receive TCP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_auth_port" lineno="11240">
<summary>
Send UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_auth_port" lineno="11255">
<summary>
Do not audit attempts to send UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_auth_port" lineno="11270">
<summary>
Receive UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_auth_port" lineno="11285">
<summary>
Do not audit attempts to receive UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_auth_port" lineno="11300">
<summary>
Send and receive UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_auth_port" lineno="11316">
<summary>
Do not audit attempts to send and receive
UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_auth_port" lineno="11331">
<summary>
Bind TCP sockets to the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_auth_port" lineno="11351">
<summary>
Bind UDP sockets to the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_auth_port" lineno="11370">
<summary>
Make a TCP connection to the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_auth_client_packets" lineno="11390">
<summary>
Send auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_auth_client_packets" lineno="11409">
<summary>
Do not audit attempts to send auth_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_auth_client_packets" lineno="11428">
<summary>
Receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_auth_client_packets" lineno="11447">
<summary>
Do not audit attempts to receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_auth_client_packets" lineno="11466">
<summary>
Send and receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_auth_client_packets" lineno="11482">
<summary>
Do not audit attempts to send and receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_auth_client_packets" lineno="11497">
<summary>
Relabel packets to auth_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_auth_server_packets" lineno="11517">
<summary>
Send auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_auth_server_packets" lineno="11536">
<summary>
Do not audit attempts to send auth_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_auth_server_packets" lineno="11555">
<summary>
Receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_auth_server_packets" lineno="11574">
<summary>
Do not audit attempts to receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_auth_server_packets" lineno="11593">
<summary>
Send and receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_auth_server_packets" lineno="11609">
<summary>
Do not audit attempts to send and receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_auth_server_packets" lineno="11624">
<summary>
Relabel packets to auth_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_bgp_port" lineno="11646">
<summary>
Send and receive TCP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_bgp_port" lineno="11661">
<summary>
Send UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_bgp_port" lineno="11676">
<summary>
Do not audit attempts to send UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_bgp_port" lineno="11691">
<summary>
Receive UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_bgp_port" lineno="11706">
<summary>
Do not audit attempts to receive UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_bgp_port" lineno="11721">
<summary>
Send and receive UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_bgp_port" lineno="11737">
<summary>
Do not audit attempts to send and receive
UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_bgp_port" lineno="11752">
<summary>
Bind TCP sockets to the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_bgp_port" lineno="11772">
<summary>
Bind UDP sockets to the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_bgp_port" lineno="11791">
<summary>
Make a TCP connection to the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bgp_client_packets" lineno="11811">
<summary>
Send bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bgp_client_packets" lineno="11830">
<summary>
Do not audit attempts to send bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bgp_client_packets" lineno="11849">
<summary>
Receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bgp_client_packets" lineno="11868">
<summary>
Do not audit attempts to receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bgp_client_packets" lineno="11887">
<summary>
Send and receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bgp_client_packets" lineno="11903">
<summary>
Do not audit attempts to send and receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bgp_client_packets" lineno="11918">
<summary>
Relabel packets to bgp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bgp_server_packets" lineno="11938">
<summary>
Send bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bgp_server_packets" lineno="11957">
<summary>
Do not audit attempts to send bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bgp_server_packets" lineno="11976">
<summary>
Receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bgp_server_packets" lineno="11995">
<summary>
Do not audit attempts to receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bgp_server_packets" lineno="12014">
<summary>
Send and receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bgp_server_packets" lineno="12030">
<summary>
Do not audit attempts to send and receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bgp_server_packets" lineno="12045">
<summary>
Relabel packets to bgp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_boinc_port" lineno="12067">
<summary>
Send and receive TCP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_boinc_port" lineno="12082">
<summary>
Send UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_boinc_port" lineno="12097">
<summary>
Do not audit attempts to send UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_boinc_port" lineno="12112">
<summary>
Receive UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_boinc_port" lineno="12127">
<summary>
Do not audit attempts to receive UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_boinc_port" lineno="12142">
<summary>
Send and receive UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_boinc_port" lineno="12158">
<summary>
Do not audit attempts to send and receive
UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_boinc_port" lineno="12173">
<summary>
Bind TCP sockets to the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_boinc_port" lineno="12193">
<summary>
Bind UDP sockets to the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_boinc_port" lineno="12212">
<summary>
Make a TCP connection to the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boinc_client_packets" lineno="12232">
<summary>
Send boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boinc_client_packets" lineno="12251">
<summary>
Do not audit attempts to send boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boinc_client_packets" lineno="12270">
<summary>
Receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boinc_client_packets" lineno="12289">
<summary>
Do not audit attempts to receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boinc_client_packets" lineno="12308">
<summary>
Send and receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boinc_client_packets" lineno="12324">
<summary>
Do not audit attempts to send and receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boinc_client_packets" lineno="12339">
<summary>
Relabel packets to boinc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boinc_server_packets" lineno="12359">
<summary>
Send boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boinc_server_packets" lineno="12378">
<summary>
Do not audit attempts to send boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boinc_server_packets" lineno="12397">
<summary>
Receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boinc_server_packets" lineno="12416">
<summary>
Do not audit attempts to receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boinc_server_packets" lineno="12435">
<summary>
Send and receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boinc_server_packets" lineno="12451">
<summary>
Do not audit attempts to send and receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boinc_server_packets" lineno="12466">
<summary>
Relabel packets to boinc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_boinc_client_port" lineno="12488">
<summary>
Send and receive TCP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_boinc_client_port" lineno="12503">
<summary>
Send UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_boinc_client_port" lineno="12518">
<summary>
Do not audit attempts to send UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_boinc_client_port" lineno="12533">
<summary>
Receive UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_boinc_client_port" lineno="12548">
<summary>
Do not audit attempts to receive UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_boinc_client_port" lineno="12563">
<summary>
Send and receive UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_boinc_client_port" lineno="12579">
<summary>
Do not audit attempts to send and receive
UDP traffic on the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_boinc_client_port" lineno="12594">
<summary>
Bind TCP sockets to the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_boinc_client_port" lineno="12614">
<summary>
Bind UDP sockets to the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_boinc_client_port" lineno="12633">
<summary>
Make a TCP connection to the boinc_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boinc_client_client_packets" lineno="12653">
<summary>
Send boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boinc_client_client_packets" lineno="12672">
<summary>
Do not audit attempts to send boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boinc_client_client_packets" lineno="12691">
<summary>
Receive boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boinc_client_client_packets" lineno="12710">
<summary>
Do not audit attempts to receive boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boinc_client_client_packets" lineno="12729">
<summary>
Send and receive boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boinc_client_client_packets" lineno="12745">
<summary>
Do not audit attempts to send and receive boinc_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boinc_client_client_packets" lineno="12760">
<summary>
Relabel packets to boinc_client_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boinc_client_server_packets" lineno="12780">
<summary>
Send boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boinc_client_server_packets" lineno="12799">
<summary>
Do not audit attempts to send boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boinc_client_server_packets" lineno="12818">
<summary>
Receive boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boinc_client_server_packets" lineno="12837">
<summary>
Do not audit attempts to receive boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boinc_client_server_packets" lineno="12856">
<summary>
Send and receive boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boinc_client_server_packets" lineno="12872">
<summary>
Do not audit attempts to send and receive boinc_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boinc_client_server_packets" lineno="12887">
<summary>
Relabel packets to boinc_client_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_biff_port" lineno="12909">
<summary>
Send and receive TCP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_biff_port" lineno="12924">
<summary>
Send UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_biff_port" lineno="12939">
<summary>
Do not audit attempts to send UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_biff_port" lineno="12954">
<summary>
Receive UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_biff_port" lineno="12969">
<summary>
Do not audit attempts to receive UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_biff_port" lineno="12984">
<summary>
Send and receive UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_biff_port" lineno="13000">
<summary>
Do not audit attempts to send and receive
UDP traffic on the biff port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_biff_port" lineno="13015">
<summary>
Bind TCP sockets to the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_biff_port" lineno="13035">
<summary>
Bind UDP sockets to the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_biff_port" lineno="13054">
<summary>
Make a TCP connection to the biff port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_biff_client_packets" lineno="13074">
<summary>
Send biff_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_biff_client_packets" lineno="13093">
<summary>
Do not audit attempts to send biff_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_biff_client_packets" lineno="13112">
<summary>
Receive biff_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_biff_client_packets" lineno="13131">
<summary>
Do not audit attempts to receive biff_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_biff_client_packets" lineno="13150">
<summary>
Send and receive biff_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_biff_client_packets" lineno="13166">
<summary>
Do not audit attempts to send and receive biff_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_biff_client_packets" lineno="13181">
<summary>
Relabel packets to biff_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_biff_server_packets" lineno="13201">
<summary>
Send biff_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_biff_server_packets" lineno="13220">
<summary>
Do not audit attempts to send biff_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_biff_server_packets" lineno="13239">
<summary>
Receive biff_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_biff_server_packets" lineno="13258">
<summary>
Do not audit attempts to receive biff_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_biff_server_packets" lineno="13277">
<summary>
Send and receive biff_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_biff_server_packets" lineno="13293">
<summary>
Do not audit attempts to send and receive biff_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_biff_server_packets" lineno="13308">
<summary>
Relabel packets to biff_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_certmaster_port" lineno="13330">
<summary>
Send and receive TCP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_certmaster_port" lineno="13345">
<summary>
Send UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_certmaster_port" lineno="13360">
<summary>
Do not audit attempts to send UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_certmaster_port" lineno="13375">
<summary>
Receive UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_certmaster_port" lineno="13390">
<summary>
Do not audit attempts to receive UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_certmaster_port" lineno="13405">
<summary>
Send and receive UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_certmaster_port" lineno="13421">
<summary>
Do not audit attempts to send and receive
UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_certmaster_port" lineno="13436">
<summary>
Bind TCP sockets to the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_certmaster_port" lineno="13456">
<summary>
Bind UDP sockets to the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_certmaster_port" lineno="13475">
<summary>
Make a TCP connection to the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_certmaster_client_packets" lineno="13495">
<summary>
Send certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_certmaster_client_packets" lineno="13514">
<summary>
Do not audit attempts to send certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_certmaster_client_packets" lineno="13533">
<summary>
Receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_certmaster_client_packets" lineno="13552">
<summary>
Do not audit attempts to receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_certmaster_client_packets" lineno="13571">
<summary>
Send and receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_certmaster_client_packets" lineno="13587">
<summary>
Do not audit attempts to send and receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_certmaster_client_packets" lineno="13602">
<summary>
Relabel packets to certmaster_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_certmaster_server_packets" lineno="13622">
<summary>
Send certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_certmaster_server_packets" lineno="13641">
<summary>
Do not audit attempts to send certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_certmaster_server_packets" lineno="13660">
<summary>
Receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_certmaster_server_packets" lineno="13679">
<summary>
Do not audit attempts to receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_certmaster_server_packets" lineno="13698">
<summary>
Send and receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_certmaster_server_packets" lineno="13714">
<summary>
Do not audit attempts to send and receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_certmaster_server_packets" lineno="13729">
<summary>
Relabel packets to certmaster_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_chronyd_port" lineno="13751">
<summary>
Send and receive TCP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_chronyd_port" lineno="13766">
<summary>
Send UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_chronyd_port" lineno="13781">
<summary>
Do not audit attempts to send UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_chronyd_port" lineno="13796">
<summary>
Receive UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_chronyd_port" lineno="13811">
<summary>
Do not audit attempts to receive UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_chronyd_port" lineno="13826">
<summary>
Send and receive UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_chronyd_port" lineno="13842">
<summary>
Do not audit attempts to send and receive
UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_chronyd_port" lineno="13857">
<summary>
Bind TCP sockets to the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_chronyd_port" lineno="13877">
<summary>
Bind UDP sockets to the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_chronyd_port" lineno="13896">
<summary>
Make a TCP connection to the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_chronyd_client_packets" lineno="13916">
<summary>
Send chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_chronyd_client_packets" lineno="13935">
<summary>
Do not audit attempts to send chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_chronyd_client_packets" lineno="13954">
<summary>
Receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_chronyd_client_packets" lineno="13973">
<summary>
Do not audit attempts to receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_chronyd_client_packets" lineno="13992">
<summary>
Send and receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_chronyd_client_packets" lineno="14008">
<summary>
Do not audit attempts to send and receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_chronyd_client_packets" lineno="14023">
<summary>
Relabel packets to chronyd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_chronyd_server_packets" lineno="14043">
<summary>
Send chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_chronyd_server_packets" lineno="14062">
<summary>
Do not audit attempts to send chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_chronyd_server_packets" lineno="14081">
<summary>
Receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_chronyd_server_packets" lineno="14100">
<summary>
Do not audit attempts to receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_chronyd_server_packets" lineno="14119">
<summary>
Send and receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_chronyd_server_packets" lineno="14135">
<summary>
Do not audit attempts to send and receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_chronyd_server_packets" lineno="14150">
<summary>
Relabel packets to chronyd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_clamd_port" lineno="14172">
<summary>
Send and receive TCP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_clamd_port" lineno="14187">
<summary>
Send UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_clamd_port" lineno="14202">
<summary>
Do not audit attempts to send UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_clamd_port" lineno="14217">
<summary>
Receive UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_clamd_port" lineno="14232">
<summary>
Do not audit attempts to receive UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_clamd_port" lineno="14247">
<summary>
Send and receive UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_clamd_port" lineno="14263">
<summary>
Do not audit attempts to send and receive
UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_clamd_port" lineno="14278">
<summary>
Bind TCP sockets to the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_clamd_port" lineno="14298">
<summary>
Bind UDP sockets to the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_clamd_port" lineno="14317">
<summary>
Make a TCP connection to the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clamd_client_packets" lineno="14337">
<summary>
Send clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clamd_client_packets" lineno="14356">
<summary>
Do not audit attempts to send clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clamd_client_packets" lineno="14375">
<summary>
Receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clamd_client_packets" lineno="14394">
<summary>
Do not audit attempts to receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clamd_client_packets" lineno="14413">
<summary>
Send and receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clamd_client_packets" lineno="14429">
<summary>
Do not audit attempts to send and receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clamd_client_packets" lineno="14444">
<summary>
Relabel packets to clamd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clamd_server_packets" lineno="14464">
<summary>
Send clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clamd_server_packets" lineno="14483">
<summary>
Do not audit attempts to send clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clamd_server_packets" lineno="14502">
<summary>
Receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clamd_server_packets" lineno="14521">
<summary>
Do not audit attempts to receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clamd_server_packets" lineno="14540">
<summary>
Send and receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clamd_server_packets" lineno="14556">
<summary>
Do not audit attempts to send and receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clamd_server_packets" lineno="14571">
<summary>
Relabel packets to clamd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_clockspeed_port" lineno="14593">
<summary>
Send and receive TCP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_clockspeed_port" lineno="14608">
<summary>
Send UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_clockspeed_port" lineno="14623">
<summary>
Do not audit attempts to send UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_clockspeed_port" lineno="14638">
<summary>
Receive UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_clockspeed_port" lineno="14653">
<summary>
Do not audit attempts to receive UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_clockspeed_port" lineno="14668">
<summary>
Send and receive UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_clockspeed_port" lineno="14684">
<summary>
Do not audit attempts to send and receive
UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_clockspeed_port" lineno="14699">
<summary>
Bind TCP sockets to the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_clockspeed_port" lineno="14719">
<summary>
Bind UDP sockets to the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_clockspeed_port" lineno="14738">
<summary>
Make a TCP connection to the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clockspeed_client_packets" lineno="14758">
<summary>
Send clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clockspeed_client_packets" lineno="14777">
<summary>
Do not audit attempts to send clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clockspeed_client_packets" lineno="14796">
<summary>
Receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clockspeed_client_packets" lineno="14815">
<summary>
Do not audit attempts to receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clockspeed_client_packets" lineno="14834">
<summary>
Send and receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clockspeed_client_packets" lineno="14850">
<summary>
Do not audit attempts to send and receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clockspeed_client_packets" lineno="14865">
<summary>
Relabel packets to clockspeed_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clockspeed_server_packets" lineno="14885">
<summary>
Send clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clockspeed_server_packets" lineno="14904">
<summary>
Do not audit attempts to send clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clockspeed_server_packets" lineno="14923">
<summary>
Receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clockspeed_server_packets" lineno="14942">
<summary>
Do not audit attempts to receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clockspeed_server_packets" lineno="14961">
<summary>
Send and receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clockspeed_server_packets" lineno="14977">
<summary>
Do not audit attempts to send and receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clockspeed_server_packets" lineno="14992">
<summary>
Relabel packets to clockspeed_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cluster_port" lineno="15014">
<summary>
Send and receive TCP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cluster_port" lineno="15029">
<summary>
Send UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cluster_port" lineno="15044">
<summary>
Do not audit attempts to send UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cluster_port" lineno="15059">
<summary>
Receive UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cluster_port" lineno="15074">
<summary>
Do not audit attempts to receive UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cluster_port" lineno="15089">
<summary>
Send and receive UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cluster_port" lineno="15105">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cluster_port" lineno="15120">
<summary>
Bind TCP sockets to the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cluster_port" lineno="15140">
<summary>
Bind UDP sockets to the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cluster_port" lineno="15159">
<summary>
Make a TCP connection to the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cluster_client_packets" lineno="15179">
<summary>
Send cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cluster_client_packets" lineno="15198">
<summary>
Do not audit attempts to send cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cluster_client_packets" lineno="15217">
<summary>
Receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cluster_client_packets" lineno="15236">
<summary>
Do not audit attempts to receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cluster_client_packets" lineno="15255">
<summary>
Send and receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cluster_client_packets" lineno="15271">
<summary>
Do not audit attempts to send and receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cluster_client_packets" lineno="15286">
<summary>
Relabel packets to cluster_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cluster_server_packets" lineno="15306">
<summary>
Send cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cluster_server_packets" lineno="15325">
<summary>
Do not audit attempts to send cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cluster_server_packets" lineno="15344">
<summary>
Receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cluster_server_packets" lineno="15363">
<summary>
Do not audit attempts to receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cluster_server_packets" lineno="15382">
<summary>
Send and receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cluster_server_packets" lineno="15398">
<summary>
Do not audit attempts to send and receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cluster_server_packets" lineno="15413">
<summary>
Relabel packets to cluster_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cma_port" lineno="15435">
<summary>
Send and receive TCP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cma_port" lineno="15450">
<summary>
Send UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cma_port" lineno="15465">
<summary>
Do not audit attempts to send UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cma_port" lineno="15480">
<summary>
Receive UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cma_port" lineno="15495">
<summary>
Do not audit attempts to receive UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cma_port" lineno="15510">
<summary>
Send and receive UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cma_port" lineno="15526">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cma_port" lineno="15541">
<summary>
Bind TCP sockets to the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cma_port" lineno="15561">
<summary>
Bind UDP sockets to the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cma_port" lineno="15580">
<summary>
Make a TCP connection to the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cma_client_packets" lineno="15600">
<summary>
Send cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cma_client_packets" lineno="15619">
<summary>
Do not audit attempts to send cma_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cma_client_packets" lineno="15638">
<summary>
Receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cma_client_packets" lineno="15657">
<summary>
Do not audit attempts to receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cma_client_packets" lineno="15676">
<summary>
Send and receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cma_client_packets" lineno="15692">
<summary>
Do not audit attempts to send and receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cma_client_packets" lineno="15707">
<summary>
Relabel packets to cma_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cma_server_packets" lineno="15727">
<summary>
Send cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cma_server_packets" lineno="15746">
<summary>
Do not audit attempts to send cma_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cma_server_packets" lineno="15765">
<summary>
Receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cma_server_packets" lineno="15784">
<summary>
Do not audit attempts to receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cma_server_packets" lineno="15803">
<summary>
Send and receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cma_server_packets" lineno="15819">
<summary>
Do not audit attempts to send and receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cma_server_packets" lineno="15834">
<summary>
Relabel packets to cma_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cobbler_port" lineno="15856">
<summary>
Send and receive TCP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cobbler_port" lineno="15871">
<summary>
Send UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cobbler_port" lineno="15886">
<summary>
Do not audit attempts to send UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cobbler_port" lineno="15901">
<summary>
Receive UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cobbler_port" lineno="15916">
<summary>
Do not audit attempts to receive UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cobbler_port" lineno="15931">
<summary>
Send and receive UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cobbler_port" lineno="15947">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cobbler_port" lineno="15962">
<summary>
Bind TCP sockets to the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cobbler_port" lineno="15982">
<summary>
Bind UDP sockets to the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cobbler_port" lineno="16001">
<summary>
Make a TCP connection to the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cobbler_client_packets" lineno="16021">
<summary>
Send cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cobbler_client_packets" lineno="16040">
<summary>
Do not audit attempts to send cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cobbler_client_packets" lineno="16059">
<summary>
Receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cobbler_client_packets" lineno="16078">
<summary>
Do not audit attempts to receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cobbler_client_packets" lineno="16097">
<summary>
Send and receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cobbler_client_packets" lineno="16113">
<summary>
Do not audit attempts to send and receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cobbler_client_packets" lineno="16128">
<summary>
Relabel packets to cobbler_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cobbler_server_packets" lineno="16148">
<summary>
Send cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cobbler_server_packets" lineno="16167">
<summary>
Do not audit attempts to send cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cobbler_server_packets" lineno="16186">
<summary>
Receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cobbler_server_packets" lineno="16205">
<summary>
Do not audit attempts to receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cobbler_server_packets" lineno="16224">
<summary>
Send and receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cobbler_server_packets" lineno="16240">
<summary>
Do not audit attempts to send and receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cobbler_server_packets" lineno="16255">
<summary>
Relabel packets to cobbler_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_commplex_link_port" lineno="16277">
<summary>
Send and receive TCP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_commplex_link_port" lineno="16292">
<summary>
Send UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_commplex_link_port" lineno="16307">
<summary>
Do not audit attempts to send UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_commplex_link_port" lineno="16322">
<summary>
Receive UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_commplex_link_port" lineno="16337">
<summary>
Do not audit attempts to receive UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_commplex_link_port" lineno="16352">
<summary>
Send and receive UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_commplex_link_port" lineno="16368">
<summary>
Do not audit attempts to send and receive
UDP traffic on the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_commplex_link_port" lineno="16383">
<summary>
Bind TCP sockets to the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_commplex_link_port" lineno="16403">
<summary>
Bind UDP sockets to the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_commplex_link_port" lineno="16422">
<summary>
Make a TCP connection to the commplex_link port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_commplex_link_client_packets" lineno="16442">
<summary>
Send commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_commplex_link_client_packets" lineno="16461">
<summary>
Do not audit attempts to send commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_commplex_link_client_packets" lineno="16480">
<summary>
Receive commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_commplex_link_client_packets" lineno="16499">
<summary>
Do not audit attempts to receive commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_commplex_link_client_packets" lineno="16518">
<summary>
Send and receive commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_commplex_link_client_packets" lineno="16534">
<summary>
Do not audit attempts to send and receive commplex_link_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_commplex_link_client_packets" lineno="16549">
<summary>
Relabel packets to commplex_link_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_commplex_link_server_packets" lineno="16569">
<summary>
Send commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_commplex_link_server_packets" lineno="16588">
<summary>
Do not audit attempts to send commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_commplex_link_server_packets" lineno="16607">
<summary>
Receive commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_commplex_link_server_packets" lineno="16626">
<summary>
Do not audit attempts to receive commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_commplex_link_server_packets" lineno="16645">
<summary>
Send and receive commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_commplex_link_server_packets" lineno="16661">
<summary>
Do not audit attempts to send and receive commplex_link_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_commplex_link_server_packets" lineno="16676">
<summary>
Relabel packets to commplex_link_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_commplex_main_port" lineno="16698">
<summary>
Send and receive TCP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_commplex_main_port" lineno="16713">
<summary>
Send UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_commplex_main_port" lineno="16728">
<summary>
Do not audit attempts to send UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_commplex_main_port" lineno="16743">
<summary>
Receive UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_commplex_main_port" lineno="16758">
<summary>
Do not audit attempts to receive UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_commplex_main_port" lineno="16773">
<summary>
Send and receive UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_commplex_main_port" lineno="16789">
<summary>
Do not audit attempts to send and receive
UDP traffic on the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_commplex_main_port" lineno="16804">
<summary>
Bind TCP sockets to the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_commplex_main_port" lineno="16824">
<summary>
Bind UDP sockets to the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_commplex_main_port" lineno="16843">
<summary>
Make a TCP connection to the commplex_main port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_commplex_main_client_packets" lineno="16863">
<summary>
Send commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_commplex_main_client_packets" lineno="16882">
<summary>
Do not audit attempts to send commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_commplex_main_client_packets" lineno="16901">
<summary>
Receive commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_commplex_main_client_packets" lineno="16920">
<summary>
Do not audit attempts to receive commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_commplex_main_client_packets" lineno="16939">
<summary>
Send and receive commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_commplex_main_client_packets" lineno="16955">
<summary>
Do not audit attempts to send and receive commplex_main_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_commplex_main_client_packets" lineno="16970">
<summary>
Relabel packets to commplex_main_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_commplex_main_server_packets" lineno="16990">
<summary>
Send commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_commplex_main_server_packets" lineno="17009">
<summary>
Do not audit attempts to send commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_commplex_main_server_packets" lineno="17028">
<summary>
Receive commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_commplex_main_server_packets" lineno="17047">
<summary>
Do not audit attempts to receive commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_commplex_main_server_packets" lineno="17066">
<summary>
Send and receive commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_commplex_main_server_packets" lineno="17082">
<summary>
Do not audit attempts to send and receive commplex_main_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_commplex_main_server_packets" lineno="17097">
<summary>
Relabel packets to commplex_main_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_comsat_port" lineno="17119">
<summary>
Send and receive TCP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_comsat_port" lineno="17134">
<summary>
Send UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_comsat_port" lineno="17149">
<summary>
Do not audit attempts to send UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_comsat_port" lineno="17164">
<summary>
Receive UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_comsat_port" lineno="17179">
<summary>
Do not audit attempts to receive UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_comsat_port" lineno="17194">
<summary>
Send and receive UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_comsat_port" lineno="17210">
<summary>
Do not audit attempts to send and receive
UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_comsat_port" lineno="17225">
<summary>
Bind TCP sockets to the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_comsat_port" lineno="17245">
<summary>
Bind UDP sockets to the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_comsat_port" lineno="17264">
<summary>
Make a TCP connection to the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_comsat_client_packets" lineno="17284">
<summary>
Send comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_comsat_client_packets" lineno="17303">
<summary>
Do not audit attempts to send comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_comsat_client_packets" lineno="17322">
<summary>
Receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_comsat_client_packets" lineno="17341">
<summary>
Do not audit attempts to receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_comsat_client_packets" lineno="17360">
<summary>
Send and receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_comsat_client_packets" lineno="17376">
<summary>
Do not audit attempts to send and receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_comsat_client_packets" lineno="17391">
<summary>
Relabel packets to comsat_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_comsat_server_packets" lineno="17411">
<summary>
Send comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_comsat_server_packets" lineno="17430">
<summary>
Do not audit attempts to send comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_comsat_server_packets" lineno="17449">
<summary>
Receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_comsat_server_packets" lineno="17468">
<summary>
Do not audit attempts to receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_comsat_server_packets" lineno="17487">
<summary>
Send and receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_comsat_server_packets" lineno="17503">
<summary>
Do not audit attempts to send and receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_comsat_server_packets" lineno="17518">
<summary>
Relabel packets to comsat_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_condor_port" lineno="17540">
<summary>
Send and receive TCP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_condor_port" lineno="17555">
<summary>
Send UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_condor_port" lineno="17570">
<summary>
Do not audit attempts to send UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_condor_port" lineno="17585">
<summary>
Receive UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_condor_port" lineno="17600">
<summary>
Do not audit attempts to receive UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_condor_port" lineno="17615">
<summary>
Send and receive UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_condor_port" lineno="17631">
<summary>
Do not audit attempts to send and receive
UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_condor_port" lineno="17646">
<summary>
Bind TCP sockets to the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_condor_port" lineno="17666">
<summary>
Bind UDP sockets to the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_condor_port" lineno="17685">
<summary>
Make a TCP connection to the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_condor_client_packets" lineno="17705">
<summary>
Send condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_condor_client_packets" lineno="17724">
<summary>
Do not audit attempts to send condor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_condor_client_packets" lineno="17743">
<summary>
Receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_condor_client_packets" lineno="17762">
<summary>
Do not audit attempts to receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_condor_client_packets" lineno="17781">
<summary>
Send and receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_condor_client_packets" lineno="17797">
<summary>
Do not audit attempts to send and receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_condor_client_packets" lineno="17812">
<summary>
Relabel packets to condor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_condor_server_packets" lineno="17832">
<summary>
Send condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_condor_server_packets" lineno="17851">
<summary>
Do not audit attempts to send condor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_condor_server_packets" lineno="17870">
<summary>
Receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_condor_server_packets" lineno="17889">
<summary>
Do not audit attempts to receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_condor_server_packets" lineno="17908">
<summary>
Send and receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_condor_server_packets" lineno="17924">
<summary>
Do not audit attempts to send and receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_condor_server_packets" lineno="17939">
<summary>
Relabel packets to condor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_couchdb_port" lineno="17961">
<summary>
Send and receive TCP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_couchdb_port" lineno="17976">
<summary>
Send UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_couchdb_port" lineno="17991">
<summary>
Do not audit attempts to send UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_couchdb_port" lineno="18006">
<summary>
Receive UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_couchdb_port" lineno="18021">
<summary>
Do not audit attempts to receive UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_couchdb_port" lineno="18036">
<summary>
Send and receive UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_couchdb_port" lineno="18052">
<summary>
Do not audit attempts to send and receive
UDP traffic on the couchdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_couchdb_port" lineno="18067">
<summary>
Bind TCP sockets to the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_couchdb_port" lineno="18087">
<summary>
Bind UDP sockets to the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_couchdb_port" lineno="18106">
<summary>
Make a TCP connection to the couchdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_couchdb_client_packets" lineno="18126">
<summary>
Send couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_couchdb_client_packets" lineno="18145">
<summary>
Do not audit attempts to send couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_couchdb_client_packets" lineno="18164">
<summary>
Receive couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_couchdb_client_packets" lineno="18183">
<summary>
Do not audit attempts to receive couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_couchdb_client_packets" lineno="18202">
<summary>
Send and receive couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_couchdb_client_packets" lineno="18218">
<summary>
Do not audit attempts to send and receive couchdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_couchdb_client_packets" lineno="18233">
<summary>
Relabel packets to couchdb_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_couchdb_server_packets" lineno="18253">
<summary>
Send couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_couchdb_server_packets" lineno="18272">
<summary>
Do not audit attempts to send couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_couchdb_server_packets" lineno="18291">
<summary>
Receive couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_couchdb_server_packets" lineno="18310">
<summary>
Do not audit attempts to receive couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_couchdb_server_packets" lineno="18329">
<summary>
Send and receive couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_couchdb_server_packets" lineno="18345">
<summary>
Do not audit attempts to send and receive couchdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_couchdb_server_packets" lineno="18360">
<summary>
Relabel packets to couchdb_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cslistener_port" lineno="18382">
<summary>
Send and receive TCP traffic on the cslistener port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cslistener_port" lineno="18397">
<summary>
Send UDP traffic on the cslistener port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cslistener_port" lineno="18412">
<summary>
Do not audit attempts to send UDP traffic on the cslistener port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cslistener_port" lineno="18427">
<summary>
Receive UDP traffic on the cslistener port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cslistener_port" lineno="18442">
<summary>
Do not audit attempts to receive UDP traffic on the cslistener port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cslistener_port" lineno="18457">
<summary>
Send and receive UDP traffic on the cslistener port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cslistener_port" lineno="18473">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cslistener port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cslistener_port" lineno="18488">
<summary>
Bind TCP sockets to the cslistener port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cslistener_port" lineno="18508">
<summary>
Bind UDP sockets to the cslistener port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cslistener_port" lineno="18527">
<summary>
Make a TCP connection to the cslistener port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cslistener_client_packets" lineno="18547">
<summary>
Send cslistener_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cslistener_client_packets" lineno="18566">
<summary>
Do not audit attempts to send cslistener_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cslistener_client_packets" lineno="18585">
<summary>
Receive cslistener_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cslistener_client_packets" lineno="18604">
<summary>
Do not audit attempts to receive cslistener_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cslistener_client_packets" lineno="18623">
<summary>
Send and receive cslistener_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cslistener_client_packets" lineno="18639">
<summary>
Do not audit attempts to send and receive cslistener_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cslistener_client_packets" lineno="18654">
<summary>
Relabel packets to cslistener_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cslistener_server_packets" lineno="18674">
<summary>
Send cslistener_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cslistener_server_packets" lineno="18693">
<summary>
Do not audit attempts to send cslistener_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cslistener_server_packets" lineno="18712">
<summary>
Receive cslistener_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cslistener_server_packets" lineno="18731">
<summary>
Do not audit attempts to receive cslistener_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cslistener_server_packets" lineno="18750">
<summary>
Send and receive cslistener_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cslistener_server_packets" lineno="18766">
<summary>
Do not audit attempts to send and receive cslistener_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cslistener_server_packets" lineno="18781">
<summary>
Relabel packets to cslistener_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ctdb_port" lineno="18803">
<summary>
Send and receive TCP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ctdb_port" lineno="18818">
<summary>
Send UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ctdb_port" lineno="18833">
<summary>
Do not audit attempts to send UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ctdb_port" lineno="18848">
<summary>
Receive UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ctdb_port" lineno="18863">
<summary>
Do not audit attempts to receive UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ctdb_port" lineno="18878">
<summary>
Send and receive UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ctdb_port" lineno="18894">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ctdb_port" lineno="18909">
<summary>
Bind TCP sockets to the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ctdb_port" lineno="18929">
<summary>
Bind UDP sockets to the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ctdb_port" lineno="18948">
<summary>
Make a TCP connection to the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ctdb_client_packets" lineno="18968">
<summary>
Send ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ctdb_client_packets" lineno="18987">
<summary>
Do not audit attempts to send ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ctdb_client_packets" lineno="19006">
<summary>
Receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ctdb_client_packets" lineno="19025">
<summary>
Do not audit attempts to receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ctdb_client_packets" lineno="19044">
<summary>
Send and receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ctdb_client_packets" lineno="19060">
<summary>
Do not audit attempts to send and receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ctdb_client_packets" lineno="19075">
<summary>
Relabel packets to ctdb_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ctdb_server_packets" lineno="19095">
<summary>
Send ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ctdb_server_packets" lineno="19114">
<summary>
Do not audit attempts to send ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ctdb_server_packets" lineno="19133">
<summary>
Receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ctdb_server_packets" lineno="19152">
<summary>
Do not audit attempts to receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ctdb_server_packets" lineno="19171">
<summary>
Send and receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ctdb_server_packets" lineno="19187">
<summary>
Do not audit attempts to send and receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ctdb_server_packets" lineno="19202">
<summary>
Relabel packets to ctdb_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cvs_port" lineno="19224">
<summary>
Send and receive TCP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cvs_port" lineno="19239">
<summary>
Send UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cvs_port" lineno="19254">
<summary>
Do not audit attempts to send UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cvs_port" lineno="19269">
<summary>
Receive UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cvs_port" lineno="19284">
<summary>
Do not audit attempts to receive UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cvs_port" lineno="19299">
<summary>
Send and receive UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cvs_port" lineno="19315">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cvs_port" lineno="19330">
<summary>
Bind TCP sockets to the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cvs_port" lineno="19350">
<summary>
Bind UDP sockets to the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cvs_port" lineno="19369">
<summary>
Make a TCP connection to the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cvs_client_packets" lineno="19389">
<summary>
Send cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cvs_client_packets" lineno="19408">
<summary>
Do not audit attempts to send cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cvs_client_packets" lineno="19427">
<summary>
Receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cvs_client_packets" lineno="19446">
<summary>
Do not audit attempts to receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cvs_client_packets" lineno="19465">
<summary>
Send and receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cvs_client_packets" lineno="19481">
<summary>
Do not audit attempts to send and receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cvs_client_packets" lineno="19496">
<summary>
Relabel packets to cvs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cvs_server_packets" lineno="19516">
<summary>
Send cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cvs_server_packets" lineno="19535">
<summary>
Do not audit attempts to send cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cvs_server_packets" lineno="19554">
<summary>
Receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cvs_server_packets" lineno="19573">
<summary>
Do not audit attempts to receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cvs_server_packets" lineno="19592">
<summary>
Send and receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cvs_server_packets" lineno="19608">
<summary>
Do not audit attempts to send and receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cvs_server_packets" lineno="19623">
<summary>
Relabel packets to cvs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cyphesis_port" lineno="19645">
<summary>
Send and receive TCP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cyphesis_port" lineno="19660">
<summary>
Send UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cyphesis_port" lineno="19675">
<summary>
Do not audit attempts to send UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cyphesis_port" lineno="19690">
<summary>
Receive UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cyphesis_port" lineno="19705">
<summary>
Do not audit attempts to receive UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cyphesis_port" lineno="19720">
<summary>
Send and receive UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cyphesis_port" lineno="19736">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cyphesis_port" lineno="19751">
<summary>
Bind TCP sockets to the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cyphesis_port" lineno="19771">
<summary>
Bind UDP sockets to the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cyphesis_port" lineno="19790">
<summary>
Make a TCP connection to the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cyphesis_client_packets" lineno="19810">
<summary>
Send cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cyphesis_client_packets" lineno="19829">
<summary>
Do not audit attempts to send cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cyphesis_client_packets" lineno="19848">
<summary>
Receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cyphesis_client_packets" lineno="19867">
<summary>
Do not audit attempts to receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cyphesis_client_packets" lineno="19886">
<summary>
Send and receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cyphesis_client_packets" lineno="19902">
<summary>
Do not audit attempts to send and receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cyphesis_client_packets" lineno="19917">
<summary>
Relabel packets to cyphesis_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cyphesis_server_packets" lineno="19937">
<summary>
Send cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cyphesis_server_packets" lineno="19956">
<summary>
Do not audit attempts to send cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cyphesis_server_packets" lineno="19975">
<summary>
Receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cyphesis_server_packets" lineno="19994">
<summary>
Do not audit attempts to receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cyphesis_server_packets" lineno="20013">
<summary>
Send and receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cyphesis_server_packets" lineno="20029">
<summary>
Do not audit attempts to send and receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cyphesis_server_packets" lineno="20044">
<summary>
Relabel packets to cyphesis_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_daap_port" lineno="20066">
<summary>
Send and receive TCP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_daap_port" lineno="20081">
<summary>
Send UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_daap_port" lineno="20096">
<summary>
Do not audit attempts to send UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_daap_port" lineno="20111">
<summary>
Receive UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_daap_port" lineno="20126">
<summary>
Do not audit attempts to receive UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_daap_port" lineno="20141">
<summary>
Send and receive UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_daap_port" lineno="20157">
<summary>
Do not audit attempts to send and receive
UDP traffic on the daap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_daap_port" lineno="20172">
<summary>
Bind TCP sockets to the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_daap_port" lineno="20192">
<summary>
Bind UDP sockets to the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_daap_port" lineno="20211">
<summary>
Make a TCP connection to the daap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_daap_client_packets" lineno="20231">
<summary>
Send daap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_daap_client_packets" lineno="20250">
<summary>
Do not audit attempts to send daap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_daap_client_packets" lineno="20269">
<summary>
Receive daap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_daap_client_packets" lineno="20288">
<summary>
Do not audit attempts to receive daap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_daap_client_packets" lineno="20307">
<summary>
Send and receive daap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_daap_client_packets" lineno="20323">
<summary>
Do not audit attempts to send and receive daap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_daap_client_packets" lineno="20338">
<summary>
Relabel packets to daap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_daap_server_packets" lineno="20358">
<summary>
Send daap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_daap_server_packets" lineno="20377">
<summary>
Do not audit attempts to send daap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_daap_server_packets" lineno="20396">
<summary>
Receive daap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_daap_server_packets" lineno="20415">
<summary>
Do not audit attempts to receive daap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_daap_server_packets" lineno="20434">
<summary>
Send and receive daap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_daap_server_packets" lineno="20450">
<summary>
Do not audit attempts to send and receive daap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_daap_server_packets" lineno="20465">
<summary>
Relabel packets to daap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dbskkd_port" lineno="20487">
<summary>
Send and receive TCP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dbskkd_port" lineno="20502">
<summary>
Send UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dbskkd_port" lineno="20517">
<summary>
Do not audit attempts to send UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dbskkd_port" lineno="20532">
<summary>
Receive UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dbskkd_port" lineno="20547">
<summary>
Do not audit attempts to receive UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dbskkd_port" lineno="20562">
<summary>
Send and receive UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dbskkd_port" lineno="20578">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dbskkd_port" lineno="20593">
<summary>
Bind TCP sockets to the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dbskkd_port" lineno="20613">
<summary>
Bind UDP sockets to the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dbskkd_port" lineno="20632">
<summary>
Make a TCP connection to the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dbskkd_client_packets" lineno="20652">
<summary>
Send dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dbskkd_client_packets" lineno="20671">
<summary>
Do not audit attempts to send dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dbskkd_client_packets" lineno="20690">
<summary>
Receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dbskkd_client_packets" lineno="20709">
<summary>
Do not audit attempts to receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dbskkd_client_packets" lineno="20728">
<summary>
Send and receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dbskkd_client_packets" lineno="20744">
<summary>
Do not audit attempts to send and receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dbskkd_client_packets" lineno="20759">
<summary>
Relabel packets to dbskkd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dbskkd_server_packets" lineno="20779">
<summary>
Send dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dbskkd_server_packets" lineno="20798">
<summary>
Do not audit attempts to send dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dbskkd_server_packets" lineno="20817">
<summary>
Receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dbskkd_server_packets" lineno="20836">
<summary>
Do not audit attempts to receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dbskkd_server_packets" lineno="20855">
<summary>
Send and receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dbskkd_server_packets" lineno="20871">
<summary>
Do not audit attempts to send and receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dbskkd_server_packets" lineno="20886">
<summary>
Relabel packets to dbskkd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dcc_port" lineno="20908">
<summary>
Send and receive TCP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dcc_port" lineno="20923">
<summary>
Send UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dcc_port" lineno="20938">
<summary>
Do not audit attempts to send UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dcc_port" lineno="20953">
<summary>
Receive UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dcc_port" lineno="20968">
<summary>
Do not audit attempts to receive UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dcc_port" lineno="20983">
<summary>
Send and receive UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dcc_port" lineno="20999">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dcc_port" lineno="21014">
<summary>
Bind TCP sockets to the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dcc_port" lineno="21034">
<summary>
Bind UDP sockets to the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dcc_port" lineno="21053">
<summary>
Make a TCP connection to the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dcc_client_packets" lineno="21073">
<summary>
Send dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dcc_client_packets" lineno="21092">
<summary>
Do not audit attempts to send dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dcc_client_packets" lineno="21111">
<summary>
Receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dcc_client_packets" lineno="21130">
<summary>
Do not audit attempts to receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dcc_client_packets" lineno="21149">
<summary>
Send and receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dcc_client_packets" lineno="21165">
<summary>
Do not audit attempts to send and receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dcc_client_packets" lineno="21180">
<summary>
Relabel packets to dcc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dcc_server_packets" lineno="21200">
<summary>
Send dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dcc_server_packets" lineno="21219">
<summary>
Do not audit attempts to send dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dcc_server_packets" lineno="21238">
<summary>
Receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dcc_server_packets" lineno="21257">
<summary>
Do not audit attempts to receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dcc_server_packets" lineno="21276">
<summary>
Send and receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dcc_server_packets" lineno="21292">
<summary>
Do not audit attempts to send and receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dcc_server_packets" lineno="21307">
<summary>
Relabel packets to dcc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dccm_port" lineno="21329">
<summary>
Send and receive TCP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dccm_port" lineno="21344">
<summary>
Send UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dccm_port" lineno="21359">
<summary>
Do not audit attempts to send UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dccm_port" lineno="21374">
<summary>
Receive UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dccm_port" lineno="21389">
<summary>
Do not audit attempts to receive UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dccm_port" lineno="21404">
<summary>
Send and receive UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dccm_port" lineno="21420">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dccm_port" lineno="21435">
<summary>
Bind TCP sockets to the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dccm_port" lineno="21455">
<summary>
Bind UDP sockets to the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dccm_port" lineno="21474">
<summary>
Make a TCP connection to the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dccm_client_packets" lineno="21494">
<summary>
Send dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dccm_client_packets" lineno="21513">
<summary>
Do not audit attempts to send dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dccm_client_packets" lineno="21532">
<summary>
Receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dccm_client_packets" lineno="21551">
<summary>
Do not audit attempts to receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dccm_client_packets" lineno="21570">
<summary>
Send and receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dccm_client_packets" lineno="21586">
<summary>
Do not audit attempts to send and receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dccm_client_packets" lineno="21601">
<summary>
Relabel packets to dccm_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dccm_server_packets" lineno="21621">
<summary>
Send dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dccm_server_packets" lineno="21640">
<summary>
Do not audit attempts to send dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dccm_server_packets" lineno="21659">
<summary>
Receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dccm_server_packets" lineno="21678">
<summary>
Do not audit attempts to receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dccm_server_packets" lineno="21697">
<summary>
Send and receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dccm_server_packets" lineno="21713">
<summary>
Do not audit attempts to send and receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dccm_server_packets" lineno="21728">
<summary>
Relabel packets to dccm_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dhcpc_port" lineno="21750">
<summary>
Send and receive TCP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dhcpc_port" lineno="21765">
<summary>
Send UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dhcpc_port" lineno="21780">
<summary>
Do not audit attempts to send UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dhcpc_port" lineno="21795">
<summary>
Receive UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dhcpc_port" lineno="21810">
<summary>
Do not audit attempts to receive UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dhcpc_port" lineno="21825">
<summary>
Send and receive UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dhcpc_port" lineno="21841">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dhcpc_port" lineno="21856">
<summary>
Bind TCP sockets to the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dhcpc_port" lineno="21876">
<summary>
Bind UDP sockets to the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dhcpc_port" lineno="21895">
<summary>
Make a TCP connection to the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpc_client_packets" lineno="21915">
<summary>
Send dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpc_client_packets" lineno="21934">
<summary>
Do not audit attempts to send dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpc_client_packets" lineno="21953">
<summary>
Receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpc_client_packets" lineno="21972">
<summary>
Do not audit attempts to receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpc_client_packets" lineno="21991">
<summary>
Send and receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpc_client_packets" lineno="22007">
<summary>
Do not audit attempts to send and receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpc_client_packets" lineno="22022">
<summary>
Relabel packets to dhcpc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpc_server_packets" lineno="22042">
<summary>
Send dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpc_server_packets" lineno="22061">
<summary>
Do not audit attempts to send dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpc_server_packets" lineno="22080">
<summary>
Receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpc_server_packets" lineno="22099">
<summary>
Do not audit attempts to receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpc_server_packets" lineno="22118">
<summary>
Send and receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpc_server_packets" lineno="22134">
<summary>
Do not audit attempts to send and receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpc_server_packets" lineno="22149">
<summary>
Relabel packets to dhcpc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dhcpd_port" lineno="22171">
<summary>
Send and receive TCP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dhcpd_port" lineno="22186">
<summary>
Send UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dhcpd_port" lineno="22201">
<summary>
Do not audit attempts to send UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dhcpd_port" lineno="22216">
<summary>
Receive UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dhcpd_port" lineno="22231">
<summary>
Do not audit attempts to receive UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dhcpd_port" lineno="22246">
<summary>
Send and receive UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dhcpd_port" lineno="22262">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dhcpd_port" lineno="22277">
<summary>
Bind TCP sockets to the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dhcpd_port" lineno="22297">
<summary>
Bind UDP sockets to the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dhcpd_port" lineno="22316">
<summary>
Make a TCP connection to the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpd_client_packets" lineno="22336">
<summary>
Send dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpd_client_packets" lineno="22355">
<summary>
Do not audit attempts to send dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpd_client_packets" lineno="22374">
<summary>
Receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpd_client_packets" lineno="22393">
<summary>
Do not audit attempts to receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpd_client_packets" lineno="22412">
<summary>
Send and receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpd_client_packets" lineno="22428">
<summary>
Do not audit attempts to send and receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpd_client_packets" lineno="22443">
<summary>
Relabel packets to dhcpd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpd_server_packets" lineno="22463">
<summary>
Send dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpd_server_packets" lineno="22482">
<summary>
Do not audit attempts to send dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpd_server_packets" lineno="22501">
<summary>
Receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpd_server_packets" lineno="22520">
<summary>
Do not audit attempts to receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpd_server_packets" lineno="22539">
<summary>
Send and receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpd_server_packets" lineno="22555">
<summary>
Do not audit attempts to send and receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpd_server_packets" lineno="22570">
<summary>
Relabel packets to dhcpd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dict_port" lineno="22592">
<summary>
Send and receive TCP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dict_port" lineno="22607">
<summary>
Send UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dict_port" lineno="22622">
<summary>
Do not audit attempts to send UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dict_port" lineno="22637">
<summary>
Receive UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dict_port" lineno="22652">
<summary>
Do not audit attempts to receive UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dict_port" lineno="22667">
<summary>
Send and receive UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dict_port" lineno="22683">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dict_port" lineno="22698">
<summary>
Bind TCP sockets to the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dict_port" lineno="22718">
<summary>
Bind UDP sockets to the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dict_port" lineno="22737">
<summary>
Make a TCP connection to the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dict_client_packets" lineno="22757">
<summary>
Send dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dict_client_packets" lineno="22776">
<summary>
Do not audit attempts to send dict_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dict_client_packets" lineno="22795">
<summary>
Receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dict_client_packets" lineno="22814">
<summary>
Do not audit attempts to receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dict_client_packets" lineno="22833">
<summary>
Send and receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dict_client_packets" lineno="22849">
<summary>
Do not audit attempts to send and receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dict_client_packets" lineno="22864">
<summary>
Relabel packets to dict_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dict_server_packets" lineno="22884">
<summary>
Send dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dict_server_packets" lineno="22903">
<summary>
Do not audit attempts to send dict_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dict_server_packets" lineno="22922">
<summary>
Receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dict_server_packets" lineno="22941">
<summary>
Do not audit attempts to receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dict_server_packets" lineno="22960">
<summary>
Send and receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dict_server_packets" lineno="22976">
<summary>
Do not audit attempts to send and receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dict_server_packets" lineno="22991">
<summary>
Relabel packets to dict_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_distccd_port" lineno="23013">
<summary>
Send and receive TCP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_distccd_port" lineno="23028">
<summary>
Send UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_distccd_port" lineno="23043">
<summary>
Do not audit attempts to send UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_distccd_port" lineno="23058">
<summary>
Receive UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_distccd_port" lineno="23073">
<summary>
Do not audit attempts to receive UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_distccd_port" lineno="23088">
<summary>
Send and receive UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_distccd_port" lineno="23104">
<summary>
Do not audit attempts to send and receive
UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_distccd_port" lineno="23119">
<summary>
Bind TCP sockets to the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_distccd_port" lineno="23139">
<summary>
Bind UDP sockets to the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_distccd_port" lineno="23158">
<summary>
Make a TCP connection to the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_distccd_client_packets" lineno="23178">
<summary>
Send distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_distccd_client_packets" lineno="23197">
<summary>
Do not audit attempts to send distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_distccd_client_packets" lineno="23216">
<summary>
Receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_distccd_client_packets" lineno="23235">
<summary>
Do not audit attempts to receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_distccd_client_packets" lineno="23254">
<summary>
Send and receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_distccd_client_packets" lineno="23270">
<summary>
Do not audit attempts to send and receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_distccd_client_packets" lineno="23285">
<summary>
Relabel packets to distccd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_distccd_server_packets" lineno="23305">
<summary>
Send distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_distccd_server_packets" lineno="23324">
<summary>
Do not audit attempts to send distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_distccd_server_packets" lineno="23343">
<summary>
Receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_distccd_server_packets" lineno="23362">
<summary>
Do not audit attempts to receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_distccd_server_packets" lineno="23381">
<summary>
Send and receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_distccd_server_packets" lineno="23397">
<summary>
Do not audit attempts to send and receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_distccd_server_packets" lineno="23412">
<summary>
Relabel packets to distccd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dns_port" lineno="23434">
<summary>
Send and receive TCP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dns_port" lineno="23449">
<summary>
Send UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dns_port" lineno="23464">
<summary>
Do not audit attempts to send UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dns_port" lineno="23479">
<summary>
Receive UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dns_port" lineno="23494">
<summary>
Do not audit attempts to receive UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dns_port" lineno="23509">
<summary>
Send and receive UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dns_port" lineno="23525">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dns_port" lineno="23540">
<summary>
Bind TCP sockets to the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dns_port" lineno="23560">
<summary>
Bind UDP sockets to the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dns_port" lineno="23579">
<summary>
Make a TCP connection to the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dns_client_packets" lineno="23599">
<summary>
Send dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dns_client_packets" lineno="23618">
<summary>
Do not audit attempts to send dns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dns_client_packets" lineno="23637">
<summary>
Receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dns_client_packets" lineno="23656">
<summary>
Do not audit attempts to receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dns_client_packets" lineno="23675">
<summary>
Send and receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dns_client_packets" lineno="23691">
<summary>
Do not audit attempts to send and receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dns_client_packets" lineno="23706">
<summary>
Relabel packets to dns_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dns_server_packets" lineno="23726">
<summary>
Send dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dns_server_packets" lineno="23745">
<summary>
Do not audit attempts to send dns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dns_server_packets" lineno="23764">
<summary>
Receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dns_server_packets" lineno="23783">
<summary>
Do not audit attempts to receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dns_server_packets" lineno="23802">
<summary>
Send and receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dns_server_packets" lineno="23818">
<summary>
Do not audit attempts to send and receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dns_server_packets" lineno="23833">
<summary>
Relabel packets to dns_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dropbox_port" lineno="23855">
<summary>
Send and receive TCP traffic on the dropbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dropbox_port" lineno="23870">
<summary>
Send UDP traffic on the dropbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dropbox_port" lineno="23885">
<summary>
Do not audit attempts to send UDP traffic on the dropbox port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dropbox_port" lineno="23900">
<summary>
Receive UDP traffic on the dropbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dropbox_port" lineno="23915">
<summary>
Do not audit attempts to receive UDP traffic on the dropbox port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dropbox_port" lineno="23930">
<summary>
Send and receive UDP traffic on the dropbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dropbox_port" lineno="23946">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dropbox port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dropbox_port" lineno="23961">
<summary>
Bind TCP sockets to the dropbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dropbox_port" lineno="23981">
<summary>
Bind UDP sockets to the dropbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dropbox_port" lineno="24000">
<summary>
Make a TCP connection to the dropbox port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dropbox_client_packets" lineno="24020">
<summary>
Send dropbox_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dropbox_client_packets" lineno="24039">
<summary>
Do not audit attempts to send dropbox_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dropbox_client_packets" lineno="24058">
<summary>
Receive dropbox_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dropbox_client_packets" lineno="24077">
<summary>
Do not audit attempts to receive dropbox_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dropbox_client_packets" lineno="24096">
<summary>
Send and receive dropbox_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dropbox_client_packets" lineno="24112">
<summary>
Do not audit attempts to send and receive dropbox_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dropbox_client_packets" lineno="24127">
<summary>
Relabel packets to dropbox_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dropbox_server_packets" lineno="24147">
<summary>
Send dropbox_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dropbox_server_packets" lineno="24166">
<summary>
Do not audit attempts to send dropbox_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dropbox_server_packets" lineno="24185">
<summary>
Receive dropbox_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dropbox_server_packets" lineno="24204">
<summary>
Do not audit attempts to receive dropbox_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dropbox_server_packets" lineno="24223">
<summary>
Send and receive dropbox_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dropbox_server_packets" lineno="24239">
<summary>
Do not audit attempts to send and receive dropbox_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dropbox_server_packets" lineno="24254">
<summary>
Relabel packets to dropbox_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_efs_port" lineno="24276">
<summary>
Send and receive TCP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_efs_port" lineno="24291">
<summary>
Send UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_efs_port" lineno="24306">
<summary>
Do not audit attempts to send UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_efs_port" lineno="24321">
<summary>
Receive UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_efs_port" lineno="24336">
<summary>
Do not audit attempts to receive UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_efs_port" lineno="24351">
<summary>
Send and receive UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_efs_port" lineno="24367">
<summary>
Do not audit attempts to send and receive
UDP traffic on the efs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_efs_port" lineno="24382">
<summary>
Bind TCP sockets to the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_efs_port" lineno="24402">
<summary>
Bind UDP sockets to the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_efs_port" lineno="24421">
<summary>
Make a TCP connection to the efs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_efs_client_packets" lineno="24441">
<summary>
Send efs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_efs_client_packets" lineno="24460">
<summary>
Do not audit attempts to send efs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_efs_client_packets" lineno="24479">
<summary>
Receive efs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_efs_client_packets" lineno="24498">
<summary>
Do not audit attempts to receive efs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_efs_client_packets" lineno="24517">
<summary>
Send and receive efs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_efs_client_packets" lineno="24533">
<summary>
Do not audit attempts to send and receive efs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_efs_client_packets" lineno="24548">
<summary>
Relabel packets to efs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_efs_server_packets" lineno="24568">
<summary>
Send efs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_efs_server_packets" lineno="24587">
<summary>
Do not audit attempts to send efs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_efs_server_packets" lineno="24606">
<summary>
Receive efs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_efs_server_packets" lineno="24625">
<summary>
Do not audit attempts to receive efs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_efs_server_packets" lineno="24644">
<summary>
Send and receive efs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_efs_server_packets" lineno="24660">
<summary>
Do not audit attempts to send and receive efs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_efs_server_packets" lineno="24675">
<summary>
Relabel packets to efs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_embrace_dp_c_port" lineno="24697">
<summary>
Send and receive TCP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_embrace_dp_c_port" lineno="24712">
<summary>
Send UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_embrace_dp_c_port" lineno="24727">
<summary>
Do not audit attempts to send UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_embrace_dp_c_port" lineno="24742">
<summary>
Receive UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_embrace_dp_c_port" lineno="24757">
<summary>
Do not audit attempts to receive UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_embrace_dp_c_port" lineno="24772">
<summary>
Send and receive UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_embrace_dp_c_port" lineno="24788">
<summary>
Do not audit attempts to send and receive
UDP traffic on the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_embrace_dp_c_port" lineno="24803">
<summary>
Bind TCP sockets to the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_embrace_dp_c_port" lineno="24823">
<summary>
Bind UDP sockets to the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_embrace_dp_c_port" lineno="24842">
<summary>
Make a TCP connection to the embrace_dp_c port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_embrace_dp_c_client_packets" lineno="24862">
<summary>
Send embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_embrace_dp_c_client_packets" lineno="24881">
<summary>
Do not audit attempts to send embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_embrace_dp_c_client_packets" lineno="24900">
<summary>
Receive embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_embrace_dp_c_client_packets" lineno="24919">
<summary>
Do not audit attempts to receive embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_embrace_dp_c_client_packets" lineno="24938">
<summary>
Send and receive embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_embrace_dp_c_client_packets" lineno="24954">
<summary>
Do not audit attempts to send and receive embrace_dp_c_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_embrace_dp_c_client_packets" lineno="24969">
<summary>
Relabel packets to embrace_dp_c_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_embrace_dp_c_server_packets" lineno="24989">
<summary>
Send embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_embrace_dp_c_server_packets" lineno="25008">
<summary>
Do not audit attempts to send embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_embrace_dp_c_server_packets" lineno="25027">
<summary>
Receive embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_embrace_dp_c_server_packets" lineno="25046">
<summary>
Do not audit attempts to receive embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_embrace_dp_c_server_packets" lineno="25065">
<summary>
Send and receive embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_embrace_dp_c_server_packets" lineno="25081">
<summary>
Do not audit attempts to send and receive embrace_dp_c_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_embrace_dp_c_server_packets" lineno="25096">
<summary>
Relabel packets to embrace_dp_c_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_epmap_port" lineno="25118">
<summary>
Send and receive TCP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_epmap_port" lineno="25133">
<summary>
Send UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_epmap_port" lineno="25148">
<summary>
Do not audit attempts to send UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_epmap_port" lineno="25163">
<summary>
Receive UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_epmap_port" lineno="25178">
<summary>
Do not audit attempts to receive UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_epmap_port" lineno="25193">
<summary>
Send and receive UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_epmap_port" lineno="25209">
<summary>
Do not audit attempts to send and receive
UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_epmap_port" lineno="25224">
<summary>
Bind TCP sockets to the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_epmap_port" lineno="25244">
<summary>
Bind UDP sockets to the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_epmap_port" lineno="25263">
<summary>
Make a TCP connection to the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_epmap_client_packets" lineno="25283">
<summary>
Send epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_epmap_client_packets" lineno="25302">
<summary>
Do not audit attempts to send epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_epmap_client_packets" lineno="25321">
<summary>
Receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_epmap_client_packets" lineno="25340">
<summary>
Do not audit attempts to receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_epmap_client_packets" lineno="25359">
<summary>
Send and receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_epmap_client_packets" lineno="25375">
<summary>
Do not audit attempts to send and receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_epmap_client_packets" lineno="25390">
<summary>
Relabel packets to epmap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_epmap_server_packets" lineno="25410">
<summary>
Send epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_epmap_server_packets" lineno="25429">
<summary>
Do not audit attempts to send epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_epmap_server_packets" lineno="25448">
<summary>
Receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_epmap_server_packets" lineno="25467">
<summary>
Do not audit attempts to receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_epmap_server_packets" lineno="25486">
<summary>
Send and receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_epmap_server_packets" lineno="25502">
<summary>
Do not audit attempts to send and receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_epmap_server_packets" lineno="25517">
<summary>
Relabel packets to epmap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_epmd_port" lineno="25539">
<summary>
Send and receive TCP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_epmd_port" lineno="25554">
<summary>
Send UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_epmd_port" lineno="25569">
<summary>
Do not audit attempts to send UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_epmd_port" lineno="25584">
<summary>
Receive UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_epmd_port" lineno="25599">
<summary>
Do not audit attempts to receive UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_epmd_port" lineno="25614">
<summary>
Send and receive UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_epmd_port" lineno="25630">
<summary>
Do not audit attempts to send and receive
UDP traffic on the epmd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_epmd_port" lineno="25645">
<summary>
Bind TCP sockets to the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_epmd_port" lineno="25665">
<summary>
Bind UDP sockets to the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_epmd_port" lineno="25684">
<summary>
Make a TCP connection to the epmd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_epmd_client_packets" lineno="25704">
<summary>
Send epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_epmd_client_packets" lineno="25723">
<summary>
Do not audit attempts to send epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_epmd_client_packets" lineno="25742">
<summary>
Receive epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_epmd_client_packets" lineno="25761">
<summary>
Do not audit attempts to receive epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_epmd_client_packets" lineno="25780">
<summary>
Send and receive epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_epmd_client_packets" lineno="25796">
<summary>
Do not audit attempts to send and receive epmd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_epmd_client_packets" lineno="25811">
<summary>
Relabel packets to epmd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_epmd_server_packets" lineno="25831">
<summary>
Send epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_epmd_server_packets" lineno="25850">
<summary>
Do not audit attempts to send epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_epmd_server_packets" lineno="25869">
<summary>
Receive epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_epmd_server_packets" lineno="25888">
<summary>
Do not audit attempts to receive epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_epmd_server_packets" lineno="25907">
<summary>
Send and receive epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_epmd_server_packets" lineno="25923">
<summary>
Do not audit attempts to send and receive epmd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_epmd_server_packets" lineno="25938">
<summary>
Relabel packets to epmd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_fingerd_port" lineno="25960">
<summary>
Send and receive TCP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_fingerd_port" lineno="25975">
<summary>
Send UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_fingerd_port" lineno="25990">
<summary>
Do not audit attempts to send UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_fingerd_port" lineno="26005">
<summary>
Receive UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_fingerd_port" lineno="26020">
<summary>
Do not audit attempts to receive UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_fingerd_port" lineno="26035">
<summary>
Send and receive UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_fingerd_port" lineno="26051">
<summary>
Do not audit attempts to send and receive
UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_fingerd_port" lineno="26066">
<summary>
Bind TCP sockets to the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_fingerd_port" lineno="26086">
<summary>
Bind UDP sockets to the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_fingerd_port" lineno="26105">
<summary>
Make a TCP connection to the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_fingerd_client_packets" lineno="26125">
<summary>
Send fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_fingerd_client_packets" lineno="26144">
<summary>
Do not audit attempts to send fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_fingerd_client_packets" lineno="26163">
<summary>
Receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_fingerd_client_packets" lineno="26182">
<summary>
Do not audit attempts to receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_fingerd_client_packets" lineno="26201">
<summary>
Send and receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_fingerd_client_packets" lineno="26217">
<summary>
Do not audit attempts to send and receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_fingerd_client_packets" lineno="26232">
<summary>
Relabel packets to fingerd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_fingerd_server_packets" lineno="26252">
<summary>
Send fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_fingerd_server_packets" lineno="26271">
<summary>
Do not audit attempts to send fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_fingerd_server_packets" lineno="26290">
<summary>
Receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_fingerd_server_packets" lineno="26309">
<summary>
Do not audit attempts to receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_fingerd_server_packets" lineno="26328">
<summary>
Send and receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_fingerd_server_packets" lineno="26344">
<summary>
Do not audit attempts to send and receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_fingerd_server_packets" lineno="26359">
<summary>
Relabel packets to fingerd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ftp_port" lineno="26381">
<summary>
Send and receive TCP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ftp_port" lineno="26396">
<summary>
Send UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ftp_port" lineno="26411">
<summary>
Do not audit attempts to send UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ftp_port" lineno="26426">
<summary>
Receive UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ftp_port" lineno="26441">
<summary>
Do not audit attempts to receive UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ftp_port" lineno="26456">
<summary>
Send and receive UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ftp_port" lineno="26472">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ftp_port" lineno="26487">
<summary>
Bind TCP sockets to the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ftp_port" lineno="26507">
<summary>
Bind UDP sockets to the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ftp_port" lineno="26526">
<summary>
Make a TCP connection to the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_client_packets" lineno="26546">
<summary>
Send ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_client_packets" lineno="26565">
<summary>
Do not audit attempts to send ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_client_packets" lineno="26584">
<summary>
Receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_client_packets" lineno="26603">
<summary>
Do not audit attempts to receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_client_packets" lineno="26622">
<summary>
Send and receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_client_packets" lineno="26638">
<summary>
Do not audit attempts to send and receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_client_packets" lineno="26653">
<summary>
Relabel packets to ftp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_server_packets" lineno="26673">
<summary>
Send ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_server_packets" lineno="26692">
<summary>
Do not audit attempts to send ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_server_packets" lineno="26711">
<summary>
Receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_server_packets" lineno="26730">
<summary>
Do not audit attempts to receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_server_packets" lineno="26749">
<summary>
Send and receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_server_packets" lineno="26765">
<summary>
Do not audit attempts to send and receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_server_packets" lineno="26780">
<summary>
Relabel packets to ftp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ftp_data_port" lineno="26802">
<summary>
Send and receive TCP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ftp_data_port" lineno="26817">
<summary>
Send UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ftp_data_port" lineno="26832">
<summary>
Do not audit attempts to send UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ftp_data_port" lineno="26847">
<summary>
Receive UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ftp_data_port" lineno="26862">
<summary>
Do not audit attempts to receive UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ftp_data_port" lineno="26877">
<summary>
Send and receive UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ftp_data_port" lineno="26893">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ftp_data_port" lineno="26908">
<summary>
Bind TCP sockets to the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ftp_data_port" lineno="26928">
<summary>
Bind UDP sockets to the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ftp_data_port" lineno="26947">
<summary>
Make a TCP connection to the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_data_client_packets" lineno="26967">
<summary>
Send ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_data_client_packets" lineno="26986">
<summary>
Do not audit attempts to send ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_data_client_packets" lineno="27005">
<summary>
Receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_data_client_packets" lineno="27024">
<summary>
Do not audit attempts to receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_data_client_packets" lineno="27043">
<summary>
Send and receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_data_client_packets" lineno="27059">
<summary>
Do not audit attempts to send and receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_data_client_packets" lineno="27074">
<summary>
Relabel packets to ftp_data_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_data_server_packets" lineno="27094">
<summary>
Send ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_data_server_packets" lineno="27113">
<summary>
Do not audit attempts to send ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_data_server_packets" lineno="27132">
<summary>
Receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_data_server_packets" lineno="27151">
<summary>
Do not audit attempts to receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_data_server_packets" lineno="27170">
<summary>
Send and receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_data_server_packets" lineno="27186">
<summary>
Do not audit attempts to send and receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_data_server_packets" lineno="27201">
<summary>
Relabel packets to ftp_data_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gatekeeper_port" lineno="27223">
<summary>
Send and receive TCP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gatekeeper_port" lineno="27238">
<summary>
Send UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gatekeeper_port" lineno="27253">
<summary>
Do not audit attempts to send UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gatekeeper_port" lineno="27268">
<summary>
Receive UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gatekeeper_port" lineno="27283">
<summary>
Do not audit attempts to receive UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gatekeeper_port" lineno="27298">
<summary>
Send and receive UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gatekeeper_port" lineno="27314">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gatekeeper_port" lineno="27329">
<summary>
Bind TCP sockets to the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gatekeeper_port" lineno="27349">
<summary>
Bind UDP sockets to the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gatekeeper_port" lineno="27368">
<summary>
Make a TCP connection to the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gatekeeper_client_packets" lineno="27388">
<summary>
Send gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gatekeeper_client_packets" lineno="27407">
<summary>
Do not audit attempts to send gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gatekeeper_client_packets" lineno="27426">
<summary>
Receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gatekeeper_client_packets" lineno="27445">
<summary>
Do not audit attempts to receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gatekeeper_client_packets" lineno="27464">
<summary>
Send and receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gatekeeper_client_packets" lineno="27480">
<summary>
Do not audit attempts to send and receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gatekeeper_client_packets" lineno="27495">
<summary>
Relabel packets to gatekeeper_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gatekeeper_server_packets" lineno="27515">
<summary>
Send gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gatekeeper_server_packets" lineno="27534">
<summary>
Do not audit attempts to send gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gatekeeper_server_packets" lineno="27553">
<summary>
Receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gatekeeper_server_packets" lineno="27572">
<summary>
Do not audit attempts to receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gatekeeper_server_packets" lineno="27591">
<summary>
Send and receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gatekeeper_server_packets" lineno="27607">
<summary>
Do not audit attempts to send and receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gatekeeper_server_packets" lineno="27622">
<summary>
Relabel packets to gatekeeper_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gdomap_port" lineno="27644">
<summary>
Send and receive TCP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gdomap_port" lineno="27659">
<summary>
Send UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gdomap_port" lineno="27674">
<summary>
Do not audit attempts to send UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gdomap_port" lineno="27689">
<summary>
Receive UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gdomap_port" lineno="27704">
<summary>
Do not audit attempts to receive UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gdomap_port" lineno="27719">
<summary>
Send and receive UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gdomap_port" lineno="27735">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gdomap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gdomap_port" lineno="27750">
<summary>
Bind TCP sockets to the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gdomap_port" lineno="27770">
<summary>
Bind UDP sockets to the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gdomap_port" lineno="27789">
<summary>
Make a TCP connection to the gdomap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gdomap_client_packets" lineno="27809">
<summary>
Send gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gdomap_client_packets" lineno="27828">
<summary>
Do not audit attempts to send gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gdomap_client_packets" lineno="27847">
<summary>
Receive gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gdomap_client_packets" lineno="27866">
<summary>
Do not audit attempts to receive gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gdomap_client_packets" lineno="27885">
<summary>
Send and receive gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gdomap_client_packets" lineno="27901">
<summary>
Do not audit attempts to send and receive gdomap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gdomap_client_packets" lineno="27916">
<summary>
Relabel packets to gdomap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gdomap_server_packets" lineno="27936">
<summary>
Send gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gdomap_server_packets" lineno="27955">
<summary>
Do not audit attempts to send gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gdomap_server_packets" lineno="27974">
<summary>
Receive gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gdomap_server_packets" lineno="27993">
<summary>
Do not audit attempts to receive gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gdomap_server_packets" lineno="28012">
<summary>
Send and receive gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gdomap_server_packets" lineno="28028">
<summary>
Do not audit attempts to send and receive gdomap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gdomap_server_packets" lineno="28043">
<summary>
Relabel packets to gdomap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gds_db_port" lineno="28065">
<summary>
Send and receive TCP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gds_db_port" lineno="28080">
<summary>
Send UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gds_db_port" lineno="28095">
<summary>
Do not audit attempts to send UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gds_db_port" lineno="28110">
<summary>
Receive UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gds_db_port" lineno="28125">
<summary>
Do not audit attempts to receive UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gds_db_port" lineno="28140">
<summary>
Send and receive UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gds_db_port" lineno="28156">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gds_db port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gds_db_port" lineno="28171">
<summary>
Bind TCP sockets to the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gds_db_port" lineno="28191">
<summary>
Bind UDP sockets to the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gds_db_port" lineno="28210">
<summary>
Make a TCP connection to the gds_db port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gds_db_client_packets" lineno="28230">
<summary>
Send gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gds_db_client_packets" lineno="28249">
<summary>
Do not audit attempts to send gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gds_db_client_packets" lineno="28268">
<summary>
Receive gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gds_db_client_packets" lineno="28287">
<summary>
Do not audit attempts to receive gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gds_db_client_packets" lineno="28306">
<summary>
Send and receive gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gds_db_client_packets" lineno="28322">
<summary>
Do not audit attempts to send and receive gds_db_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gds_db_client_packets" lineno="28337">
<summary>
Relabel packets to gds_db_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gds_db_server_packets" lineno="28357">
<summary>
Send gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gds_db_server_packets" lineno="28376">
<summary>
Do not audit attempts to send gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gds_db_server_packets" lineno="28395">
<summary>
Receive gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gds_db_server_packets" lineno="28414">
<summary>
Do not audit attempts to receive gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gds_db_server_packets" lineno="28433">
<summary>
Send and receive gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gds_db_server_packets" lineno="28449">
<summary>
Do not audit attempts to send and receive gds_db_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gds_db_server_packets" lineno="28464">
<summary>
Relabel packets to gds_db_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_git_port" lineno="28486">
<summary>
Send and receive TCP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_git_port" lineno="28501">
<summary>
Send UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_git_port" lineno="28516">
<summary>
Do not audit attempts to send UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_git_port" lineno="28531">
<summary>
Receive UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_git_port" lineno="28546">
<summary>
Do not audit attempts to receive UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_git_port" lineno="28561">
<summary>
Send and receive UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_git_port" lineno="28577">
<summary>
Do not audit attempts to send and receive
UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_git_port" lineno="28592">
<summary>
Bind TCP sockets to the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_git_port" lineno="28612">
<summary>
Bind UDP sockets to the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_git_port" lineno="28631">
<summary>
Make a TCP connection to the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_git_client_packets" lineno="28651">
<summary>
Send git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_git_client_packets" lineno="28670">
<summary>
Do not audit attempts to send git_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_git_client_packets" lineno="28689">
<summary>
Receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_git_client_packets" lineno="28708">
<summary>
Do not audit attempts to receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_git_client_packets" lineno="28727">
<summary>
Send and receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_git_client_packets" lineno="28743">
<summary>
Do not audit attempts to send and receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_git_client_packets" lineno="28758">
<summary>
Relabel packets to git_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_git_server_packets" lineno="28778">
<summary>
Send git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_git_server_packets" lineno="28797">
<summary>
Do not audit attempts to send git_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_git_server_packets" lineno="28816">
<summary>
Receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_git_server_packets" lineno="28835">
<summary>
Do not audit attempts to receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_git_server_packets" lineno="28854">
<summary>
Send and receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_git_server_packets" lineno="28870">
<summary>
Do not audit attempts to send and receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_git_server_packets" lineno="28885">
<summary>
Relabel packets to git_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_glance_registry_port" lineno="28907">
<summary>
Send and receive TCP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_glance_registry_port" lineno="28922">
<summary>
Send UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_glance_registry_port" lineno="28937">
<summary>
Do not audit attempts to send UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_glance_registry_port" lineno="28952">
<summary>
Receive UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_glance_registry_port" lineno="28967">
<summary>
Do not audit attempts to receive UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_glance_registry_port" lineno="28982">
<summary>
Send and receive UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_glance_registry_port" lineno="28998">
<summary>
Do not audit attempts to send and receive
UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_glance_registry_port" lineno="29013">
<summary>
Bind TCP sockets to the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_glance_registry_port" lineno="29033">
<summary>
Bind UDP sockets to the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_glance_registry_port" lineno="29052">
<summary>
Make a TCP connection to the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_glance_registry_client_packets" lineno="29072">
<summary>
Send glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_glance_registry_client_packets" lineno="29091">
<summary>
Do not audit attempts to send glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_glance_registry_client_packets" lineno="29110">
<summary>
Receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_glance_registry_client_packets" lineno="29129">
<summary>
Do not audit attempts to receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_glance_registry_client_packets" lineno="29148">
<summary>
Send and receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_glance_registry_client_packets" lineno="29164">
<summary>
Do not audit attempts to send and receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_glance_registry_client_packets" lineno="29179">
<summary>
Relabel packets to glance_registry_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_glance_registry_server_packets" lineno="29199">
<summary>
Send glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_glance_registry_server_packets" lineno="29218">
<summary>
Do not audit attempts to send glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_glance_registry_server_packets" lineno="29237">
<summary>
Receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_glance_registry_server_packets" lineno="29256">
<summary>
Do not audit attempts to receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_glance_registry_server_packets" lineno="29275">
<summary>
Send and receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_glance_registry_server_packets" lineno="29291">
<summary>
Do not audit attempts to send and receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_glance_registry_server_packets" lineno="29306">
<summary>
Relabel packets to glance_registry_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gopher_port" lineno="29328">
<summary>
Send and receive TCP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gopher_port" lineno="29343">
<summary>
Send UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gopher_port" lineno="29358">
<summary>
Do not audit attempts to send UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gopher_port" lineno="29373">
<summary>
Receive UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gopher_port" lineno="29388">
<summary>
Do not audit attempts to receive UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gopher_port" lineno="29403">
<summary>
Send and receive UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gopher_port" lineno="29419">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gopher_port" lineno="29434">
<summary>
Bind TCP sockets to the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gopher_port" lineno="29454">
<summary>
Bind UDP sockets to the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gopher_port" lineno="29473">
<summary>
Make a TCP connection to the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gopher_client_packets" lineno="29493">
<summary>
Send gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gopher_client_packets" lineno="29512">
<summary>
Do not audit attempts to send gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gopher_client_packets" lineno="29531">
<summary>
Receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gopher_client_packets" lineno="29550">
<summary>
Do not audit attempts to receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gopher_client_packets" lineno="29569">
<summary>
Send and receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gopher_client_packets" lineno="29585">
<summary>
Do not audit attempts to send and receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gopher_client_packets" lineno="29600">
<summary>
Relabel packets to gopher_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gopher_server_packets" lineno="29620">
<summary>
Send gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gopher_server_packets" lineno="29639">
<summary>
Do not audit attempts to send gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gopher_server_packets" lineno="29658">
<summary>
Receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gopher_server_packets" lineno="29677">
<summary>
Do not audit attempts to receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gopher_server_packets" lineno="29696">
<summary>
Send and receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gopher_server_packets" lineno="29712">
<summary>
Do not audit attempts to send and receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gopher_server_packets" lineno="29727">
<summary>
Relabel packets to gopher_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gpsd_port" lineno="29749">
<summary>
Send and receive TCP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gpsd_port" lineno="29764">
<summary>
Send UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gpsd_port" lineno="29779">
<summary>
Do not audit attempts to send UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gpsd_port" lineno="29794">
<summary>
Receive UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gpsd_port" lineno="29809">
<summary>
Do not audit attempts to receive UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gpsd_port" lineno="29824">
<summary>
Send and receive UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gpsd_port" lineno="29840">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gpsd_port" lineno="29855">
<summary>
Bind TCP sockets to the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gpsd_port" lineno="29875">
<summary>
Bind UDP sockets to the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gpsd_port" lineno="29894">
<summary>
Make a TCP connection to the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gpsd_client_packets" lineno="29914">
<summary>
Send gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gpsd_client_packets" lineno="29933">
<summary>
Do not audit attempts to send gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gpsd_client_packets" lineno="29952">
<summary>
Receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gpsd_client_packets" lineno="29971">
<summary>
Do not audit attempts to receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gpsd_client_packets" lineno="29990">
<summary>
Send and receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gpsd_client_packets" lineno="30006">
<summary>
Do not audit attempts to send and receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gpsd_client_packets" lineno="30021">
<summary>
Relabel packets to gpsd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gpsd_server_packets" lineno="30041">
<summary>
Send gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gpsd_server_packets" lineno="30060">
<summary>
Do not audit attempts to send gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gpsd_server_packets" lineno="30079">
<summary>
Receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gpsd_server_packets" lineno="30098">
<summary>
Do not audit attempts to receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gpsd_server_packets" lineno="30117">
<summary>
Send and receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gpsd_server_packets" lineno="30133">
<summary>
Do not audit attempts to send and receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gpsd_server_packets" lineno="30148">
<summary>
Relabel packets to gpsd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_hadoop_datanode_port" lineno="30170">
<summary>
Send and receive TCP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_hadoop_datanode_port" lineno="30185">
<summary>
Send UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_hadoop_datanode_port" lineno="30200">
<summary>
Do not audit attempts to send UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_hadoop_datanode_port" lineno="30215">
<summary>
Receive UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_hadoop_datanode_port" lineno="30230">
<summary>
Do not audit attempts to receive UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_hadoop_datanode_port" lineno="30245">
<summary>
Send and receive UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_hadoop_datanode_port" lineno="30261">
<summary>
Do not audit attempts to send and receive
UDP traffic on the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_hadoop_datanode_port" lineno="30276">
<summary>
Bind TCP sockets to the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_hadoop_datanode_port" lineno="30296">
<summary>
Bind UDP sockets to the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_hadoop_datanode_port" lineno="30315">
<summary>
Make a TCP connection to the hadoop_datanode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hadoop_datanode_client_packets" lineno="30335">
<summary>
Send hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hadoop_datanode_client_packets" lineno="30354">
<summary>
Do not audit attempts to send hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hadoop_datanode_client_packets" lineno="30373">
<summary>
Receive hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hadoop_datanode_client_packets" lineno="30392">
<summary>
Do not audit attempts to receive hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hadoop_datanode_client_packets" lineno="30411">
<summary>
Send and receive hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hadoop_datanode_client_packets" lineno="30427">
<summary>
Do not audit attempts to send and receive hadoop_datanode_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hadoop_datanode_client_packets" lineno="30442">
<summary>
Relabel packets to hadoop_datanode_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hadoop_datanode_server_packets" lineno="30462">
<summary>
Send hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hadoop_datanode_server_packets" lineno="30481">
<summary>
Do not audit attempts to send hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hadoop_datanode_server_packets" lineno="30500">
<summary>
Receive hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hadoop_datanode_server_packets" lineno="30519">
<summary>
Do not audit attempts to receive hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hadoop_datanode_server_packets" lineno="30538">
<summary>
Send and receive hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hadoop_datanode_server_packets" lineno="30554">
<summary>
Do not audit attempts to send and receive hadoop_datanode_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hadoop_datanode_server_packets" lineno="30569">
<summary>
Relabel packets to hadoop_datanode_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_hadoop_namenode_port" lineno="30591">
<summary>
Send and receive TCP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_hadoop_namenode_port" lineno="30606">
<summary>
Send UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_hadoop_namenode_port" lineno="30621">
<summary>
Do not audit attempts to send UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_hadoop_namenode_port" lineno="30636">
<summary>
Receive UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_hadoop_namenode_port" lineno="30651">
<summary>
Do not audit attempts to receive UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_hadoop_namenode_port" lineno="30666">
<summary>
Send and receive UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_hadoop_namenode_port" lineno="30682">
<summary>
Do not audit attempts to send and receive
UDP traffic on the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_hadoop_namenode_port" lineno="30697">
<summary>
Bind TCP sockets to the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_hadoop_namenode_port" lineno="30717">
<summary>
Bind UDP sockets to the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_hadoop_namenode_port" lineno="30736">
<summary>
Make a TCP connection to the hadoop_namenode port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hadoop_namenode_client_packets" lineno="30756">
<summary>
Send hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hadoop_namenode_client_packets" lineno="30775">
<summary>
Do not audit attempts to send hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hadoop_namenode_client_packets" lineno="30794">
<summary>
Receive hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hadoop_namenode_client_packets" lineno="30813">
<summary>
Do not audit attempts to receive hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hadoop_namenode_client_packets" lineno="30832">
<summary>
Send and receive hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hadoop_namenode_client_packets" lineno="30848">
<summary>
Do not audit attempts to send and receive hadoop_namenode_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hadoop_namenode_client_packets" lineno="30863">
<summary>
Relabel packets to hadoop_namenode_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hadoop_namenode_server_packets" lineno="30883">
<summary>
Send hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hadoop_namenode_server_packets" lineno="30902">
<summary>
Do not audit attempts to send hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hadoop_namenode_server_packets" lineno="30921">
<summary>
Receive hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hadoop_namenode_server_packets" lineno="30940">
<summary>
Do not audit attempts to receive hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hadoop_namenode_server_packets" lineno="30959">
<summary>
Send and receive hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hadoop_namenode_server_packets" lineno="30975">
<summary>
Do not audit attempts to send and receive hadoop_namenode_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hadoop_namenode_server_packets" lineno="30990">
<summary>
Relabel packets to hadoop_namenode_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_hddtemp_port" lineno="31012">
<summary>
Send and receive TCP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_hddtemp_port" lineno="31027">
<summary>
Send UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_hddtemp_port" lineno="31042">
<summary>
Do not audit attempts to send UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_hddtemp_port" lineno="31057">
<summary>
Receive UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_hddtemp_port" lineno="31072">
<summary>
Do not audit attempts to receive UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_hddtemp_port" lineno="31087">
<summary>
Send and receive UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_hddtemp_port" lineno="31103">
<summary>
Do not audit attempts to send and receive
UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_hddtemp_port" lineno="31118">
<summary>
Bind TCP sockets to the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_hddtemp_port" lineno="31138">
<summary>
Bind UDP sockets to the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_hddtemp_port" lineno="31157">
<summary>
Make a TCP connection to the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hddtemp_client_packets" lineno="31177">
<summary>
Send hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hddtemp_client_packets" lineno="31196">
<summary>
Do not audit attempts to send hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hddtemp_client_packets" lineno="31215">
<summary>
Receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hddtemp_client_packets" lineno="31234">
<summary>
Do not audit attempts to receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hddtemp_client_packets" lineno="31253">
<summary>
Send and receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hddtemp_client_packets" lineno="31269">
<summary>
Do not audit attempts to send and receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hddtemp_client_packets" lineno="31284">
<summary>
Relabel packets to hddtemp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hddtemp_server_packets" lineno="31304">
<summary>
Send hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hddtemp_server_packets" lineno="31323">
<summary>
Do not audit attempts to send hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hddtemp_server_packets" lineno="31342">
<summary>
Receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hddtemp_server_packets" lineno="31361">
<summary>
Do not audit attempts to receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hddtemp_server_packets" lineno="31380">
<summary>
Send and receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hddtemp_server_packets" lineno="31396">
<summary>
Do not audit attempts to send and receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hddtemp_server_packets" lineno="31411">
<summary>
Relabel packets to hddtemp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_howl_port" lineno="31433">
<summary>
Send and receive TCP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_howl_port" lineno="31448">
<summary>
Send UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_howl_port" lineno="31463">
<summary>
Do not audit attempts to send UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_howl_port" lineno="31478">
<summary>
Receive UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_howl_port" lineno="31493">
<summary>
Do not audit attempts to receive UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_howl_port" lineno="31508">
<summary>
Send and receive UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_howl_port" lineno="31524">
<summary>
Do not audit attempts to send and receive
UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_howl_port" lineno="31539">
<summary>
Bind TCP sockets to the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_howl_port" lineno="31559">
<summary>
Bind UDP sockets to the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_howl_port" lineno="31578">
<summary>
Make a TCP connection to the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_howl_client_packets" lineno="31598">
<summary>
Send howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_howl_client_packets" lineno="31617">
<summary>
Do not audit attempts to send howl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_howl_client_packets" lineno="31636">
<summary>
Receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_howl_client_packets" lineno="31655">
<summary>
Do not audit attempts to receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_howl_client_packets" lineno="31674">
<summary>
Send and receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_howl_client_packets" lineno="31690">
<summary>
Do not audit attempts to send and receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_howl_client_packets" lineno="31705">
<summary>
Relabel packets to howl_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_howl_server_packets" lineno="31725">
<summary>
Send howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_howl_server_packets" lineno="31744">
<summary>
Do not audit attempts to send howl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_howl_server_packets" lineno="31763">
<summary>
Receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_howl_server_packets" lineno="31782">
<summary>
Do not audit attempts to receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_howl_server_packets" lineno="31801">
<summary>
Send and receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_howl_server_packets" lineno="31817">
<summary>
Do not audit attempts to send and receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_howl_server_packets" lineno="31832">
<summary>
Relabel packets to howl_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_hplip_port" lineno="31854">
<summary>
Send and receive TCP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_hplip_port" lineno="31869">
<summary>
Send UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_hplip_port" lineno="31884">
<summary>
Do not audit attempts to send UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_hplip_port" lineno="31899">
<summary>
Receive UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_hplip_port" lineno="31914">
<summary>
Do not audit attempts to receive UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_hplip_port" lineno="31929">
<summary>
Send and receive UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_hplip_port" lineno="31945">
<summary>
Do not audit attempts to send and receive
UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_hplip_port" lineno="31960">
<summary>
Bind TCP sockets to the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_hplip_port" lineno="31980">
<summary>
Bind UDP sockets to the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_hplip_port" lineno="31999">
<summary>
Make a TCP connection to the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hplip_client_packets" lineno="32019">
<summary>
Send hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hplip_client_packets" lineno="32038">
<summary>
Do not audit attempts to send hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hplip_client_packets" lineno="32057">
<summary>
Receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hplip_client_packets" lineno="32076">
<summary>
Do not audit attempts to receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hplip_client_packets" lineno="32095">
<summary>
Send and receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hplip_client_packets" lineno="32111">
<summary>
Do not audit attempts to send and receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hplip_client_packets" lineno="32126">
<summary>
Relabel packets to hplip_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hplip_server_packets" lineno="32146">
<summary>
Send hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hplip_server_packets" lineno="32165">
<summary>
Do not audit attempts to send hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hplip_server_packets" lineno="32184">
<summary>
Receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hplip_server_packets" lineno="32203">
<summary>
Do not audit attempts to receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hplip_server_packets" lineno="32222">
<summary>
Send and receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hplip_server_packets" lineno="32238">
<summary>
Do not audit attempts to send and receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hplip_server_packets" lineno="32253">
<summary>
Relabel packets to hplip_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_http_port" lineno="32275">
<summary>
Send and receive TCP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_http_port" lineno="32290">
<summary>
Send UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_http_port" lineno="32305">
<summary>
Do not audit attempts to send UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_http_port" lineno="32320">
<summary>
Receive UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_http_port" lineno="32335">
<summary>
Do not audit attempts to receive UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_http_port" lineno="32350">
<summary>
Send and receive UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_http_port" lineno="32366">
<summary>
Do not audit attempts to send and receive
UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_http_port" lineno="32381">
<summary>
Bind TCP sockets to the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_http_port" lineno="32401">
<summary>
Bind UDP sockets to the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_http_port" lineno="32420">
<summary>
Make a TCP connection to the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_client_packets" lineno="32440">
<summary>
Send http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_client_packets" lineno="32459">
<summary>
Do not audit attempts to send http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_client_packets" lineno="32478">
<summary>
Receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_client_packets" lineno="32497">
<summary>
Do not audit attempts to receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_client_packets" lineno="32516">
<summary>
Send and receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_client_packets" lineno="32532">
<summary>
Do not audit attempts to send and receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_client_packets" lineno="32547">
<summary>
Relabel packets to http_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_server_packets" lineno="32567">
<summary>
Send http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_server_packets" lineno="32586">
<summary>
Do not audit attempts to send http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_server_packets" lineno="32605">
<summary>
Receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_server_packets" lineno="32624">
<summary>
Do not audit attempts to receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_server_packets" lineno="32643">
<summary>
Send and receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_server_packets" lineno="32659">
<summary>
Do not audit attempts to send and receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_server_packets" lineno="32674">
<summary>
Relabel packets to http_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_http_cache_port" lineno="32696">
<summary>
Send and receive TCP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_http_cache_port" lineno="32711">
<summary>
Send UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_http_cache_port" lineno="32726">
<summary>
Do not audit attempts to send UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_http_cache_port" lineno="32741">
<summary>
Receive UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_http_cache_port" lineno="32756">
<summary>
Do not audit attempts to receive UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_http_cache_port" lineno="32771">
<summary>
Send and receive UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_http_cache_port" lineno="32787">
<summary>
Do not audit attempts to send and receive
UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_http_cache_port" lineno="32802">
<summary>
Bind TCP sockets to the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_http_cache_port" lineno="32822">
<summary>
Bind UDP sockets to the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_http_cache_port" lineno="32841">
<summary>
Make a TCP connection to the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_cache_client_packets" lineno="32861">
<summary>
Send http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_cache_client_packets" lineno="32880">
<summary>
Do not audit attempts to send http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_cache_client_packets" lineno="32899">
<summary>
Receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_cache_client_packets" lineno="32918">
<summary>
Do not audit attempts to receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_cache_client_packets" lineno="32937">
<summary>
Send and receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_cache_client_packets" lineno="32953">
<summary>
Do not audit attempts to send and receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_cache_client_packets" lineno="32968">
<summary>
Relabel packets to http_cache_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_cache_server_packets" lineno="32988">
<summary>
Send http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_cache_server_packets" lineno="33007">
<summary>
Do not audit attempts to send http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_cache_server_packets" lineno="33026">
<summary>
Receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_cache_server_packets" lineno="33045">
<summary>
Do not audit attempts to receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_cache_server_packets" lineno="33064">
<summary>
Send and receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_cache_server_packets" lineno="33080">
<summary>
Do not audit attempts to send and receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_cache_server_packets" lineno="33095">
<summary>
Relabel packets to http_cache_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_i18n_input_port" lineno="33117">
<summary>
Send and receive TCP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_i18n_input_port" lineno="33132">
<summary>
Send UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_i18n_input_port" lineno="33147">
<summary>
Do not audit attempts to send UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_i18n_input_port" lineno="33162">
<summary>
Receive UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_i18n_input_port" lineno="33177">
<summary>
Do not audit attempts to receive UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_i18n_input_port" lineno="33192">
<summary>
Send and receive UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_i18n_input_port" lineno="33208">
<summary>
Do not audit attempts to send and receive
UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_i18n_input_port" lineno="33223">
<summary>
Bind TCP sockets to the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_i18n_input_port" lineno="33243">
<summary>
Bind UDP sockets to the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_i18n_input_port" lineno="33262">
<summary>
Make a TCP connection to the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_i18n_input_client_packets" lineno="33282">
<summary>
Send i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_i18n_input_client_packets" lineno="33301">
<summary>
Do not audit attempts to send i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_i18n_input_client_packets" lineno="33320">
<summary>
Receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_i18n_input_client_packets" lineno="33339">
<summary>
Do not audit attempts to receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_i18n_input_client_packets" lineno="33358">
<summary>
Send and receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_i18n_input_client_packets" lineno="33374">
<summary>
Do not audit attempts to send and receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_i18n_input_client_packets" lineno="33389">
<summary>
Relabel packets to i18n_input_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_i18n_input_server_packets" lineno="33409">
<summary>
Send i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_i18n_input_server_packets" lineno="33428">
<summary>
Do not audit attempts to send i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_i18n_input_server_packets" lineno="33447">
<summary>
Receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_i18n_input_server_packets" lineno="33466">
<summary>
Do not audit attempts to receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_i18n_input_server_packets" lineno="33485">
<summary>
Send and receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_i18n_input_server_packets" lineno="33501">
<summary>
Do not audit attempts to send and receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_i18n_input_server_packets" lineno="33516">
<summary>
Relabel packets to i18n_input_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_imaze_port" lineno="33538">
<summary>
Send and receive TCP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_imaze_port" lineno="33553">
<summary>
Send UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_imaze_port" lineno="33568">
<summary>
Do not audit attempts to send UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_imaze_port" lineno="33583">
<summary>
Receive UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_imaze_port" lineno="33598">
<summary>
Do not audit attempts to receive UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_imaze_port" lineno="33613">
<summary>
Send and receive UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_imaze_port" lineno="33629">
<summary>
Do not audit attempts to send and receive
UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_imaze_port" lineno="33644">
<summary>
Bind TCP sockets to the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_imaze_port" lineno="33664">
<summary>
Bind UDP sockets to the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_imaze_port" lineno="33683">
<summary>
Make a TCP connection to the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_imaze_client_packets" lineno="33703">
<summary>
Send imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_imaze_client_packets" lineno="33722">
<summary>
Do not audit attempts to send imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_imaze_client_packets" lineno="33741">
<summary>
Receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_imaze_client_packets" lineno="33760">
<summary>
Do not audit attempts to receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_imaze_client_packets" lineno="33779">
<summary>
Send and receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_imaze_client_packets" lineno="33795">
<summary>
Do not audit attempts to send and receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_imaze_client_packets" lineno="33810">
<summary>
Relabel packets to imaze_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_imaze_server_packets" lineno="33830">
<summary>
Send imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_imaze_server_packets" lineno="33849">
<summary>
Do not audit attempts to send imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_imaze_server_packets" lineno="33868">
<summary>
Receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_imaze_server_packets" lineno="33887">
<summary>
Do not audit attempts to receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_imaze_server_packets" lineno="33906">
<summary>
Send and receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_imaze_server_packets" lineno="33922">
<summary>
Do not audit attempts to send and receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_imaze_server_packets" lineno="33937">
<summary>
Relabel packets to imaze_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_inetd_child_port" lineno="33959">
<summary>
Send and receive TCP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_inetd_child_port" lineno="33974">
<summary>
Send UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_inetd_child_port" lineno="33989">
<summary>
Do not audit attempts to send UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_inetd_child_port" lineno="34004">
<summary>
Receive UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_inetd_child_port" lineno="34019">
<summary>
Do not audit attempts to receive UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_inetd_child_port" lineno="34034">
<summary>
Send and receive UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_inetd_child_port" lineno="34050">
<summary>
Do not audit attempts to send and receive
UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_inetd_child_port" lineno="34065">
<summary>
Bind TCP sockets to the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_inetd_child_port" lineno="34085">
<summary>
Bind UDP sockets to the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_inetd_child_port" lineno="34104">
<summary>
Make a TCP connection to the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_inetd_child_client_packets" lineno="34124">
<summary>
Send inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_inetd_child_client_packets" lineno="34143">
<summary>
Do not audit attempts to send inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_inetd_child_client_packets" lineno="34162">
<summary>
Receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_inetd_child_client_packets" lineno="34181">
<summary>
Do not audit attempts to receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_inetd_child_client_packets" lineno="34200">
<summary>
Send and receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_inetd_child_client_packets" lineno="34216">
<summary>
Do not audit attempts to send and receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_inetd_child_client_packets" lineno="34231">
<summary>
Relabel packets to inetd_child_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_inetd_child_server_packets" lineno="34251">
<summary>
Send inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_inetd_child_server_packets" lineno="34270">
<summary>
Do not audit attempts to send inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_inetd_child_server_packets" lineno="34289">
<summary>
Receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_inetd_child_server_packets" lineno="34308">
<summary>
Do not audit attempts to receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_inetd_child_server_packets" lineno="34327">
<summary>
Send and receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_inetd_child_server_packets" lineno="34343">
<summary>
Do not audit attempts to send and receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_inetd_child_server_packets" lineno="34358">
<summary>
Relabel packets to inetd_child_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_innd_port" lineno="34380">
<summary>
Send and receive TCP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_innd_port" lineno="34395">
<summary>
Send UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_innd_port" lineno="34410">
<summary>
Do not audit attempts to send UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_innd_port" lineno="34425">
<summary>
Receive UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_innd_port" lineno="34440">
<summary>
Do not audit attempts to receive UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_innd_port" lineno="34455">
<summary>
Send and receive UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_innd_port" lineno="34471">
<summary>
Do not audit attempts to send and receive
UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_innd_port" lineno="34486">
<summary>
Bind TCP sockets to the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_innd_port" lineno="34506">
<summary>
Bind UDP sockets to the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_innd_port" lineno="34525">
<summary>
Make a TCP connection to the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_innd_client_packets" lineno="34545">
<summary>
Send innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_innd_client_packets" lineno="34564">
<summary>
Do not audit attempts to send innd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_innd_client_packets" lineno="34583">
<summary>
Receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_innd_client_packets" lineno="34602">
<summary>
Do not audit attempts to receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_innd_client_packets" lineno="34621">
<summary>
Send and receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_innd_client_packets" lineno="34637">
<summary>
Do not audit attempts to send and receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_innd_client_packets" lineno="34652">
<summary>
Relabel packets to innd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_innd_server_packets" lineno="34672">
<summary>
Send innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_innd_server_packets" lineno="34691">
<summary>
Do not audit attempts to send innd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_innd_server_packets" lineno="34710">
<summary>
Receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_innd_server_packets" lineno="34729">
<summary>
Do not audit attempts to receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_innd_server_packets" lineno="34748">
<summary>
Send and receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_innd_server_packets" lineno="34764">
<summary>
Do not audit attempts to send and receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_innd_server_packets" lineno="34779">
<summary>
Relabel packets to innd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_interwise_port" lineno="34801">
<summary>
Send and receive TCP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_interwise_port" lineno="34816">
<summary>
Send UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_interwise_port" lineno="34831">
<summary>
Do not audit attempts to send UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_interwise_port" lineno="34846">
<summary>
Receive UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_interwise_port" lineno="34861">
<summary>
Do not audit attempts to receive UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_interwise_port" lineno="34876">
<summary>
Send and receive UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_interwise_port" lineno="34892">
<summary>
Do not audit attempts to send and receive
UDP traffic on the interwise port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_interwise_port" lineno="34907">
<summary>
Bind TCP sockets to the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_interwise_port" lineno="34927">
<summary>
Bind UDP sockets to the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_interwise_port" lineno="34946">
<summary>
Make a TCP connection to the interwise port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_interwise_client_packets" lineno="34966">
<summary>
Send interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_interwise_client_packets" lineno="34985">
<summary>
Do not audit attempts to send interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_interwise_client_packets" lineno="35004">
<summary>
Receive interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_interwise_client_packets" lineno="35023">
<summary>
Do not audit attempts to receive interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_interwise_client_packets" lineno="35042">
<summary>
Send and receive interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_interwise_client_packets" lineno="35058">
<summary>
Do not audit attempts to send and receive interwise_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_interwise_client_packets" lineno="35073">
<summary>
Relabel packets to interwise_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_interwise_server_packets" lineno="35093">
<summary>
Send interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_interwise_server_packets" lineno="35112">
<summary>
Do not audit attempts to send interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_interwise_server_packets" lineno="35131">
<summary>
Receive interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_interwise_server_packets" lineno="35150">
<summary>
Do not audit attempts to receive interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_interwise_server_packets" lineno="35169">
<summary>
Send and receive interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_interwise_server_packets" lineno="35185">
<summary>
Do not audit attempts to send and receive interwise_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_interwise_server_packets" lineno="35200">
<summary>
Relabel packets to interwise_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ionixnetmon_port" lineno="35222">
<summary>
Send and receive TCP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ionixnetmon_port" lineno="35237">
<summary>
Send UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ionixnetmon_port" lineno="35252">
<summary>
Do not audit attempts to send UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ionixnetmon_port" lineno="35267">
<summary>
Receive UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ionixnetmon_port" lineno="35282">
<summary>
Do not audit attempts to receive UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ionixnetmon_port" lineno="35297">
<summary>
Send and receive UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ionixnetmon_port" lineno="35313">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ionixnetmon_port" lineno="35328">
<summary>
Bind TCP sockets to the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ionixnetmon_port" lineno="35348">
<summary>
Bind UDP sockets to the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ionixnetmon_port" lineno="35367">
<summary>
Make a TCP connection to the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ionixnetmon_client_packets" lineno="35387">
<summary>
Send ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ionixnetmon_client_packets" lineno="35406">
<summary>
Do not audit attempts to send ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ionixnetmon_client_packets" lineno="35425">
<summary>
Receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ionixnetmon_client_packets" lineno="35444">
<summary>
Do not audit attempts to receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ionixnetmon_client_packets" lineno="35463">
<summary>
Send and receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ionixnetmon_client_packets" lineno="35479">
<summary>
Do not audit attempts to send and receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ionixnetmon_client_packets" lineno="35494">
<summary>
Relabel packets to ionixnetmon_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ionixnetmon_server_packets" lineno="35514">
<summary>
Send ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ionixnetmon_server_packets" lineno="35533">
<summary>
Do not audit attempts to send ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ionixnetmon_server_packets" lineno="35552">
<summary>
Receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ionixnetmon_server_packets" lineno="35571">
<summary>
Do not audit attempts to receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ionixnetmon_server_packets" lineno="35590">
<summary>
Send and receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ionixnetmon_server_packets" lineno="35606">
<summary>
Do not audit attempts to send and receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ionixnetmon_server_packets" lineno="35621">
<summary>
Relabel packets to ionixnetmon_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ipmi_port" lineno="35643">
<summary>
Send and receive TCP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ipmi_port" lineno="35658">
<summary>
Send UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ipmi_port" lineno="35673">
<summary>
Do not audit attempts to send UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ipmi_port" lineno="35688">
<summary>
Receive UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ipmi_port" lineno="35703">
<summary>
Do not audit attempts to receive UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ipmi_port" lineno="35718">
<summary>
Send and receive UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ipmi_port" lineno="35734">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ipmi_port" lineno="35749">
<summary>
Bind TCP sockets to the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ipmi_port" lineno="35769">
<summary>
Bind UDP sockets to the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ipmi_port" lineno="35788">
<summary>
Make a TCP connection to the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipmi_client_packets" lineno="35808">
<summary>
Send ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipmi_client_packets" lineno="35827">
<summary>
Do not audit attempts to send ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipmi_client_packets" lineno="35846">
<summary>
Receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipmi_client_packets" lineno="35865">
<summary>
Do not audit attempts to receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipmi_client_packets" lineno="35884">
<summary>
Send and receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipmi_client_packets" lineno="35900">
<summary>
Do not audit attempts to send and receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipmi_client_packets" lineno="35915">
<summary>
Relabel packets to ipmi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipmi_server_packets" lineno="35935">
<summary>
Send ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipmi_server_packets" lineno="35954">
<summary>
Do not audit attempts to send ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipmi_server_packets" lineno="35973">
<summary>
Receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipmi_server_packets" lineno="35992">
<summary>
Do not audit attempts to receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipmi_server_packets" lineno="36011">
<summary>
Send and receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipmi_server_packets" lineno="36027">
<summary>
Do not audit attempts to send and receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipmi_server_packets" lineno="36042">
<summary>
Relabel packets to ipmi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ipp_port" lineno="36064">
<summary>
Send and receive TCP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ipp_port" lineno="36079">
<summary>
Send UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ipp_port" lineno="36094">
<summary>
Do not audit attempts to send UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ipp_port" lineno="36109">
<summary>
Receive UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ipp_port" lineno="36124">
<summary>
Do not audit attempts to receive UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ipp_port" lineno="36139">
<summary>
Send and receive UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ipp_port" lineno="36155">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ipp_port" lineno="36170">
<summary>
Bind TCP sockets to the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ipp_port" lineno="36190">
<summary>
Bind UDP sockets to the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ipp_port" lineno="36209">
<summary>
Make a TCP connection to the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipp_client_packets" lineno="36229">
<summary>
Send ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipp_client_packets" lineno="36248">
<summary>
Do not audit attempts to send ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipp_client_packets" lineno="36267">
<summary>
Receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipp_client_packets" lineno="36286">
<summary>
Do not audit attempts to receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipp_client_packets" lineno="36305">
<summary>
Send and receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipp_client_packets" lineno="36321">
<summary>
Do not audit attempts to send and receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipp_client_packets" lineno="36336">
<summary>
Relabel packets to ipp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipp_server_packets" lineno="36356">
<summary>
Send ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipp_server_packets" lineno="36375">
<summary>
Do not audit attempts to send ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipp_server_packets" lineno="36394">
<summary>
Receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipp_server_packets" lineno="36413">
<summary>
Do not audit attempts to receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipp_server_packets" lineno="36432">
<summary>
Send and receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipp_server_packets" lineno="36448">
<summary>
Do not audit attempts to send and receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipp_server_packets" lineno="36463">
<summary>
Relabel packets to ipp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ipsecnat_port" lineno="36485">
<summary>
Send and receive TCP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ipsecnat_port" lineno="36500">
<summary>
Send UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ipsecnat_port" lineno="36515">
<summary>
Do not audit attempts to send UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ipsecnat_port" lineno="36530">
<summary>
Receive UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ipsecnat_port" lineno="36545">
<summary>
Do not audit attempts to receive UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ipsecnat_port" lineno="36560">
<summary>
Send and receive UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ipsecnat_port" lineno="36576">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ipsecnat_port" lineno="36591">
<summary>
Bind TCP sockets to the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ipsecnat_port" lineno="36611">
<summary>
Bind UDP sockets to the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ipsecnat_port" lineno="36630">
<summary>
Make a TCP connection to the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipsecnat_client_packets" lineno="36650">
<summary>
Send ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipsecnat_client_packets" lineno="36669">
<summary>
Do not audit attempts to send ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipsecnat_client_packets" lineno="36688">
<summary>
Receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipsecnat_client_packets" lineno="36707">
<summary>
Do not audit attempts to receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipsecnat_client_packets" lineno="36726">
<summary>
Send and receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipsecnat_client_packets" lineno="36742">
<summary>
Do not audit attempts to send and receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipsecnat_client_packets" lineno="36757">
<summary>
Relabel packets to ipsecnat_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipsecnat_server_packets" lineno="36777">
<summary>
Send ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipsecnat_server_packets" lineno="36796">
<summary>
Do not audit attempts to send ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipsecnat_server_packets" lineno="36815">
<summary>
Receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipsecnat_server_packets" lineno="36834">
<summary>
Do not audit attempts to receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipsecnat_server_packets" lineno="36853">
<summary>
Send and receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipsecnat_server_packets" lineno="36869">
<summary>
Do not audit attempts to send and receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipsecnat_server_packets" lineno="36884">
<summary>
Relabel packets to ipsecnat_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ircd_port" lineno="36906">
<summary>
Send and receive TCP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ircd_port" lineno="36921">
<summary>
Send UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ircd_port" lineno="36936">
<summary>
Do not audit attempts to send UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ircd_port" lineno="36951">
<summary>
Receive UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ircd_port" lineno="36966">
<summary>
Do not audit attempts to receive UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ircd_port" lineno="36981">
<summary>
Send and receive UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ircd_port" lineno="36997">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ircd_port" lineno="37012">
<summary>
Bind TCP sockets to the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ircd_port" lineno="37032">
<summary>
Bind UDP sockets to the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ircd_port" lineno="37051">
<summary>
Make a TCP connection to the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ircd_client_packets" lineno="37071">
<summary>
Send ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ircd_client_packets" lineno="37090">
<summary>
Do not audit attempts to send ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ircd_client_packets" lineno="37109">
<summary>
Receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ircd_client_packets" lineno="37128">
<summary>
Do not audit attempts to receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ircd_client_packets" lineno="37147">
<summary>
Send and receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ircd_client_packets" lineno="37163">
<summary>
Do not audit attempts to send and receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ircd_client_packets" lineno="37178">
<summary>
Relabel packets to ircd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ircd_server_packets" lineno="37198">
<summary>
Send ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ircd_server_packets" lineno="37217">
<summary>
Do not audit attempts to send ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ircd_server_packets" lineno="37236">
<summary>
Receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ircd_server_packets" lineno="37255">
<summary>
Do not audit attempts to receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ircd_server_packets" lineno="37274">
<summary>
Send and receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ircd_server_packets" lineno="37290">
<summary>
Do not audit attempts to send and receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ircd_server_packets" lineno="37305">
<summary>
Relabel packets to ircd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_isakmp_port" lineno="37327">
<summary>
Send and receive TCP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_isakmp_port" lineno="37342">
<summary>
Send UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_isakmp_port" lineno="37357">
<summary>
Do not audit attempts to send UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_isakmp_port" lineno="37372">
<summary>
Receive UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_isakmp_port" lineno="37387">
<summary>
Do not audit attempts to receive UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_isakmp_port" lineno="37402">
<summary>
Send and receive UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_isakmp_port" lineno="37418">
<summary>
Do not audit attempts to send and receive
UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_isakmp_port" lineno="37433">
<summary>
Bind TCP sockets to the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_isakmp_port" lineno="37453">
<summary>
Bind UDP sockets to the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_isakmp_port" lineno="37472">
<summary>
Make a TCP connection to the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isakmp_client_packets" lineno="37492">
<summary>
Send isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isakmp_client_packets" lineno="37511">
<summary>
Do not audit attempts to send isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isakmp_client_packets" lineno="37530">
<summary>
Receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isakmp_client_packets" lineno="37549">
<summary>
Do not audit attempts to receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isakmp_client_packets" lineno="37568">
<summary>
Send and receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isakmp_client_packets" lineno="37584">
<summary>
Do not audit attempts to send and receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isakmp_client_packets" lineno="37599">
<summary>
Relabel packets to isakmp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isakmp_server_packets" lineno="37619">
<summary>
Send isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isakmp_server_packets" lineno="37638">
<summary>
Do not audit attempts to send isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isakmp_server_packets" lineno="37657">
<summary>
Receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isakmp_server_packets" lineno="37676">
<summary>
Do not audit attempts to receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isakmp_server_packets" lineno="37695">
<summary>
Send and receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isakmp_server_packets" lineno="37711">
<summary>
Do not audit attempts to send and receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isakmp_server_packets" lineno="37726">
<summary>
Relabel packets to isakmp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_iscsi_port" lineno="37748">
<summary>
Send and receive TCP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_iscsi_port" lineno="37763">
<summary>
Send UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_iscsi_port" lineno="37778">
<summary>
Do not audit attempts to send UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_iscsi_port" lineno="37793">
<summary>
Receive UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_iscsi_port" lineno="37808">
<summary>
Do not audit attempts to receive UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_iscsi_port" lineno="37823">
<summary>
Send and receive UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_iscsi_port" lineno="37839">
<summary>
Do not audit attempts to send and receive
UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_iscsi_port" lineno="37854">
<summary>
Bind TCP sockets to the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_iscsi_port" lineno="37874">
<summary>
Bind UDP sockets to the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_iscsi_port" lineno="37893">
<summary>
Make a TCP connection to the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_iscsi_client_packets" lineno="37913">
<summary>
Send iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_iscsi_client_packets" lineno="37932">
<summary>
Do not audit attempts to send iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_iscsi_client_packets" lineno="37951">
<summary>
Receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_iscsi_client_packets" lineno="37970">
<summary>
Do not audit attempts to receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_iscsi_client_packets" lineno="37989">
<summary>
Send and receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_iscsi_client_packets" lineno="38005">
<summary>
Do not audit attempts to send and receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_iscsi_client_packets" lineno="38020">
<summary>
Relabel packets to iscsi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_iscsi_server_packets" lineno="38040">
<summary>
Send iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_iscsi_server_packets" lineno="38059">
<summary>
Do not audit attempts to send iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_iscsi_server_packets" lineno="38078">
<summary>
Receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_iscsi_server_packets" lineno="38097">
<summary>
Do not audit attempts to receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_iscsi_server_packets" lineno="38116">
<summary>
Send and receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_iscsi_server_packets" lineno="38132">
<summary>
Do not audit attempts to send and receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_iscsi_server_packets" lineno="38147">
<summary>
Relabel packets to iscsi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_isns_port" lineno="38169">
<summary>
Send and receive TCP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_isns_port" lineno="38184">
<summary>
Send UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_isns_port" lineno="38199">
<summary>
Do not audit attempts to send UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_isns_port" lineno="38214">
<summary>
Receive UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_isns_port" lineno="38229">
<summary>
Do not audit attempts to receive UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_isns_port" lineno="38244">
<summary>
Send and receive UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_isns_port" lineno="38260">
<summary>
Do not audit attempts to send and receive
UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_isns_port" lineno="38275">
<summary>
Bind TCP sockets to the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_isns_port" lineno="38295">
<summary>
Bind UDP sockets to the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_isns_port" lineno="38314">
<summary>
Make a TCP connection to the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isns_client_packets" lineno="38334">
<summary>
Send isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isns_client_packets" lineno="38353">
<summary>
Do not audit attempts to send isns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isns_client_packets" lineno="38372">
<summary>
Receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isns_client_packets" lineno="38391">
<summary>
Do not audit attempts to receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isns_client_packets" lineno="38410">
<summary>
Send and receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isns_client_packets" lineno="38426">
<summary>
Do not audit attempts to send and receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isns_client_packets" lineno="38441">
<summary>
Relabel packets to isns_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isns_server_packets" lineno="38461">
<summary>
Send isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isns_server_packets" lineno="38480">
<summary>
Do not audit attempts to send isns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isns_server_packets" lineno="38499">
<summary>
Receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isns_server_packets" lineno="38518">
<summary>
Do not audit attempts to receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isns_server_packets" lineno="38537">
<summary>
Send and receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isns_server_packets" lineno="38553">
<summary>
Do not audit attempts to send and receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isns_server_packets" lineno="38568">
<summary>
Relabel packets to isns_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jabber_client_port" lineno="38590">
<summary>
Send and receive TCP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jabber_client_port" lineno="38605">
<summary>
Send UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jabber_client_port" lineno="38620">
<summary>
Do not audit attempts to send UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jabber_client_port" lineno="38635">
<summary>
Receive UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jabber_client_port" lineno="38650">
<summary>
Do not audit attempts to receive UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jabber_client_port" lineno="38665">
<summary>
Send and receive UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jabber_client_port" lineno="38681">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jabber_client_port" lineno="38696">
<summary>
Bind TCP sockets to the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jabber_client_port" lineno="38716">
<summary>
Bind UDP sockets to the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jabber_client_port" lineno="38735">
<summary>
Make a TCP connection to the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_client_client_packets" lineno="38755">
<summary>
Send jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_client_client_packets" lineno="38774">
<summary>
Do not audit attempts to send jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_client_client_packets" lineno="38793">
<summary>
Receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_client_client_packets" lineno="38812">
<summary>
Do not audit attempts to receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_client_client_packets" lineno="38831">
<summary>
Send and receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_client_client_packets" lineno="38847">
<summary>
Do not audit attempts to send and receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_client_client_packets" lineno="38862">
<summary>
Relabel packets to jabber_client_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_client_server_packets" lineno="38882">
<summary>
Send jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_client_server_packets" lineno="38901">
<summary>
Do not audit attempts to send jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_client_server_packets" lineno="38920">
<summary>
Receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_client_server_packets" lineno="38939">
<summary>
Do not audit attempts to receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_client_server_packets" lineno="38958">
<summary>
Send and receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_client_server_packets" lineno="38974">
<summary>
Do not audit attempts to send and receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_client_server_packets" lineno="38989">
<summary>
Relabel packets to jabber_client_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jabber_interserver_port" lineno="39011">
<summary>
Send and receive TCP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jabber_interserver_port" lineno="39026">
<summary>
Send UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jabber_interserver_port" lineno="39041">
<summary>
Do not audit attempts to send UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jabber_interserver_port" lineno="39056">
<summary>
Receive UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jabber_interserver_port" lineno="39071">
<summary>
Do not audit attempts to receive UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jabber_interserver_port" lineno="39086">
<summary>
Send and receive UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jabber_interserver_port" lineno="39102">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jabber_interserver_port" lineno="39117">
<summary>
Bind TCP sockets to the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jabber_interserver_port" lineno="39137">
<summary>
Bind UDP sockets to the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jabber_interserver_port" lineno="39156">
<summary>
Make a TCP connection to the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_interserver_client_packets" lineno="39176">
<summary>
Send jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_interserver_client_packets" lineno="39195">
<summary>
Do not audit attempts to send jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_interserver_client_packets" lineno="39214">
<summary>
Receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_interserver_client_packets" lineno="39233">
<summary>
Do not audit attempts to receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_interserver_client_packets" lineno="39252">
<summary>
Send and receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_interserver_client_packets" lineno="39268">
<summary>
Do not audit attempts to send and receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_interserver_client_packets" lineno="39283">
<summary>
Relabel packets to jabber_interserver_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_interserver_server_packets" lineno="39303">
<summary>
Send jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_interserver_server_packets" lineno="39322">
<summary>
Do not audit attempts to send jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_interserver_server_packets" lineno="39341">
<summary>
Receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_interserver_server_packets" lineno="39360">
<summary>
Do not audit attempts to receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_interserver_server_packets" lineno="39379">
<summary>
Send and receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_interserver_server_packets" lineno="39395">
<summary>
Do not audit attempts to send and receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_interserver_server_packets" lineno="39410">
<summary>
Relabel packets to jabber_interserver_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jboss_iiop_port" lineno="39432">
<summary>
Send and receive TCP traffic on the jboss_iiop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jboss_iiop_port" lineno="39447">
<summary>
Send UDP traffic on the jboss_iiop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jboss_iiop_port" lineno="39462">
<summary>
Do not audit attempts to send UDP traffic on the jboss_iiop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jboss_iiop_port" lineno="39477">
<summary>
Receive UDP traffic on the jboss_iiop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jboss_iiop_port" lineno="39492">
<summary>
Do not audit attempts to receive UDP traffic on the jboss_iiop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jboss_iiop_port" lineno="39507">
<summary>
Send and receive UDP traffic on the jboss_iiop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jboss_iiop_port" lineno="39523">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jboss_iiop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jboss_iiop_port" lineno="39538">
<summary>
Bind TCP sockets to the jboss_iiop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jboss_iiop_port" lineno="39558">
<summary>
Bind UDP sockets to the jboss_iiop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jboss_iiop_port" lineno="39577">
<summary>
Make a TCP connection to the jboss_iiop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_iiop_client_packets" lineno="39597">
<summary>
Send jboss_iiop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_iiop_client_packets" lineno="39616">
<summary>
Do not audit attempts to send jboss_iiop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_iiop_client_packets" lineno="39635">
<summary>
Receive jboss_iiop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_iiop_client_packets" lineno="39654">
<summary>
Do not audit attempts to receive jboss_iiop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_iiop_client_packets" lineno="39673">
<summary>
Send and receive jboss_iiop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_iiop_client_packets" lineno="39689">
<summary>
Do not audit attempts to send and receive jboss_iiop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_iiop_client_packets" lineno="39704">
<summary>
Relabel packets to jboss_iiop_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_iiop_server_packets" lineno="39724">
<summary>
Send jboss_iiop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_iiop_server_packets" lineno="39743">
<summary>
Do not audit attempts to send jboss_iiop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_iiop_server_packets" lineno="39762">
<summary>
Receive jboss_iiop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_iiop_server_packets" lineno="39781">
<summary>
Do not audit attempts to receive jboss_iiop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_iiop_server_packets" lineno="39800">
<summary>
Send and receive jboss_iiop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_iiop_server_packets" lineno="39816">
<summary>
Do not audit attempts to send and receive jboss_iiop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_iiop_server_packets" lineno="39831">
<summary>
Relabel packets to jboss_iiop_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kerberos_port" lineno="39853">
<summary>
Send and receive TCP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kerberos_port" lineno="39868">
<summary>
Send UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kerberos_port" lineno="39883">
<summary>
Do not audit attempts to send UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kerberos_port" lineno="39898">
<summary>
Receive UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kerberos_port" lineno="39913">
<summary>
Do not audit attempts to receive UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kerberos_port" lineno="39928">
<summary>
Send and receive UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kerberos_port" lineno="39944">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kerberos_port" lineno="39959">
<summary>
Bind TCP sockets to the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kerberos_port" lineno="39979">
<summary>
Bind UDP sockets to the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kerberos_port" lineno="39998">
<summary>
Make a TCP connection to the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_client_packets" lineno="40018">
<summary>
Send kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_client_packets" lineno="40037">
<summary>
Do not audit attempts to send kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_client_packets" lineno="40056">
<summary>
Receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_client_packets" lineno="40075">
<summary>
Do not audit attempts to receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_client_packets" lineno="40094">
<summary>
Send and receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_client_packets" lineno="40110">
<summary>
Do not audit attempts to send and receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_client_packets" lineno="40125">
<summary>
Relabel packets to kerberos_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_server_packets" lineno="40145">
<summary>
Send kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_server_packets" lineno="40164">
<summary>
Do not audit attempts to send kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_server_packets" lineno="40183">
<summary>
Receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_server_packets" lineno="40202">
<summary>
Do not audit attempts to receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_server_packets" lineno="40221">
<summary>
Send and receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_server_packets" lineno="40237">
<summary>
Do not audit attempts to send and receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_server_packets" lineno="40252">
<summary>
Relabel packets to kerberos_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kerberos_admin_port" lineno="40274">
<summary>
Send and receive TCP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kerberos_admin_port" lineno="40289">
<summary>
Send UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kerberos_admin_port" lineno="40304">
<summary>
Do not audit attempts to send UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kerberos_admin_port" lineno="40319">
<summary>
Receive UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kerberos_admin_port" lineno="40334">
<summary>
Do not audit attempts to receive UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kerberos_admin_port" lineno="40349">
<summary>
Send and receive UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kerberos_admin_port" lineno="40365">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kerberos_admin_port" lineno="40380">
<summary>
Bind TCP sockets to the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kerberos_admin_port" lineno="40400">
<summary>
Bind UDP sockets to the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kerberos_admin_port" lineno="40419">
<summary>
Make a TCP connection to the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_admin_client_packets" lineno="40439">
<summary>
Send kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_admin_client_packets" lineno="40458">
<summary>
Do not audit attempts to send kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_admin_client_packets" lineno="40477">
<summary>
Receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_admin_client_packets" lineno="40496">
<summary>
Do not audit attempts to receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_admin_client_packets" lineno="40515">
<summary>
Send and receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_admin_client_packets" lineno="40531">
<summary>
Do not audit attempts to send and receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_admin_client_packets" lineno="40546">
<summary>
Relabel packets to kerberos_admin_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_admin_server_packets" lineno="40566">
<summary>
Send kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_admin_server_packets" lineno="40585">
<summary>
Do not audit attempts to send kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_admin_server_packets" lineno="40604">
<summary>
Receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_admin_server_packets" lineno="40623">
<summary>
Do not audit attempts to receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_admin_server_packets" lineno="40642">
<summary>
Send and receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_admin_server_packets" lineno="40658">
<summary>
Do not audit attempts to send and receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_admin_server_packets" lineno="40673">
<summary>
Relabel packets to kerberos_admin_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kerberos_master_port" lineno="40695">
<summary>
Send and receive TCP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kerberos_master_port" lineno="40710">
<summary>
Send UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kerberos_master_port" lineno="40725">
<summary>
Do not audit attempts to send UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kerberos_master_port" lineno="40740">
<summary>
Receive UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kerberos_master_port" lineno="40755">
<summary>
Do not audit attempts to receive UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kerberos_master_port" lineno="40770">
<summary>
Send and receive UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kerberos_master_port" lineno="40786">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kerberos_master_port" lineno="40801">
<summary>
Bind TCP sockets to the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kerberos_master_port" lineno="40821">
<summary>
Bind UDP sockets to the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kerberos_master_port" lineno="40840">
<summary>
Make a TCP connection to the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_master_client_packets" lineno="40860">
<summary>
Send kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_master_client_packets" lineno="40879">
<summary>
Do not audit attempts to send kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_master_client_packets" lineno="40898">
<summary>
Receive kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_master_client_packets" lineno="40917">
<summary>
Do not audit attempts to receive kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_master_client_packets" lineno="40936">
<summary>
Send and receive kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_master_client_packets" lineno="40952">
<summary>
Do not audit attempts to send and receive kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_master_client_packets" lineno="40967">
<summary>
Relabel packets to kerberos_master_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_master_server_packets" lineno="40987">
<summary>
Send kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_master_server_packets" lineno="41006">
<summary>
Do not audit attempts to send kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_master_server_packets" lineno="41025">
<summary>
Receive kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_master_server_packets" lineno="41044">
<summary>
Do not audit attempts to receive kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_master_server_packets" lineno="41063">
<summary>
Send and receive kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_master_server_packets" lineno="41079">
<summary>
Do not audit attempts to send and receive kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_master_server_packets" lineno="41094">
<summary>
Relabel packets to kerberos_master_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kismet_port" lineno="41116">
<summary>
Send and receive TCP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kismet_port" lineno="41131">
<summary>
Send UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kismet_port" lineno="41146">
<summary>
Do not audit attempts to send UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kismet_port" lineno="41161">
<summary>
Receive UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kismet_port" lineno="41176">
<summary>
Do not audit attempts to receive UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kismet_port" lineno="41191">
<summary>
Send and receive UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kismet_port" lineno="41207">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kismet_port" lineno="41222">
<summary>
Bind TCP sockets to the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kismet_port" lineno="41242">
<summary>
Bind UDP sockets to the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kismet_port" lineno="41261">
<summary>
Make a TCP connection to the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kismet_client_packets" lineno="41281">
<summary>
Send kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kismet_client_packets" lineno="41300">
<summary>
Do not audit attempts to send kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kismet_client_packets" lineno="41319">
<summary>
Receive kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kismet_client_packets" lineno="41338">
<summary>
Do not audit attempts to receive kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kismet_client_packets" lineno="41357">
<summary>
Send and receive kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kismet_client_packets" lineno="41373">
<summary>
Do not audit attempts to send and receive kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kismet_client_packets" lineno="41388">
<summary>
Relabel packets to kismet_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kismet_server_packets" lineno="41408">
<summary>
Send kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kismet_server_packets" lineno="41427">
<summary>
Do not audit attempts to send kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kismet_server_packets" lineno="41446">
<summary>
Receive kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kismet_server_packets" lineno="41465">
<summary>
Do not audit attempts to receive kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kismet_server_packets" lineno="41484">
<summary>
Send and receive kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kismet_server_packets" lineno="41500">
<summary>
Do not audit attempts to send and receive kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kismet_server_packets" lineno="41515">
<summary>
Relabel packets to kismet_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kprop_port" lineno="41537">
<summary>
Send and receive TCP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kprop_port" lineno="41552">
<summary>
Send UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kprop_port" lineno="41567">
<summary>
Do not audit attempts to send UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kprop_port" lineno="41582">
<summary>
Receive UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kprop_port" lineno="41597">
<summary>
Do not audit attempts to receive UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kprop_port" lineno="41612">
<summary>
Send and receive UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kprop_port" lineno="41628">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kprop_port" lineno="41643">
<summary>
Bind TCP sockets to the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kprop_port" lineno="41663">
<summary>
Bind UDP sockets to the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kprop_port" lineno="41682">
<summary>
Make a TCP connection to the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kprop_client_packets" lineno="41702">
<summary>
Send kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kprop_client_packets" lineno="41721">
<summary>
Do not audit attempts to send kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kprop_client_packets" lineno="41740">
<summary>
Receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kprop_client_packets" lineno="41759">
<summary>
Do not audit attempts to receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kprop_client_packets" lineno="41778">
<summary>
Send and receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kprop_client_packets" lineno="41794">
<summary>
Do not audit attempts to send and receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kprop_client_packets" lineno="41809">
<summary>
Relabel packets to kprop_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kprop_server_packets" lineno="41829">
<summary>
Send kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kprop_server_packets" lineno="41848">
<summary>
Do not audit attempts to send kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kprop_server_packets" lineno="41867">
<summary>
Receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kprop_server_packets" lineno="41886">
<summary>
Do not audit attempts to receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kprop_server_packets" lineno="41905">
<summary>
Send and receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kprop_server_packets" lineno="41921">
<summary>
Do not audit attempts to send and receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kprop_server_packets" lineno="41936">
<summary>
Relabel packets to kprop_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ktalkd_port" lineno="41958">
<summary>
Send and receive TCP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ktalkd_port" lineno="41973">
<summary>
Send UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ktalkd_port" lineno="41988">
<summary>
Do not audit attempts to send UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ktalkd_port" lineno="42003">
<summary>
Receive UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ktalkd_port" lineno="42018">
<summary>
Do not audit attempts to receive UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ktalkd_port" lineno="42033">
<summary>
Send and receive UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ktalkd_port" lineno="42049">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ktalkd_port" lineno="42064">
<summary>
Bind TCP sockets to the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ktalkd_port" lineno="42084">
<summary>
Bind UDP sockets to the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ktalkd_port" lineno="42103">
<summary>
Make a TCP connection to the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ktalkd_client_packets" lineno="42123">
<summary>
Send ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ktalkd_client_packets" lineno="42142">
<summary>
Do not audit attempts to send ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ktalkd_client_packets" lineno="42161">
<summary>
Receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ktalkd_client_packets" lineno="42180">
<summary>
Do not audit attempts to receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ktalkd_client_packets" lineno="42199">
<summary>
Send and receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ktalkd_client_packets" lineno="42215">
<summary>
Do not audit attempts to send and receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ktalkd_client_packets" lineno="42230">
<summary>
Relabel packets to ktalkd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ktalkd_server_packets" lineno="42250">
<summary>
Send ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ktalkd_server_packets" lineno="42269">
<summary>
Do not audit attempts to send ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ktalkd_server_packets" lineno="42288">
<summary>
Receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ktalkd_server_packets" lineno="42307">
<summary>
Do not audit attempts to receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ktalkd_server_packets" lineno="42326">
<summary>
Send and receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ktalkd_server_packets" lineno="42342">
<summary>
Do not audit attempts to send and receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ktalkd_server_packets" lineno="42357">
<summary>
Relabel packets to ktalkd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_l2tp_port" lineno="42379">
<summary>
Send and receive TCP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_l2tp_port" lineno="42394">
<summary>
Send UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_l2tp_port" lineno="42409">
<summary>
Do not audit attempts to send UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_l2tp_port" lineno="42424">
<summary>
Receive UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_l2tp_port" lineno="42439">
<summary>
Do not audit attempts to receive UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_l2tp_port" lineno="42454">
<summary>
Send and receive UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_l2tp_port" lineno="42470">
<summary>
Do not audit attempts to send and receive
UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_l2tp_port" lineno="42485">
<summary>
Bind TCP sockets to the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_l2tp_port" lineno="42505">
<summary>
Bind UDP sockets to the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_l2tp_port" lineno="42524">
<summary>
Make a TCP connection to the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_l2tp_client_packets" lineno="42544">
<summary>
Send l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_l2tp_client_packets" lineno="42563">
<summary>
Do not audit attempts to send l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_l2tp_client_packets" lineno="42582">
<summary>
Receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_l2tp_client_packets" lineno="42601">
<summary>
Do not audit attempts to receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_l2tp_client_packets" lineno="42620">
<summary>
Send and receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_l2tp_client_packets" lineno="42636">
<summary>
Do not audit attempts to send and receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_l2tp_client_packets" lineno="42651">
<summary>
Relabel packets to l2tp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_l2tp_server_packets" lineno="42671">
<summary>
Send l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_l2tp_server_packets" lineno="42690">
<summary>
Do not audit attempts to send l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_l2tp_server_packets" lineno="42709">
<summary>
Receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_l2tp_server_packets" lineno="42728">
<summary>
Do not audit attempts to receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_l2tp_server_packets" lineno="42747">
<summary>
Send and receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_l2tp_server_packets" lineno="42763">
<summary>
Do not audit attempts to send and receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_l2tp_server_packets" lineno="42778">
<summary>
Relabel packets to l2tp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ldap_port" lineno="42800">
<summary>
Send and receive TCP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ldap_port" lineno="42815">
<summary>
Send UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ldap_port" lineno="42830">
<summary>
Do not audit attempts to send UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ldap_port" lineno="42845">
<summary>
Receive UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ldap_port" lineno="42860">
<summary>
Do not audit attempts to receive UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ldap_port" lineno="42875">
<summary>
Send and receive UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ldap_port" lineno="42891">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ldap_port" lineno="42906">
<summary>
Bind TCP sockets to the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ldap_port" lineno="42926">
<summary>
Bind UDP sockets to the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ldap_port" lineno="42945">
<summary>
Make a TCP connection to the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ldap_client_packets" lineno="42965">
<summary>
Send ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ldap_client_packets" lineno="42984">
<summary>
Do not audit attempts to send ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ldap_client_packets" lineno="43003">
<summary>
Receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ldap_client_packets" lineno="43022">
<summary>
Do not audit attempts to receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ldap_client_packets" lineno="43041">
<summary>
Send and receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ldap_client_packets" lineno="43057">
<summary>
Do not audit attempts to send and receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ldap_client_packets" lineno="43072">
<summary>
Relabel packets to ldap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ldap_server_packets" lineno="43092">
<summary>
Send ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ldap_server_packets" lineno="43111">
<summary>
Do not audit attempts to send ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ldap_server_packets" lineno="43130">
<summary>
Receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ldap_server_packets" lineno="43149">
<summary>
Do not audit attempts to receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ldap_server_packets" lineno="43168">
<summary>
Send and receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ldap_server_packets" lineno="43184">
<summary>
Do not audit attempts to send and receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ldap_server_packets" lineno="43199">
<summary>
Relabel packets to ldap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lirc_port" lineno="43221">
<summary>
Send and receive TCP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lirc_port" lineno="43236">
<summary>
Send UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_lirc_port" lineno="43251">
<summary>
Do not audit attempts to send UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_lirc_port" lineno="43266">
<summary>
Receive UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_lirc_port" lineno="43281">
<summary>
Do not audit attempts to receive UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_lirc_port" lineno="43296">
<summary>
Send and receive UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_lirc_port" lineno="43312">
<summary>
Do not audit attempts to send and receive
UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_lirc_port" lineno="43327">
<summary>
Bind TCP sockets to the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_lirc_port" lineno="43347">
<summary>
Bind UDP sockets to the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_lirc_port" lineno="43366">
<summary>
Make a TCP connection to the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lirc_client_packets" lineno="43386">
<summary>
Send lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lirc_client_packets" lineno="43405">
<summary>
Do not audit attempts to send lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lirc_client_packets" lineno="43424">
<summary>
Receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lirc_client_packets" lineno="43443">
<summary>
Do not audit attempts to receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lirc_client_packets" lineno="43462">
<summary>
Send and receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lirc_client_packets" lineno="43478">
<summary>
Do not audit attempts to send and receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lirc_client_packets" lineno="43493">
<summary>
Relabel packets to lirc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lirc_server_packets" lineno="43513">
<summary>
Send lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lirc_server_packets" lineno="43532">
<summary>
Do not audit attempts to send lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lirc_server_packets" lineno="43551">
<summary>
Receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lirc_server_packets" lineno="43570">
<summary>
Do not audit attempts to receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lirc_server_packets" lineno="43589">
<summary>
Send and receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lirc_server_packets" lineno="43605">
<summary>
Do not audit attempts to send and receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lirc_server_packets" lineno="43620">
<summary>
Relabel packets to lirc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_llmnr_port" lineno="43642">
<summary>
Send and receive TCP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_llmnr_port" lineno="43657">
<summary>
Send UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_llmnr_port" lineno="43672">
<summary>
Do not audit attempts to send UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_llmnr_port" lineno="43687">
<summary>
Receive UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_llmnr_port" lineno="43702">
<summary>
Do not audit attempts to receive UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_llmnr_port" lineno="43717">
<summary>
Send and receive UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_llmnr_port" lineno="43733">
<summary>
Do not audit attempts to send and receive
UDP traffic on the llmnr port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_llmnr_port" lineno="43748">
<summary>
Bind TCP sockets to the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_llmnr_port" lineno="43768">
<summary>
Bind UDP sockets to the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_llmnr_port" lineno="43787">
<summary>
Make a TCP connection to the llmnr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_llmnr_client_packets" lineno="43807">
<summary>
Send llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_llmnr_client_packets" lineno="43826">
<summary>
Do not audit attempts to send llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_llmnr_client_packets" lineno="43845">
<summary>
Receive llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_llmnr_client_packets" lineno="43864">
<summary>
Do not audit attempts to receive llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_llmnr_client_packets" lineno="43883">
<summary>
Send and receive llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_llmnr_client_packets" lineno="43899">
<summary>
Do not audit attempts to send and receive llmnr_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_llmnr_client_packets" lineno="43914">
<summary>
Relabel packets to llmnr_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_llmnr_server_packets" lineno="43934">
<summary>
Send llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_llmnr_server_packets" lineno="43953">
<summary>
Do not audit attempts to send llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_llmnr_server_packets" lineno="43972">
<summary>
Receive llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_llmnr_server_packets" lineno="43991">
<summary>
Do not audit attempts to receive llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_llmnr_server_packets" lineno="44010">
<summary>
Send and receive llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_llmnr_server_packets" lineno="44026">
<summary>
Do not audit attempts to send and receive llmnr_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_llmnr_server_packets" lineno="44041">
<summary>
Relabel packets to llmnr_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lmtp_port" lineno="44063">
<summary>
Send and receive TCP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lmtp_port" lineno="44078">
<summary>
Send UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_lmtp_port" lineno="44093">
<summary>
Do not audit attempts to send UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_lmtp_port" lineno="44108">
<summary>
Receive UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_lmtp_port" lineno="44123">
<summary>
Do not audit attempts to receive UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_lmtp_port" lineno="44138">
<summary>
Send and receive UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_lmtp_port" lineno="44154">
<summary>
Do not audit attempts to send and receive
UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_lmtp_port" lineno="44169">
<summary>
Bind TCP sockets to the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_lmtp_port" lineno="44189">
<summary>
Bind UDP sockets to the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_lmtp_port" lineno="44208">
<summary>
Make a TCP connection to the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lmtp_client_packets" lineno="44228">
<summary>
Send lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lmtp_client_packets" lineno="44247">
<summary>
Do not audit attempts to send lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lmtp_client_packets" lineno="44266">
<summary>
Receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lmtp_client_packets" lineno="44285">
<summary>
Do not audit attempts to receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lmtp_client_packets" lineno="44304">
<summary>
Send and receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lmtp_client_packets" lineno="44320">
<summary>
Do not audit attempts to send and receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lmtp_client_packets" lineno="44335">
<summary>
Relabel packets to lmtp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lmtp_server_packets" lineno="44355">
<summary>
Send lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lmtp_server_packets" lineno="44374">
<summary>
Do not audit attempts to send lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lmtp_server_packets" lineno="44393">
<summary>
Receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lmtp_server_packets" lineno="44412">
<summary>
Do not audit attempts to receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lmtp_server_packets" lineno="44431">
<summary>
Send and receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lmtp_server_packets" lineno="44447">
<summary>
Do not audit attempts to send and receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lmtp_server_packets" lineno="44462">
<summary>
Relabel packets to lmtp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lrrd_port" lineno="44484">
<summary>
Send and receive TCP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lrrd_port" lineno="44499">
<summary>
Send UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_lrrd_port" lineno="44514">
<summary>
Do not audit attempts to send UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_lrrd_port" lineno="44529">
<summary>
Receive UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_lrrd_port" lineno="44544">
<summary>
Do not audit attempts to receive UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_lrrd_port" lineno="44559">
<summary>
Send and receive UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_lrrd_port" lineno="44575">
<summary>
Do not audit attempts to send and receive
UDP traffic on the lrrd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_lrrd_port" lineno="44590">
<summary>
Bind TCP sockets to the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_lrrd_port" lineno="44610">
<summary>
Bind UDP sockets to the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_lrrd_port" lineno="44629">
<summary>
Make a TCP connection to the lrrd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lrrd_client_packets" lineno="44649">
<summary>
Send lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lrrd_client_packets" lineno="44668">
<summary>
Do not audit attempts to send lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lrrd_client_packets" lineno="44687">
<summary>
Receive lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lrrd_client_packets" lineno="44706">
<summary>
Do not audit attempts to receive lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lrrd_client_packets" lineno="44725">
<summary>
Send and receive lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lrrd_client_packets" lineno="44741">
<summary>
Do not audit attempts to send and receive lrrd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lrrd_client_packets" lineno="44756">
<summary>
Relabel packets to lrrd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lrrd_server_packets" lineno="44776">
<summary>
Send lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lrrd_server_packets" lineno="44795">
<summary>
Do not audit attempts to send lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lrrd_server_packets" lineno="44814">
<summary>
Receive lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lrrd_server_packets" lineno="44833">
<summary>
Do not audit attempts to receive lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lrrd_server_packets" lineno="44852">
<summary>
Send and receive lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lrrd_server_packets" lineno="44868">
<summary>
Do not audit attempts to send and receive lrrd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lrrd_server_packets" lineno="44883">
<summary>
Relabel packets to lrrd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mail_port" lineno="44905">
<summary>
Send and receive TCP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mail_port" lineno="44920">
<summary>
Send UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mail_port" lineno="44935">
<summary>
Do not audit attempts to send UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mail_port" lineno="44950">
<summary>
Receive UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mail_port" lineno="44965">
<summary>
Do not audit attempts to receive UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mail_port" lineno="44980">
<summary>
Send and receive UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mail_port" lineno="44996">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mail_port" lineno="45011">
<summary>
Bind TCP sockets to the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mail_port" lineno="45031">
<summary>
Bind UDP sockets to the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mail_port" lineno="45050">
<summary>
Make a TCP connection to the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mail_client_packets" lineno="45070">
<summary>
Send mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mail_client_packets" lineno="45089">
<summary>
Do not audit attempts to send mail_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mail_client_packets" lineno="45108">
<summary>
Receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mail_client_packets" lineno="45127">
<summary>
Do not audit attempts to receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mail_client_packets" lineno="45146">
<summary>
Send and receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mail_client_packets" lineno="45162">
<summary>
Do not audit attempts to send and receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mail_client_packets" lineno="45177">
<summary>
Relabel packets to mail_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mail_server_packets" lineno="45197">
<summary>
Send mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mail_server_packets" lineno="45216">
<summary>
Do not audit attempts to send mail_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mail_server_packets" lineno="45235">
<summary>
Receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mail_server_packets" lineno="45254">
<summary>
Do not audit attempts to receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mail_server_packets" lineno="45273">
<summary>
Send and receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mail_server_packets" lineno="45289">
<summary>
Do not audit attempts to send and receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mail_server_packets" lineno="45304">
<summary>
Relabel packets to mail_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_matahari_port" lineno="45326">
<summary>
Send and receive TCP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_matahari_port" lineno="45341">
<summary>
Send UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_matahari_port" lineno="45356">
<summary>
Do not audit attempts to send UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_matahari_port" lineno="45371">
<summary>
Receive UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_matahari_port" lineno="45386">
<summary>
Do not audit attempts to receive UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_matahari_port" lineno="45401">
<summary>
Send and receive UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_matahari_port" lineno="45417">
<summary>
Do not audit attempts to send and receive
UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_matahari_port" lineno="45432">
<summary>
Bind TCP sockets to the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_matahari_port" lineno="45452">
<summary>
Bind UDP sockets to the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_matahari_port" lineno="45471">
<summary>
Make a TCP connection to the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_matahari_client_packets" lineno="45491">
<summary>
Send matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_matahari_client_packets" lineno="45510">
<summary>
Do not audit attempts to send matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_matahari_client_packets" lineno="45529">
<summary>
Receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_matahari_client_packets" lineno="45548">
<summary>
Do not audit attempts to receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_matahari_client_packets" lineno="45567">
<summary>
Send and receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_matahari_client_packets" lineno="45583">
<summary>
Do not audit attempts to send and receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_matahari_client_packets" lineno="45598">
<summary>
Relabel packets to matahari_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_matahari_server_packets" lineno="45618">
<summary>
Send matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_matahari_server_packets" lineno="45637">
<summary>
Do not audit attempts to send matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_matahari_server_packets" lineno="45656">
<summary>
Receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_matahari_server_packets" lineno="45675">
<summary>
Do not audit attempts to receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_matahari_server_packets" lineno="45694">
<summary>
Send and receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_matahari_server_packets" lineno="45710">
<summary>
Do not audit attempts to send and receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_matahari_server_packets" lineno="45725">
<summary>
Relabel packets to matahari_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_memcache_port" lineno="45747">
<summary>
Send and receive TCP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_memcache_port" lineno="45762">
<summary>
Send UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_memcache_port" lineno="45777">
<summary>
Do not audit attempts to send UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_memcache_port" lineno="45792">
<summary>
Receive UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_memcache_port" lineno="45807">
<summary>
Do not audit attempts to receive UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_memcache_port" lineno="45822">
<summary>
Send and receive UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_memcache_port" lineno="45838">
<summary>
Do not audit attempts to send and receive
UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_memcache_port" lineno="45853">
<summary>
Bind TCP sockets to the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_memcache_port" lineno="45873">
<summary>
Bind UDP sockets to the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_memcache_port" lineno="45892">
<summary>
Make a TCP connection to the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_memcache_client_packets" lineno="45912">
<summary>
Send memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_memcache_client_packets" lineno="45931">
<summary>
Do not audit attempts to send memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_memcache_client_packets" lineno="45950">
<summary>
Receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_memcache_client_packets" lineno="45969">
<summary>
Do not audit attempts to receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_memcache_client_packets" lineno="45988">
<summary>
Send and receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_memcache_client_packets" lineno="46004">
<summary>
Do not audit attempts to send and receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_memcache_client_packets" lineno="46019">
<summary>
Relabel packets to memcache_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_memcache_server_packets" lineno="46039">
<summary>
Send memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_memcache_server_packets" lineno="46058">
<summary>
Do not audit attempts to send memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_memcache_server_packets" lineno="46077">
<summary>
Receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_memcache_server_packets" lineno="46096">
<summary>
Do not audit attempts to receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_memcache_server_packets" lineno="46115">
<summary>
Send and receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_memcache_server_packets" lineno="46131">
<summary>
Do not audit attempts to send and receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_memcache_server_packets" lineno="46146">
<summary>
Relabel packets to memcache_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_milter_port" lineno="46168">
<summary>
Send and receive TCP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_milter_port" lineno="46183">
<summary>
Send UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_milter_port" lineno="46198">
<summary>
Do not audit attempts to send UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_milter_port" lineno="46213">
<summary>
Receive UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_milter_port" lineno="46228">
<summary>
Do not audit attempts to receive UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_milter_port" lineno="46243">
<summary>
Send and receive UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_milter_port" lineno="46259">
<summary>
Do not audit attempts to send and receive
UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_milter_port" lineno="46274">
<summary>
Bind TCP sockets to the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_milter_port" lineno="46294">
<summary>
Bind UDP sockets to the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_milter_port" lineno="46313">
<summary>
Make a TCP connection to the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_milter_client_packets" lineno="46333">
<summary>
Send milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_milter_client_packets" lineno="46352">
<summary>
Do not audit attempts to send milter_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_milter_client_packets" lineno="46371">
<summary>
Receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_milter_client_packets" lineno="46390">
<summary>
Do not audit attempts to receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_milter_client_packets" lineno="46409">
<summary>
Send and receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_milter_client_packets" lineno="46425">
<summary>
Do not audit attempts to send and receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_milter_client_packets" lineno="46440">
<summary>
Relabel packets to milter_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_milter_server_packets" lineno="46460">
<summary>
Send milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_milter_server_packets" lineno="46479">
<summary>
Do not audit attempts to send milter_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_milter_server_packets" lineno="46498">
<summary>
Receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_milter_server_packets" lineno="46517">
<summary>
Do not audit attempts to receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_milter_server_packets" lineno="46536">
<summary>
Send and receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_milter_server_packets" lineno="46552">
<summary>
Do not audit attempts to send and receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_milter_server_packets" lineno="46567">
<summary>
Relabel packets to milter_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mmcc_port" lineno="46589">
<summary>
Send and receive TCP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mmcc_port" lineno="46604">
<summary>
Send UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mmcc_port" lineno="46619">
<summary>
Do not audit attempts to send UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mmcc_port" lineno="46634">
<summary>
Receive UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mmcc_port" lineno="46649">
<summary>
Do not audit attempts to receive UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mmcc_port" lineno="46664">
<summary>
Send and receive UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mmcc_port" lineno="46680">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mmcc_port" lineno="46695">
<summary>
Bind TCP sockets to the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mmcc_port" lineno="46715">
<summary>
Bind UDP sockets to the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mmcc_port" lineno="46734">
<summary>
Make a TCP connection to the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mmcc_client_packets" lineno="46754">
<summary>
Send mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mmcc_client_packets" lineno="46773">
<summary>
Do not audit attempts to send mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mmcc_client_packets" lineno="46792">
<summary>
Receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mmcc_client_packets" lineno="46811">
<summary>
Do not audit attempts to receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mmcc_client_packets" lineno="46830">
<summary>
Send and receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mmcc_client_packets" lineno="46846">
<summary>
Do not audit attempts to send and receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mmcc_client_packets" lineno="46861">
<summary>
Relabel packets to mmcc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mmcc_server_packets" lineno="46881">
<summary>
Send mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mmcc_server_packets" lineno="46900">
<summary>
Do not audit attempts to send mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mmcc_server_packets" lineno="46919">
<summary>
Receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mmcc_server_packets" lineno="46938">
<summary>
Do not audit attempts to receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mmcc_server_packets" lineno="46957">
<summary>
Send and receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mmcc_server_packets" lineno="46973">
<summary>
Do not audit attempts to send and receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mmcc_server_packets" lineno="46988">
<summary>
Relabel packets to mmcc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mon_port" lineno="47010">
<summary>
Send and receive TCP traffic on the mon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mon_port" lineno="47025">
<summary>
Send UDP traffic on the mon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mon_port" lineno="47040">
<summary>
Do not audit attempts to send UDP traffic on the mon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mon_port" lineno="47055">
<summary>
Receive UDP traffic on the mon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mon_port" lineno="47070">
<summary>
Do not audit attempts to receive UDP traffic on the mon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mon_port" lineno="47085">
<summary>
Send and receive UDP traffic on the mon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mon_port" lineno="47101">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mon_port" lineno="47116">
<summary>
Bind TCP sockets to the mon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mon_port" lineno="47136">
<summary>
Bind UDP sockets to the mon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mon_port" lineno="47155">
<summary>
Make a TCP connection to the mon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mon_client_packets" lineno="47175">
<summary>
Send mon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mon_client_packets" lineno="47194">
<summary>
Do not audit attempts to send mon_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mon_client_packets" lineno="47213">
<summary>
Receive mon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mon_client_packets" lineno="47232">
<summary>
Do not audit attempts to receive mon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mon_client_packets" lineno="47251">
<summary>
Send and receive mon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mon_client_packets" lineno="47267">
<summary>
Do not audit attempts to send and receive mon_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mon_client_packets" lineno="47282">
<summary>
Relabel packets to mon_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mon_server_packets" lineno="47302">
<summary>
Send mon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mon_server_packets" lineno="47321">
<summary>
Do not audit attempts to send mon_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mon_server_packets" lineno="47340">
<summary>
Receive mon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mon_server_packets" lineno="47359">
<summary>
Do not audit attempts to receive mon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mon_server_packets" lineno="47378">
<summary>
Send and receive mon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mon_server_packets" lineno="47394">
<summary>
Do not audit attempts to send and receive mon_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mon_server_packets" lineno="47409">
<summary>
Relabel packets to mon_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_monit_port" lineno="47431">
<summary>
Send and receive TCP traffic on the monit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_monit_port" lineno="47446">
<summary>
Send UDP traffic on the monit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_monit_port" lineno="47461">
<summary>
Do not audit attempts to send UDP traffic on the monit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_monit_port" lineno="47476">
<summary>
Receive UDP traffic on the monit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_monit_port" lineno="47491">
<summary>
Do not audit attempts to receive UDP traffic on the monit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_monit_port" lineno="47506">
<summary>
Send and receive UDP traffic on the monit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_monit_port" lineno="47522">
<summary>
Do not audit attempts to send and receive
UDP traffic on the monit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_monit_port" lineno="47537">
<summary>
Bind TCP sockets to the monit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_monit_port" lineno="47557">
<summary>
Bind UDP sockets to the monit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_monit_port" lineno="47576">
<summary>
Make a TCP connection to the monit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_monit_client_packets" lineno="47596">
<summary>
Send monit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_monit_client_packets" lineno="47615">
<summary>
Do not audit attempts to send monit_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_monit_client_packets" lineno="47634">
<summary>
Receive monit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_monit_client_packets" lineno="47653">
<summary>
Do not audit attempts to receive monit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_monit_client_packets" lineno="47672">
<summary>
Send and receive monit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_monit_client_packets" lineno="47688">
<summary>
Do not audit attempts to send and receive monit_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_monit_client_packets" lineno="47703">
<summary>
Relabel packets to monit_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_monit_server_packets" lineno="47723">
<summary>
Send monit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_monit_server_packets" lineno="47742">
<summary>
Do not audit attempts to send monit_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_monit_server_packets" lineno="47761">
<summary>
Receive monit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_monit_server_packets" lineno="47780">
<summary>
Do not audit attempts to receive monit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_monit_server_packets" lineno="47799">
<summary>
Send and receive monit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_monit_server_packets" lineno="47815">
<summary>
Do not audit attempts to send and receive monit_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_monit_server_packets" lineno="47830">
<summary>
Relabel packets to monit_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_monopd_port" lineno="47852">
<summary>
Send and receive TCP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_monopd_port" lineno="47867">
<summary>
Send UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_monopd_port" lineno="47882">
<summary>
Do not audit attempts to send UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_monopd_port" lineno="47897">
<summary>
Receive UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_monopd_port" lineno="47912">
<summary>
Do not audit attempts to receive UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_monopd_port" lineno="47927">
<summary>
Send and receive UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_monopd_port" lineno="47943">
<summary>
Do not audit attempts to send and receive
UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_monopd_port" lineno="47958">
<summary>
Bind TCP sockets to the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_monopd_port" lineno="47978">
<summary>
Bind UDP sockets to the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_monopd_port" lineno="47997">
<summary>
Make a TCP connection to the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_monopd_client_packets" lineno="48017">
<summary>
Send monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_monopd_client_packets" lineno="48036">
<summary>
Do not audit attempts to send monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_monopd_client_packets" lineno="48055">
<summary>
Receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_monopd_client_packets" lineno="48074">
<summary>
Do not audit attempts to receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_monopd_client_packets" lineno="48093">
<summary>
Send and receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_monopd_client_packets" lineno="48109">
<summary>
Do not audit attempts to send and receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_monopd_client_packets" lineno="48124">
<summary>
Relabel packets to monopd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_monopd_server_packets" lineno="48144">
<summary>
Send monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_monopd_server_packets" lineno="48163">
<summary>
Do not audit attempts to send monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_monopd_server_packets" lineno="48182">
<summary>
Receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_monopd_server_packets" lineno="48201">
<summary>
Do not audit attempts to receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_monopd_server_packets" lineno="48220">
<summary>
Send and receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_monopd_server_packets" lineno="48236">
<summary>
Do not audit attempts to send and receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_monopd_server_packets" lineno="48251">
<summary>
Relabel packets to monopd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mountd_port" lineno="48273">
<summary>
Send and receive TCP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mountd_port" lineno="48288">
<summary>
Send UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mountd_port" lineno="48303">
<summary>
Do not audit attempts to send UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mountd_port" lineno="48318">
<summary>
Receive UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mountd_port" lineno="48333">
<summary>
Do not audit attempts to receive UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mountd_port" lineno="48348">
<summary>
Send and receive UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mountd_port" lineno="48364">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mountd_port" lineno="48379">
<summary>
Bind TCP sockets to the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mountd_port" lineno="48399">
<summary>
Bind UDP sockets to the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mountd_port" lineno="48418">
<summary>
Make a TCP connection to the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mountd_client_packets" lineno="48438">
<summary>
Send mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mountd_client_packets" lineno="48457">
<summary>
Do not audit attempts to send mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mountd_client_packets" lineno="48476">
<summary>
Receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mountd_client_packets" lineno="48495">
<summary>
Do not audit attempts to receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mountd_client_packets" lineno="48514">
<summary>
Send and receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mountd_client_packets" lineno="48530">
<summary>
Do not audit attempts to send and receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mountd_client_packets" lineno="48545">
<summary>
Relabel packets to mountd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mountd_server_packets" lineno="48565">
<summary>
Send mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mountd_server_packets" lineno="48584">
<summary>
Do not audit attempts to send mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mountd_server_packets" lineno="48603">
<summary>
Receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mountd_server_packets" lineno="48622">
<summary>
Do not audit attempts to receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mountd_server_packets" lineno="48641">
<summary>
Send and receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mountd_server_packets" lineno="48657">
<summary>
Do not audit attempts to send and receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mountd_server_packets" lineno="48672">
<summary>
Relabel packets to mountd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_movaz_ssc_port" lineno="48694">
<summary>
Send and receive TCP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_movaz_ssc_port" lineno="48709">
<summary>
Send UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_movaz_ssc_port" lineno="48724">
<summary>
Do not audit attempts to send UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_movaz_ssc_port" lineno="48739">
<summary>
Receive UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_movaz_ssc_port" lineno="48754">
<summary>
Do not audit attempts to receive UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_movaz_ssc_port" lineno="48769">
<summary>
Send and receive UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_movaz_ssc_port" lineno="48785">
<summary>
Do not audit attempts to send and receive
UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_movaz_ssc_port" lineno="48800">
<summary>
Bind TCP sockets to the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_movaz_ssc_port" lineno="48820">
<summary>
Bind UDP sockets to the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_movaz_ssc_port" lineno="48839">
<summary>
Make a TCP connection to the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_movaz_ssc_client_packets" lineno="48859">
<summary>
Send movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_movaz_ssc_client_packets" lineno="48878">
<summary>
Do not audit attempts to send movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_movaz_ssc_client_packets" lineno="48897">
<summary>
Receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_movaz_ssc_client_packets" lineno="48916">
<summary>
Do not audit attempts to receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_movaz_ssc_client_packets" lineno="48935">
<summary>
Send and receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_movaz_ssc_client_packets" lineno="48951">
<summary>
Do not audit attempts to send and receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_movaz_ssc_client_packets" lineno="48966">
<summary>
Relabel packets to movaz_ssc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_movaz_ssc_server_packets" lineno="48986">
<summary>
Send movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_movaz_ssc_server_packets" lineno="49005">
<summary>
Do not audit attempts to send movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_movaz_ssc_server_packets" lineno="49024">
<summary>
Receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_movaz_ssc_server_packets" lineno="49043">
<summary>
Do not audit attempts to receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_movaz_ssc_server_packets" lineno="49062">
<summary>
Send and receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_movaz_ssc_server_packets" lineno="49078">
<summary>
Do not audit attempts to send and receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_movaz_ssc_server_packets" lineno="49093">
<summary>
Relabel packets to movaz_ssc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mpd_port" lineno="49115">
<summary>
Send and receive TCP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mpd_port" lineno="49130">
<summary>
Send UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mpd_port" lineno="49145">
<summary>
Do not audit attempts to send UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mpd_port" lineno="49160">
<summary>
Receive UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mpd_port" lineno="49175">
<summary>
Do not audit attempts to receive UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mpd_port" lineno="49190">
<summary>
Send and receive UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mpd_port" lineno="49206">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mpd_port" lineno="49221">
<summary>
Bind TCP sockets to the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mpd_port" lineno="49241">
<summary>
Bind UDP sockets to the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mpd_port" lineno="49260">
<summary>
Make a TCP connection to the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mpd_client_packets" lineno="49280">
<summary>
Send mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mpd_client_packets" lineno="49299">
<summary>
Do not audit attempts to send mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mpd_client_packets" lineno="49318">
<summary>
Receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mpd_client_packets" lineno="49337">
<summary>
Do not audit attempts to receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mpd_client_packets" lineno="49356">
<summary>
Send and receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mpd_client_packets" lineno="49372">
<summary>
Do not audit attempts to send and receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mpd_client_packets" lineno="49387">
<summary>
Relabel packets to mpd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mpd_server_packets" lineno="49407">
<summary>
Send mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mpd_server_packets" lineno="49426">
<summary>
Do not audit attempts to send mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mpd_server_packets" lineno="49445">
<summary>
Receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mpd_server_packets" lineno="49464">
<summary>
Do not audit attempts to receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mpd_server_packets" lineno="49483">
<summary>
Send and receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mpd_server_packets" lineno="49499">
<summary>
Do not audit attempts to send and receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mpd_server_packets" lineno="49514">
<summary>
Relabel packets to mpd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_msgsrvr_port" lineno="49536">
<summary>
Send and receive TCP traffic on the msgsrvr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_msgsrvr_port" lineno="49551">
<summary>
Send UDP traffic on the msgsrvr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_msgsrvr_port" lineno="49566">
<summary>
Do not audit attempts to send UDP traffic on the msgsrvr port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_msgsrvr_port" lineno="49581">
<summary>
Receive UDP traffic on the msgsrvr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_msgsrvr_port" lineno="49596">
<summary>
Do not audit attempts to receive UDP traffic on the msgsrvr port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_msgsrvr_port" lineno="49611">
<summary>
Send and receive UDP traffic on the msgsrvr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_msgsrvr_port" lineno="49627">
<summary>
Do not audit attempts to send and receive
UDP traffic on the msgsrvr port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_msgsrvr_port" lineno="49642">
<summary>
Bind TCP sockets to the msgsrvr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_msgsrvr_port" lineno="49662">
<summary>
Bind UDP sockets to the msgsrvr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_msgsrvr_port" lineno="49681">
<summary>
Make a TCP connection to the msgsrvr port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_msgsrvr_client_packets" lineno="49701">
<summary>
Send msgsrvr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_msgsrvr_client_packets" lineno="49720">
<summary>
Do not audit attempts to send msgsrvr_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_msgsrvr_client_packets" lineno="49739">
<summary>
Receive msgsrvr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_msgsrvr_client_packets" lineno="49758">
<summary>
Do not audit attempts to receive msgsrvr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_msgsrvr_client_packets" lineno="49777">
<summary>
Send and receive msgsrvr_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_msgsrvr_client_packets" lineno="49793">
<summary>
Do not audit attempts to send and receive msgsrvr_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_msgsrvr_client_packets" lineno="49808">
<summary>
Relabel packets to msgsrvr_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_msgsrvr_server_packets" lineno="49828">
<summary>
Send msgsrvr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_msgsrvr_server_packets" lineno="49847">
<summary>
Do not audit attempts to send msgsrvr_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_msgsrvr_server_packets" lineno="49866">
<summary>
Receive msgsrvr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_msgsrvr_server_packets" lineno="49885">
<summary>
Do not audit attempts to receive msgsrvr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_msgsrvr_server_packets" lineno="49904">
<summary>
Send and receive msgsrvr_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_msgsrvr_server_packets" lineno="49920">
<summary>
Do not audit attempts to send and receive msgsrvr_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_msgsrvr_server_packets" lineno="49935">
<summary>
Relabel packets to msgsrvr_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_msnp_port" lineno="49957">
<summary>
Send and receive TCP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_msnp_port" lineno="49972">
<summary>
Send UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_msnp_port" lineno="49987">
<summary>
Do not audit attempts to send UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_msnp_port" lineno="50002">
<summary>
Receive UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_msnp_port" lineno="50017">
<summary>
Do not audit attempts to receive UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_msnp_port" lineno="50032">
<summary>
Send and receive UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_msnp_port" lineno="50048">
<summary>
Do not audit attempts to send and receive
UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_msnp_port" lineno="50063">
<summary>
Bind TCP sockets to the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_msnp_port" lineno="50083">
<summary>
Bind UDP sockets to the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_msnp_port" lineno="50102">
<summary>
Make a TCP connection to the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_msnp_client_packets" lineno="50122">
<summary>
Send msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_msnp_client_packets" lineno="50141">
<summary>
Do not audit attempts to send msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_msnp_client_packets" lineno="50160">
<summary>
Receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_msnp_client_packets" lineno="50179">
<summary>
Do not audit attempts to receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_msnp_client_packets" lineno="50198">
<summary>
Send and receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_msnp_client_packets" lineno="50214">
<summary>
Do not audit attempts to send and receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_msnp_client_packets" lineno="50229">
<summary>
Relabel packets to msnp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_msnp_server_packets" lineno="50249">
<summary>
Send msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_msnp_server_packets" lineno="50268">
<summary>
Do not audit attempts to send msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_msnp_server_packets" lineno="50287">
<summary>
Receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_msnp_server_packets" lineno="50306">
<summary>
Do not audit attempts to receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_msnp_server_packets" lineno="50325">
<summary>
Send and receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_msnp_server_packets" lineno="50341">
<summary>
Do not audit attempts to send and receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_msnp_server_packets" lineno="50356">
<summary>
Relabel packets to msnp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mssql_port" lineno="50378">
<summary>
Send and receive TCP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mssql_port" lineno="50393">
<summary>
Send UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mssql_port" lineno="50408">
<summary>
Do not audit attempts to send UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mssql_port" lineno="50423">
<summary>
Receive UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mssql_port" lineno="50438">
<summary>
Do not audit attempts to receive UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mssql_port" lineno="50453">
<summary>
Send and receive UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mssql_port" lineno="50469">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mssql_port" lineno="50484">
<summary>
Bind TCP sockets to the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mssql_port" lineno="50504">
<summary>
Bind UDP sockets to the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mssql_port" lineno="50523">
<summary>
Make a TCP connection to the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mssql_client_packets" lineno="50543">
<summary>
Send mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mssql_client_packets" lineno="50562">
<summary>
Do not audit attempts to send mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mssql_client_packets" lineno="50581">
<summary>
Receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mssql_client_packets" lineno="50600">
<summary>
Do not audit attempts to receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mssql_client_packets" lineno="50619">
<summary>
Send and receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mssql_client_packets" lineno="50635">
<summary>
Do not audit attempts to send and receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mssql_client_packets" lineno="50650">
<summary>
Relabel packets to mssql_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mssql_server_packets" lineno="50670">
<summary>
Send mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mssql_server_packets" lineno="50689">
<summary>
Do not audit attempts to send mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mssql_server_packets" lineno="50708">
<summary>
Receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mssql_server_packets" lineno="50727">
<summary>
Do not audit attempts to receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mssql_server_packets" lineno="50746">
<summary>
Send and receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mssql_server_packets" lineno="50762">
<summary>
Do not audit attempts to send and receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mssql_server_packets" lineno="50777">
<summary>
Relabel packets to mssql_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ms_streaming_port" lineno="50799">
<summary>
Send and receive TCP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ms_streaming_port" lineno="50814">
<summary>
Send UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ms_streaming_port" lineno="50829">
<summary>
Do not audit attempts to send UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ms_streaming_port" lineno="50844">
<summary>
Receive UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ms_streaming_port" lineno="50859">
<summary>
Do not audit attempts to receive UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ms_streaming_port" lineno="50874">
<summary>
Send and receive UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ms_streaming_port" lineno="50890">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ms_streaming_port" lineno="50905">
<summary>
Bind TCP sockets to the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ms_streaming_port" lineno="50925">
<summary>
Bind UDP sockets to the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ms_streaming_port" lineno="50944">
<summary>
Make a TCP connection to the ms_streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ms_streaming_client_packets" lineno="50964">
<summary>
Send ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ms_streaming_client_packets" lineno="50983">
<summary>
Do not audit attempts to send ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ms_streaming_client_packets" lineno="51002">
<summary>
Receive ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ms_streaming_client_packets" lineno="51021">
<summary>
Do not audit attempts to receive ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ms_streaming_client_packets" lineno="51040">
<summary>
Send and receive ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ms_streaming_client_packets" lineno="51056">
<summary>
Do not audit attempts to send and receive ms_streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ms_streaming_client_packets" lineno="51071">
<summary>
Relabel packets to ms_streaming_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ms_streaming_server_packets" lineno="51091">
<summary>
Send ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ms_streaming_server_packets" lineno="51110">
<summary>
Do not audit attempts to send ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ms_streaming_server_packets" lineno="51129">
<summary>
Receive ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ms_streaming_server_packets" lineno="51148">
<summary>
Do not audit attempts to receive ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ms_streaming_server_packets" lineno="51167">
<summary>
Send and receive ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ms_streaming_server_packets" lineno="51183">
<summary>
Do not audit attempts to send and receive ms_streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ms_streaming_server_packets" lineno="51198">
<summary>
Relabel packets to ms_streaming_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_munin_port" lineno="51220">
<summary>
Send and receive TCP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_munin_port" lineno="51235">
<summary>
Send UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_munin_port" lineno="51250">
<summary>
Do not audit attempts to send UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_munin_port" lineno="51265">
<summary>
Receive UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_munin_port" lineno="51280">
<summary>
Do not audit attempts to receive UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_munin_port" lineno="51295">
<summary>
Send and receive UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_munin_port" lineno="51311">
<summary>
Do not audit attempts to send and receive
UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_munin_port" lineno="51326">
<summary>
Bind TCP sockets to the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_munin_port" lineno="51346">
<summary>
Bind UDP sockets to the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_munin_port" lineno="51365">
<summary>
Make a TCP connection to the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_munin_client_packets" lineno="51385">
<summary>
Send munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_munin_client_packets" lineno="51404">
<summary>
Do not audit attempts to send munin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_munin_client_packets" lineno="51423">
<summary>
Receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_munin_client_packets" lineno="51442">
<summary>
Do not audit attempts to receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_munin_client_packets" lineno="51461">
<summary>
Send and receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_munin_client_packets" lineno="51477">
<summary>
Do not audit attempts to send and receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_munin_client_packets" lineno="51492">
<summary>
Relabel packets to munin_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_munin_server_packets" lineno="51512">
<summary>
Send munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_munin_server_packets" lineno="51531">
<summary>
Do not audit attempts to send munin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_munin_server_packets" lineno="51550">
<summary>
Receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_munin_server_packets" lineno="51569">
<summary>
Do not audit attempts to receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_munin_server_packets" lineno="51588">
<summary>
Send and receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_munin_server_packets" lineno="51604">
<summary>
Do not audit attempts to send and receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_munin_server_packets" lineno="51619">
<summary>
Relabel packets to munin_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mxi_port" lineno="51641">
<summary>
Send and receive TCP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mxi_port" lineno="51656">
<summary>
Send UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mxi_port" lineno="51671">
<summary>
Do not audit attempts to send UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mxi_port" lineno="51686">
<summary>
Receive UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mxi_port" lineno="51701">
<summary>
Do not audit attempts to receive UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mxi_port" lineno="51716">
<summary>
Send and receive UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mxi_port" lineno="51732">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mxi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mxi_port" lineno="51747">
<summary>
Bind TCP sockets to the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mxi_port" lineno="51767">
<summary>
Bind UDP sockets to the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mxi_port" lineno="51786">
<summary>
Make a TCP connection to the mxi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mxi_client_packets" lineno="51806">
<summary>
Send mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mxi_client_packets" lineno="51825">
<summary>
Do not audit attempts to send mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mxi_client_packets" lineno="51844">
<summary>
Receive mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mxi_client_packets" lineno="51863">
<summary>
Do not audit attempts to receive mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mxi_client_packets" lineno="51882">
<summary>
Send and receive mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mxi_client_packets" lineno="51898">
<summary>
Do not audit attempts to send and receive mxi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mxi_client_packets" lineno="51913">
<summary>
Relabel packets to mxi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mxi_server_packets" lineno="51933">
<summary>
Send mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mxi_server_packets" lineno="51952">
<summary>
Do not audit attempts to send mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mxi_server_packets" lineno="51971">
<summary>
Receive mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mxi_server_packets" lineno="51990">
<summary>
Do not audit attempts to receive mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mxi_server_packets" lineno="52009">
<summary>
Send and receive mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mxi_server_packets" lineno="52025">
<summary>
Do not audit attempts to send and receive mxi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mxi_server_packets" lineno="52040">
<summary>
Relabel packets to mxi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mysqld_port" lineno="52062">
<summary>
Send and receive TCP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mysqld_port" lineno="52077">
<summary>
Send UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mysqld_port" lineno="52092">
<summary>
Do not audit attempts to send UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mysqld_port" lineno="52107">
<summary>
Receive UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mysqld_port" lineno="52122">
<summary>
Do not audit attempts to receive UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mysqld_port" lineno="52137">
<summary>
Send and receive UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mysqld_port" lineno="52153">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mysqld_port" lineno="52168">
<summary>
Bind TCP sockets to the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mysqld_port" lineno="52188">
<summary>
Bind UDP sockets to the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mysqld_port" lineno="52207">
<summary>
Make a TCP connection to the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqld_client_packets" lineno="52227">
<summary>
Send mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqld_client_packets" lineno="52246">
<summary>
Do not audit attempts to send mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqld_client_packets" lineno="52265">
<summary>
Receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqld_client_packets" lineno="52284">
<summary>
Do not audit attempts to receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqld_client_packets" lineno="52303">
<summary>
Send and receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqld_client_packets" lineno="52319">
<summary>
Do not audit attempts to send and receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqld_client_packets" lineno="52334">
<summary>
Relabel packets to mysqld_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqld_server_packets" lineno="52354">
<summary>
Send mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqld_server_packets" lineno="52373">
<summary>
Do not audit attempts to send mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqld_server_packets" lineno="52392">
<summary>
Receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqld_server_packets" lineno="52411">
<summary>
Do not audit attempts to receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqld_server_packets" lineno="52430">
<summary>
Send and receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqld_server_packets" lineno="52446">
<summary>
Do not audit attempts to send and receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqld_server_packets" lineno="52461">
<summary>
Relabel packets to mysqld_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mysqlmanagerd_port" lineno="52483">
<summary>
Send and receive TCP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mysqlmanagerd_port" lineno="52498">
<summary>
Send UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mysqlmanagerd_port" lineno="52513">
<summary>
Do not audit attempts to send UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mysqlmanagerd_port" lineno="52528">
<summary>
Receive UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mysqlmanagerd_port" lineno="52543">
<summary>
Do not audit attempts to receive UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mysqlmanagerd_port" lineno="52558">
<summary>
Send and receive UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mysqlmanagerd_port" lineno="52574">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mysqlmanagerd_port" lineno="52589">
<summary>
Bind TCP sockets to the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mysqlmanagerd_port" lineno="52609">
<summary>
Bind UDP sockets to the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mysqlmanagerd_port" lineno="52628">
<summary>
Make a TCP connection to the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqlmanagerd_client_packets" lineno="52648">
<summary>
Send mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqlmanagerd_client_packets" lineno="52667">
<summary>
Do not audit attempts to send mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqlmanagerd_client_packets" lineno="52686">
<summary>
Receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqlmanagerd_client_packets" lineno="52705">
<summary>
Do not audit attempts to receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqlmanagerd_client_packets" lineno="52724">
<summary>
Send and receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_client_packets" lineno="52740">
<summary>
Do not audit attempts to send and receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqlmanagerd_client_packets" lineno="52755">
<summary>
Relabel packets to mysqlmanagerd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqlmanagerd_server_packets" lineno="52775">
<summary>
Send mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqlmanagerd_server_packets" lineno="52794">
<summary>
Do not audit attempts to send mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqlmanagerd_server_packets" lineno="52813">
<summary>
Receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqlmanagerd_server_packets" lineno="52832">
<summary>
Do not audit attempts to receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqlmanagerd_server_packets" lineno="52851">
<summary>
Send and receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_server_packets" lineno="52867">
<summary>
Do not audit attempts to send and receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqlmanagerd_server_packets" lineno="52882">
<summary>
Relabel packets to mysqlmanagerd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nessus_port" lineno="52904">
<summary>
Send and receive TCP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nessus_port" lineno="52919">
<summary>
Send UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nessus_port" lineno="52934">
<summary>
Do not audit attempts to send UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nessus_port" lineno="52949">
<summary>
Receive UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nessus_port" lineno="52964">
<summary>
Do not audit attempts to receive UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nessus_port" lineno="52979">
<summary>
Send and receive UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nessus_port" lineno="52995">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nessus_port" lineno="53010">
<summary>
Bind TCP sockets to the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nessus_port" lineno="53030">
<summary>
Bind UDP sockets to the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nessus_port" lineno="53049">
<summary>
Make a TCP connection to the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nessus_client_packets" lineno="53069">
<summary>
Send nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nessus_client_packets" lineno="53088">
<summary>
Do not audit attempts to send nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nessus_client_packets" lineno="53107">
<summary>
Receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nessus_client_packets" lineno="53126">
<summary>
Do not audit attempts to receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nessus_client_packets" lineno="53145">
<summary>
Send and receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nessus_client_packets" lineno="53161">
<summary>
Do not audit attempts to send and receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nessus_client_packets" lineno="53176">
<summary>
Relabel packets to nessus_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nessus_server_packets" lineno="53196">
<summary>
Send nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nessus_server_packets" lineno="53215">
<summary>
Do not audit attempts to send nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nessus_server_packets" lineno="53234">
<summary>
Receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nessus_server_packets" lineno="53253">
<summary>
Do not audit attempts to receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nessus_server_packets" lineno="53272">
<summary>
Send and receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nessus_server_packets" lineno="53288">
<summary>
Do not audit attempts to send and receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nessus_server_packets" lineno="53303">
<summary>
Relabel packets to nessus_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_netport_port" lineno="53325">
<summary>
Send and receive TCP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_netport_port" lineno="53340">
<summary>
Send UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_netport_port" lineno="53355">
<summary>
Do not audit attempts to send UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_netport_port" lineno="53370">
<summary>
Receive UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_netport_port" lineno="53385">
<summary>
Do not audit attempts to receive UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_netport_port" lineno="53400">
<summary>
Send and receive UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_netport_port" lineno="53416">
<summary>
Do not audit attempts to send and receive
UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_netport_port" lineno="53431">
<summary>
Bind TCP sockets to the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_netport_port" lineno="53451">
<summary>
Bind UDP sockets to the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_netport_port" lineno="53470">
<summary>
Make a TCP connection to the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netport_client_packets" lineno="53490">
<summary>
Send netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netport_client_packets" lineno="53509">
<summary>
Do not audit attempts to send netport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netport_client_packets" lineno="53528">
<summary>
Receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netport_client_packets" lineno="53547">
<summary>
Do not audit attempts to receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netport_client_packets" lineno="53566">
<summary>
Send and receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netport_client_packets" lineno="53582">
<summary>
Do not audit attempts to send and receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netport_client_packets" lineno="53597">
<summary>
Relabel packets to netport_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netport_server_packets" lineno="53617">
<summary>
Send netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netport_server_packets" lineno="53636">
<summary>
Do not audit attempts to send netport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netport_server_packets" lineno="53655">
<summary>
Receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netport_server_packets" lineno="53674">
<summary>
Do not audit attempts to receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netport_server_packets" lineno="53693">
<summary>
Send and receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netport_server_packets" lineno="53709">
<summary>
Do not audit attempts to send and receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netport_server_packets" lineno="53724">
<summary>
Relabel packets to netport_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_netsupport_port" lineno="53746">
<summary>
Send and receive TCP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_netsupport_port" lineno="53761">
<summary>
Send UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_netsupport_port" lineno="53776">
<summary>
Do not audit attempts to send UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_netsupport_port" lineno="53791">
<summary>
Receive UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_netsupport_port" lineno="53806">
<summary>
Do not audit attempts to receive UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_netsupport_port" lineno="53821">
<summary>
Send and receive UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_netsupport_port" lineno="53837">
<summary>
Do not audit attempts to send and receive
UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_netsupport_port" lineno="53852">
<summary>
Bind TCP sockets to the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_netsupport_port" lineno="53872">
<summary>
Bind UDP sockets to the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_netsupport_port" lineno="53891">
<summary>
Make a TCP connection to the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netsupport_client_packets" lineno="53911">
<summary>
Send netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netsupport_client_packets" lineno="53930">
<summary>
Do not audit attempts to send netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netsupport_client_packets" lineno="53949">
<summary>
Receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netsupport_client_packets" lineno="53968">
<summary>
Do not audit attempts to receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netsupport_client_packets" lineno="53987">
<summary>
Send and receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netsupport_client_packets" lineno="54003">
<summary>
Do not audit attempts to send and receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netsupport_client_packets" lineno="54018">
<summary>
Relabel packets to netsupport_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netsupport_server_packets" lineno="54038">
<summary>
Send netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netsupport_server_packets" lineno="54057">
<summary>
Do not audit attempts to send netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netsupport_server_packets" lineno="54076">
<summary>
Receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netsupport_server_packets" lineno="54095">
<summary>
Do not audit attempts to receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netsupport_server_packets" lineno="54114">
<summary>
Send and receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netsupport_server_packets" lineno="54130">
<summary>
Do not audit attempts to send and receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netsupport_server_packets" lineno="54145">
<summary>
Relabel packets to netsupport_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nfs_port" lineno="54167">
<summary>
Send and receive TCP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nfs_port" lineno="54182">
<summary>
Send UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nfs_port" lineno="54197">
<summary>
Do not audit attempts to send UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nfs_port" lineno="54212">
<summary>
Receive UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nfs_port" lineno="54227">
<summary>
Do not audit attempts to receive UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nfs_port" lineno="54242">
<summary>
Send and receive UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nfs_port" lineno="54258">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nfs_port" lineno="54273">
<summary>
Bind TCP sockets to the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nfs_port" lineno="54293">
<summary>
Bind UDP sockets to the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nfs_port" lineno="54312">
<summary>
Make a TCP connection to the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nfs_client_packets" lineno="54332">
<summary>
Send nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nfs_client_packets" lineno="54351">
<summary>
Do not audit attempts to send nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nfs_client_packets" lineno="54370">
<summary>
Receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nfs_client_packets" lineno="54389">
<summary>
Do not audit attempts to receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nfs_client_packets" lineno="54408">
<summary>
Send and receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nfs_client_packets" lineno="54424">
<summary>
Do not audit attempts to send and receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nfs_client_packets" lineno="54439">
<summary>
Relabel packets to nfs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nfs_server_packets" lineno="54459">
<summary>
Send nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nfs_server_packets" lineno="54478">
<summary>
Do not audit attempts to send nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nfs_server_packets" lineno="54497">
<summary>
Receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nfs_server_packets" lineno="54516">
<summary>
Do not audit attempts to receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nfs_server_packets" lineno="54535">
<summary>
Send and receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nfs_server_packets" lineno="54551">
<summary>
Do not audit attempts to send and receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nfs_server_packets" lineno="54566">
<summary>
Relabel packets to nfs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nfsrdma_port" lineno="54588">
<summary>
Send and receive TCP traffic on the nfsrdma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nfsrdma_port" lineno="54603">
<summary>
Send UDP traffic on the nfsrdma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nfsrdma_port" lineno="54618">
<summary>
Do not audit attempts to send UDP traffic on the nfsrdma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nfsrdma_port" lineno="54633">
<summary>
Receive UDP traffic on the nfsrdma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nfsrdma_port" lineno="54648">
<summary>
Do not audit attempts to receive UDP traffic on the nfsrdma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nfsrdma_port" lineno="54663">
<summary>
Send and receive UDP traffic on the nfsrdma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nfsrdma_port" lineno="54679">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nfsrdma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nfsrdma_port" lineno="54694">
<summary>
Bind TCP sockets to the nfsrdma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nfsrdma_port" lineno="54714">
<summary>
Bind UDP sockets to the nfsrdma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nfsrdma_port" lineno="54733">
<summary>
Make a TCP connection to the nfsrdma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nfsrdma_client_packets" lineno="54753">
<summary>
Send nfsrdma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nfsrdma_client_packets" lineno="54772">
<summary>
Do not audit attempts to send nfsrdma_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nfsrdma_client_packets" lineno="54791">
<summary>
Receive nfsrdma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nfsrdma_client_packets" lineno="54810">
<summary>
Do not audit attempts to receive nfsrdma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nfsrdma_client_packets" lineno="54829">
<summary>
Send and receive nfsrdma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nfsrdma_client_packets" lineno="54845">
<summary>
Do not audit attempts to send and receive nfsrdma_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nfsrdma_client_packets" lineno="54860">
<summary>
Relabel packets to nfsrdma_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nfsrdma_server_packets" lineno="54880">
<summary>
Send nfsrdma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nfsrdma_server_packets" lineno="54899">
<summary>
Do not audit attempts to send nfsrdma_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nfsrdma_server_packets" lineno="54918">
<summary>
Receive nfsrdma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nfsrdma_server_packets" lineno="54937">
<summary>
Do not audit attempts to receive nfsrdma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nfsrdma_server_packets" lineno="54956">
<summary>
Send and receive nfsrdma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nfsrdma_server_packets" lineno="54972">
<summary>
Do not audit attempts to send and receive nfsrdma_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nfsrdma_server_packets" lineno="54987">
<summary>
Relabel packets to nfsrdma_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nmbd_port" lineno="55009">
<summary>
Send and receive TCP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nmbd_port" lineno="55024">
<summary>
Send UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nmbd_port" lineno="55039">
<summary>
Do not audit attempts to send UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nmbd_port" lineno="55054">
<summary>
Receive UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nmbd_port" lineno="55069">
<summary>
Do not audit attempts to receive UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nmbd_port" lineno="55084">
<summary>
Send and receive UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nmbd_port" lineno="55100">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nmbd_port" lineno="55115">
<summary>
Bind TCP sockets to the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nmbd_port" lineno="55135">
<summary>
Bind UDP sockets to the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nmbd_port" lineno="55154">
<summary>
Make a TCP connection to the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nmbd_client_packets" lineno="55174">
<summary>
Send nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nmbd_client_packets" lineno="55193">
<summary>
Do not audit attempts to send nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nmbd_client_packets" lineno="55212">
<summary>
Receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nmbd_client_packets" lineno="55231">
<summary>
Do not audit attempts to receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nmbd_client_packets" lineno="55250">
<summary>
Send and receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nmbd_client_packets" lineno="55266">
<summary>
Do not audit attempts to send and receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nmbd_client_packets" lineno="55281">
<summary>
Relabel packets to nmbd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nmbd_server_packets" lineno="55301">
<summary>
Send nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nmbd_server_packets" lineno="55320">
<summary>
Do not audit attempts to send nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nmbd_server_packets" lineno="55339">
<summary>
Receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nmbd_server_packets" lineno="55358">
<summary>
Do not audit attempts to receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nmbd_server_packets" lineno="55377">
<summary>
Send and receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nmbd_server_packets" lineno="55393">
<summary>
Do not audit attempts to send and receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nmbd_server_packets" lineno="55408">
<summary>
Relabel packets to nmbd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ntop_port" lineno="55430">
<summary>
Send and receive TCP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ntop_port" lineno="55445">
<summary>
Send UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ntop_port" lineno="55460">
<summary>
Do not audit attempts to send UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ntop_port" lineno="55475">
<summary>
Receive UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ntop_port" lineno="55490">
<summary>
Do not audit attempts to receive UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ntop_port" lineno="55505">
<summary>
Send and receive UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ntop_port" lineno="55521">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ntop_port" lineno="55536">
<summary>
Bind TCP sockets to the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ntop_port" lineno="55556">
<summary>
Bind UDP sockets to the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ntop_port" lineno="55575">
<summary>
Make a TCP connection to the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntop_client_packets" lineno="55595">
<summary>
Send ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntop_client_packets" lineno="55614">
<summary>
Do not audit attempts to send ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntop_client_packets" lineno="55633">
<summary>
Receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntop_client_packets" lineno="55652">
<summary>
Do not audit attempts to receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntop_client_packets" lineno="55671">
<summary>
Send and receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntop_client_packets" lineno="55687">
<summary>
Do not audit attempts to send and receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntop_client_packets" lineno="55702">
<summary>
Relabel packets to ntop_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntop_server_packets" lineno="55722">
<summary>
Send ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntop_server_packets" lineno="55741">
<summary>
Do not audit attempts to send ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntop_server_packets" lineno="55760">
<summary>
Receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntop_server_packets" lineno="55779">
<summary>
Do not audit attempts to receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntop_server_packets" lineno="55798">
<summary>
Send and receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntop_server_packets" lineno="55814">
<summary>
Do not audit attempts to send and receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntop_server_packets" lineno="55829">
<summary>
Relabel packets to ntop_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ntp_port" lineno="55851">
<summary>
Send and receive TCP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ntp_port" lineno="55866">
<summary>
Send UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ntp_port" lineno="55881">
<summary>
Do not audit attempts to send UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ntp_port" lineno="55896">
<summary>
Receive UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ntp_port" lineno="55911">
<summary>
Do not audit attempts to receive UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ntp_port" lineno="55926">
<summary>
Send and receive UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ntp_port" lineno="55942">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ntp_port" lineno="55957">
<summary>
Bind TCP sockets to the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ntp_port" lineno="55977">
<summary>
Bind UDP sockets to the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ntp_port" lineno="55996">
<summary>
Make a TCP connection to the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntp_client_packets" lineno="56016">
<summary>
Send ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntp_client_packets" lineno="56035">
<summary>
Do not audit attempts to send ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntp_client_packets" lineno="56054">
<summary>
Receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntp_client_packets" lineno="56073">
<summary>
Do not audit attempts to receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntp_client_packets" lineno="56092">
<summary>
Send and receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntp_client_packets" lineno="56108">
<summary>
Do not audit attempts to send and receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntp_client_packets" lineno="56123">
<summary>
Relabel packets to ntp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntp_server_packets" lineno="56143">
<summary>
Send ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntp_server_packets" lineno="56162">
<summary>
Do not audit attempts to send ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntp_server_packets" lineno="56181">
<summary>
Receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntp_server_packets" lineno="56200">
<summary>
Do not audit attempts to receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntp_server_packets" lineno="56219">
<summary>
Send and receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntp_server_packets" lineno="56235">
<summary>
Do not audit attempts to send and receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntp_server_packets" lineno="56250">
<summary>
Relabel packets to ntp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_oa_system_port" lineno="56272">
<summary>
Send and receive TCP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_oa_system_port" lineno="56287">
<summary>
Send UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_oa_system_port" lineno="56302">
<summary>
Do not audit attempts to send UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_oa_system_port" lineno="56317">
<summary>
Receive UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_oa_system_port" lineno="56332">
<summary>
Do not audit attempts to receive UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_oa_system_port" lineno="56347">
<summary>
Send and receive UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_oa_system_port" lineno="56363">
<summary>
Do not audit attempts to send and receive
UDP traffic on the oa_system port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_oa_system_port" lineno="56378">
<summary>
Bind TCP sockets to the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_oa_system_port" lineno="56398">
<summary>
Bind UDP sockets to the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_oa_system_port" lineno="56417">
<summary>
Make a TCP connection to the oa_system port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_oa_system_client_packets" lineno="56437">
<summary>
Send oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_oa_system_client_packets" lineno="56456">
<summary>
Do not audit attempts to send oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_oa_system_client_packets" lineno="56475">
<summary>
Receive oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_oa_system_client_packets" lineno="56494">
<summary>
Do not audit attempts to receive oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_oa_system_client_packets" lineno="56513">
<summary>
Send and receive oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_oa_system_client_packets" lineno="56529">
<summary>
Do not audit attempts to send and receive oa_system_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_oa_system_client_packets" lineno="56544">
<summary>
Relabel packets to oa_system_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_oa_system_server_packets" lineno="56564">
<summary>
Send oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_oa_system_server_packets" lineno="56583">
<summary>
Do not audit attempts to send oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_oa_system_server_packets" lineno="56602">
<summary>
Receive oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_oa_system_server_packets" lineno="56621">
<summary>
Do not audit attempts to receive oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_oa_system_server_packets" lineno="56640">
<summary>
Send and receive oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_oa_system_server_packets" lineno="56656">
<summary>
Do not audit attempts to send and receive oa_system_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_oa_system_server_packets" lineno="56671">
<summary>
Relabel packets to oa_system_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_oracledb_port" lineno="56693">
<summary>
Send and receive TCP traffic on the oracledb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_oracledb_port" lineno="56708">
<summary>
Send UDP traffic on the oracledb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_oracledb_port" lineno="56723">
<summary>
Do not audit attempts to send UDP traffic on the oracledb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_oracledb_port" lineno="56738">
<summary>
Receive UDP traffic on the oracledb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_oracledb_port" lineno="56753">
<summary>
Do not audit attempts to receive UDP traffic on the oracledb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_oracledb_port" lineno="56768">
<summary>
Send and receive UDP traffic on the oracledb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_oracledb_port" lineno="56784">
<summary>
Do not audit attempts to send and receive
UDP traffic on the oracledb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_oracledb_port" lineno="56799">
<summary>
Bind TCP sockets to the oracledb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_oracledb_port" lineno="56819">
<summary>
Bind UDP sockets to the oracledb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_oracledb_port" lineno="56838">
<summary>
Make a TCP connection to the oracledb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_oracledb_client_packets" lineno="56858">
<summary>
Send oracledb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_oracledb_client_packets" lineno="56877">
<summary>
Do not audit attempts to send oracledb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_oracledb_client_packets" lineno="56896">
<summary>
Receive oracledb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_oracledb_client_packets" lineno="56915">
<summary>
Do not audit attempts to receive oracledb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_oracledb_client_packets" lineno="56934">
<summary>
Send and receive oracledb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_oracledb_client_packets" lineno="56950">
<summary>
Do not audit attempts to send and receive oracledb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_oracledb_client_packets" lineno="56965">
<summary>
Relabel packets to oracledb_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_oracledb_server_packets" lineno="56985">
<summary>
Send oracledb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_oracledb_server_packets" lineno="57004">
<summary>
Do not audit attempts to send oracledb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_oracledb_server_packets" lineno="57023">
<summary>
Receive oracledb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_oracledb_server_packets" lineno="57042">
<summary>
Do not audit attempts to receive oracledb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_oracledb_server_packets" lineno="57061">
<summary>
Send and receive oracledb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_oracledb_server_packets" lineno="57077">
<summary>
Do not audit attempts to send and receive oracledb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_oracledb_server_packets" lineno="57092">
<summary>
Relabel packets to oracledb_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ocsp_port" lineno="57114">
<summary>
Send and receive TCP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ocsp_port" lineno="57129">
<summary>
Send UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ocsp_port" lineno="57144">
<summary>
Do not audit attempts to send UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ocsp_port" lineno="57159">
<summary>
Receive UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ocsp_port" lineno="57174">
<summary>
Do not audit attempts to receive UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ocsp_port" lineno="57189">
<summary>
Send and receive UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ocsp_port" lineno="57205">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ocsp_port" lineno="57220">
<summary>
Bind TCP sockets to the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ocsp_port" lineno="57240">
<summary>
Bind UDP sockets to the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ocsp_port" lineno="57259">
<summary>
Make a TCP connection to the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ocsp_client_packets" lineno="57279">
<summary>
Send ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ocsp_client_packets" lineno="57298">
<summary>
Do not audit attempts to send ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ocsp_client_packets" lineno="57317">
<summary>
Receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ocsp_client_packets" lineno="57336">
<summary>
Do not audit attempts to receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ocsp_client_packets" lineno="57355">
<summary>
Send and receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ocsp_client_packets" lineno="57371">
<summary>
Do not audit attempts to send and receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ocsp_client_packets" lineno="57386">
<summary>
Relabel packets to ocsp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ocsp_server_packets" lineno="57406">
<summary>
Send ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ocsp_server_packets" lineno="57425">
<summary>
Do not audit attempts to send ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ocsp_server_packets" lineno="57444">
<summary>
Receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ocsp_server_packets" lineno="57463">
<summary>
Do not audit attempts to receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ocsp_server_packets" lineno="57482">
<summary>
Send and receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ocsp_server_packets" lineno="57498">
<summary>
Do not audit attempts to send and receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ocsp_server_packets" lineno="57513">
<summary>
Relabel packets to ocsp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_openhpid_port" lineno="57535">
<summary>
Send and receive TCP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_openhpid_port" lineno="57550">
<summary>
Send UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_openhpid_port" lineno="57565">
<summary>
Do not audit attempts to send UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_openhpid_port" lineno="57580">
<summary>
Receive UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_openhpid_port" lineno="57595">
<summary>
Do not audit attempts to receive UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_openhpid_port" lineno="57610">
<summary>
Send and receive UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_openhpid_port" lineno="57626">
<summary>
Do not audit attempts to send and receive
UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_openhpid_port" lineno="57641">
<summary>
Bind TCP sockets to the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_openhpid_port" lineno="57661">
<summary>
Bind UDP sockets to the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_openhpid_port" lineno="57680">
<summary>
Make a TCP connection to the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openhpid_client_packets" lineno="57700">
<summary>
Send openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openhpid_client_packets" lineno="57719">
<summary>
Do not audit attempts to send openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openhpid_client_packets" lineno="57738">
<summary>
Receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openhpid_client_packets" lineno="57757">
<summary>
Do not audit attempts to receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openhpid_client_packets" lineno="57776">
<summary>
Send and receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openhpid_client_packets" lineno="57792">
<summary>
Do not audit attempts to send and receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openhpid_client_packets" lineno="57807">
<summary>
Relabel packets to openhpid_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openhpid_server_packets" lineno="57827">
<summary>
Send openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openhpid_server_packets" lineno="57846">
<summary>
Do not audit attempts to send openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openhpid_server_packets" lineno="57865">
<summary>
Receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openhpid_server_packets" lineno="57884">
<summary>
Do not audit attempts to receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openhpid_server_packets" lineno="57903">
<summary>
Send and receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openhpid_server_packets" lineno="57919">
<summary>
Do not audit attempts to send and receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openhpid_server_packets" lineno="57934">
<summary>
Relabel packets to openhpid_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_openvpn_port" lineno="57956">
<summary>
Send and receive TCP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_openvpn_port" lineno="57971">
<summary>
Send UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_openvpn_port" lineno="57986">
<summary>
Do not audit attempts to send UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_openvpn_port" lineno="58001">
<summary>
Receive UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_openvpn_port" lineno="58016">
<summary>
Do not audit attempts to receive UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_openvpn_port" lineno="58031">
<summary>
Send and receive UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_openvpn_port" lineno="58047">
<summary>
Do not audit attempts to send and receive
UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_openvpn_port" lineno="58062">
<summary>
Bind TCP sockets to the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_openvpn_port" lineno="58082">
<summary>
Bind UDP sockets to the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_openvpn_port" lineno="58101">
<summary>
Make a TCP connection to the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openvpn_client_packets" lineno="58121">
<summary>
Send openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openvpn_client_packets" lineno="58140">
<summary>
Do not audit attempts to send openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openvpn_client_packets" lineno="58159">
<summary>
Receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openvpn_client_packets" lineno="58178">
<summary>
Do not audit attempts to receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openvpn_client_packets" lineno="58197">
<summary>
Send and receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openvpn_client_packets" lineno="58213">
<summary>
Do not audit attempts to send and receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openvpn_client_packets" lineno="58228">
<summary>
Relabel packets to openvpn_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openvpn_server_packets" lineno="58248">
<summary>
Send openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openvpn_server_packets" lineno="58267">
<summary>
Do not audit attempts to send openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openvpn_server_packets" lineno="58286">
<summary>
Receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openvpn_server_packets" lineno="58305">
<summary>
Do not audit attempts to receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openvpn_server_packets" lineno="58324">
<summary>
Send and receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openvpn_server_packets" lineno="58340">
<summary>
Do not audit attempts to send and receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openvpn_server_packets" lineno="58355">
<summary>
Relabel packets to openvpn_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pdps_port" lineno="58377">
<summary>
Send and receive TCP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pdps_port" lineno="58392">
<summary>
Send UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pdps_port" lineno="58407">
<summary>
Do not audit attempts to send UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pdps_port" lineno="58422">
<summary>
Receive UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pdps_port" lineno="58437">
<summary>
Do not audit attempts to receive UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pdps_port" lineno="58452">
<summary>
Send and receive UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pdps_port" lineno="58468">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pdps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pdps_port" lineno="58483">
<summary>
Bind TCP sockets to the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pdps_port" lineno="58503">
<summary>
Bind UDP sockets to the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pdps_port" lineno="58522">
<summary>
Make a TCP connection to the pdps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pdps_client_packets" lineno="58542">
<summary>
Send pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pdps_client_packets" lineno="58561">
<summary>
Do not audit attempts to send pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pdps_client_packets" lineno="58580">
<summary>
Receive pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pdps_client_packets" lineno="58599">
<summary>
Do not audit attempts to receive pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pdps_client_packets" lineno="58618">
<summary>
Send and receive pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pdps_client_packets" lineno="58634">
<summary>
Do not audit attempts to send and receive pdps_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pdps_client_packets" lineno="58649">
<summary>
Relabel packets to pdps_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pdps_server_packets" lineno="58669">
<summary>
Send pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pdps_server_packets" lineno="58688">
<summary>
Do not audit attempts to send pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pdps_server_packets" lineno="58707">
<summary>
Receive pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pdps_server_packets" lineno="58726">
<summary>
Do not audit attempts to receive pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pdps_server_packets" lineno="58745">
<summary>
Send and receive pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pdps_server_packets" lineno="58761">
<summary>
Do not audit attempts to send and receive pdps_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pdps_server_packets" lineno="58776">
<summary>
Relabel packets to pdps_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pegasus_http_port" lineno="58798">
<summary>
Send and receive TCP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pegasus_http_port" lineno="58813">
<summary>
Send UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pegasus_http_port" lineno="58828">
<summary>
Do not audit attempts to send UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pegasus_http_port" lineno="58843">
<summary>
Receive UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pegasus_http_port" lineno="58858">
<summary>
Do not audit attempts to receive UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pegasus_http_port" lineno="58873">
<summary>
Send and receive UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pegasus_http_port" lineno="58889">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pegasus_http_port" lineno="58904">
<summary>
Bind TCP sockets to the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pegasus_http_port" lineno="58924">
<summary>
Bind UDP sockets to the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pegasus_http_port" lineno="58943">
<summary>
Make a TCP connection to the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_http_client_packets" lineno="58963">
<summary>
Send pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_http_client_packets" lineno="58982">
<summary>
Do not audit attempts to send pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_http_client_packets" lineno="59001">
<summary>
Receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_http_client_packets" lineno="59020">
<summary>
Do not audit attempts to receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_http_client_packets" lineno="59039">
<summary>
Send and receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_http_client_packets" lineno="59055">
<summary>
Do not audit attempts to send and receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_http_client_packets" lineno="59070">
<summary>
Relabel packets to pegasus_http_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_http_server_packets" lineno="59090">
<summary>
Send pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_http_server_packets" lineno="59109">
<summary>
Do not audit attempts to send pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_http_server_packets" lineno="59128">
<summary>
Receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_http_server_packets" lineno="59147">
<summary>
Do not audit attempts to receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_http_server_packets" lineno="59166">
<summary>
Send and receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_http_server_packets" lineno="59182">
<summary>
Do not audit attempts to send and receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_http_server_packets" lineno="59197">
<summary>
Relabel packets to pegasus_http_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pegasus_https_port" lineno="59219">
<summary>
Send and receive TCP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pegasus_https_port" lineno="59234">
<summary>
Send UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pegasus_https_port" lineno="59249">
<summary>
Do not audit attempts to send UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pegasus_https_port" lineno="59264">
<summary>
Receive UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pegasus_https_port" lineno="59279">
<summary>
Do not audit attempts to receive UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pegasus_https_port" lineno="59294">
<summary>
Send and receive UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pegasus_https_port" lineno="59310">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pegasus_https_port" lineno="59325">
<summary>
Bind TCP sockets to the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pegasus_https_port" lineno="59345">
<summary>
Bind UDP sockets to the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pegasus_https_port" lineno="59364">
<summary>
Make a TCP connection to the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_https_client_packets" lineno="59384">
<summary>
Send pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_https_client_packets" lineno="59403">
<summary>
Do not audit attempts to send pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_https_client_packets" lineno="59422">
<summary>
Receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_https_client_packets" lineno="59441">
<summary>
Do not audit attempts to receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_https_client_packets" lineno="59460">
<summary>
Send and receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_https_client_packets" lineno="59476">
<summary>
Do not audit attempts to send and receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_https_client_packets" lineno="59491">
<summary>
Relabel packets to pegasus_https_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_https_server_packets" lineno="59511">
<summary>
Send pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_https_server_packets" lineno="59530">
<summary>
Do not audit attempts to send pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_https_server_packets" lineno="59549">
<summary>
Receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_https_server_packets" lineno="59568">
<summary>
Do not audit attempts to receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_https_server_packets" lineno="59587">
<summary>
Send and receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_https_server_packets" lineno="59603">
<summary>
Do not audit attempts to send and receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_https_server_packets" lineno="59618">
<summary>
Relabel packets to pegasus_https_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pgpkeyserver_port" lineno="59640">
<summary>
Send and receive TCP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pgpkeyserver_port" lineno="59655">
<summary>
Send UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pgpkeyserver_port" lineno="59670">
<summary>
Do not audit attempts to send UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pgpkeyserver_port" lineno="59685">
<summary>
Receive UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pgpkeyserver_port" lineno="59700">
<summary>
Do not audit attempts to receive UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pgpkeyserver_port" lineno="59715">
<summary>
Send and receive UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pgpkeyserver_port" lineno="59731">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pgpkeyserver_port" lineno="59746">
<summary>
Bind TCP sockets to the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pgpkeyserver_port" lineno="59766">
<summary>
Bind UDP sockets to the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pgpkeyserver_port" lineno="59785">
<summary>
Make a TCP connection to the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pgpkeyserver_client_packets" lineno="59805">
<summary>
Send pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pgpkeyserver_client_packets" lineno="59824">
<summary>
Do not audit attempts to send pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pgpkeyserver_client_packets" lineno="59843">
<summary>
Receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pgpkeyserver_client_packets" lineno="59862">
<summary>
Do not audit attempts to receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pgpkeyserver_client_packets" lineno="59881">
<summary>
Send and receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_client_packets" lineno="59897">
<summary>
Do not audit attempts to send and receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pgpkeyserver_client_packets" lineno="59912">
<summary>
Relabel packets to pgpkeyserver_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pgpkeyserver_server_packets" lineno="59932">
<summary>
Send pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pgpkeyserver_server_packets" lineno="59951">
<summary>
Do not audit attempts to send pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pgpkeyserver_server_packets" lineno="59970">
<summary>
Receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pgpkeyserver_server_packets" lineno="59989">
<summary>
Do not audit attempts to receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pgpkeyserver_server_packets" lineno="60008">
<summary>
Send and receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_server_packets" lineno="60024">
<summary>
Do not audit attempts to send and receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pgpkeyserver_server_packets" lineno="60039">
<summary>
Relabel packets to pgpkeyserver_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pingd_port" lineno="60061">
<summary>
Send and receive TCP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pingd_port" lineno="60076">
<summary>
Send UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pingd_port" lineno="60091">
<summary>
Do not audit attempts to send UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pingd_port" lineno="60106">
<summary>
Receive UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pingd_port" lineno="60121">
<summary>
Do not audit attempts to receive UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pingd_port" lineno="60136">
<summary>
Send and receive UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pingd_port" lineno="60152">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pingd_port" lineno="60167">
<summary>
Bind TCP sockets to the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pingd_port" lineno="60187">
<summary>
Bind UDP sockets to the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pingd_port" lineno="60206">
<summary>
Make a TCP connection to the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pingd_client_packets" lineno="60226">
<summary>
Send pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pingd_client_packets" lineno="60245">
<summary>
Do not audit attempts to send pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pingd_client_packets" lineno="60264">
<summary>
Receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pingd_client_packets" lineno="60283">
<summary>
Do not audit attempts to receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pingd_client_packets" lineno="60302">
<summary>
Send and receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pingd_client_packets" lineno="60318">
<summary>
Do not audit attempts to send and receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pingd_client_packets" lineno="60333">
<summary>
Relabel packets to pingd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pingd_server_packets" lineno="60353">
<summary>
Send pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pingd_server_packets" lineno="60372">
<summary>
Do not audit attempts to send pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pingd_server_packets" lineno="60391">
<summary>
Receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pingd_server_packets" lineno="60410">
<summary>
Do not audit attempts to receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pingd_server_packets" lineno="60429">
<summary>
Send and receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pingd_server_packets" lineno="60445">
<summary>
Do not audit attempts to send and receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pingd_server_packets" lineno="60460">
<summary>
Relabel packets to pingd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pktcable_cops_port" lineno="60482">
<summary>
Send and receive TCP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pktcable_cops_port" lineno="60497">
<summary>
Send UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pktcable_cops_port" lineno="60512">
<summary>
Do not audit attempts to send UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pktcable_cops_port" lineno="60527">
<summary>
Receive UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pktcable_cops_port" lineno="60542">
<summary>
Do not audit attempts to receive UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pktcable_cops_port" lineno="60557">
<summary>
Send and receive UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pktcable_cops_port" lineno="60573">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pktcable_cops_port" lineno="60588">
<summary>
Bind TCP sockets to the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pktcable_cops_port" lineno="60608">
<summary>
Bind UDP sockets to the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pktcable_cops_port" lineno="60627">
<summary>
Make a TCP connection to the pktcable_cops port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pktcable_cops_client_packets" lineno="60647">
<summary>
Send pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pktcable_cops_client_packets" lineno="60666">
<summary>
Do not audit attempts to send pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pktcable_cops_client_packets" lineno="60685">
<summary>
Receive pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pktcable_cops_client_packets" lineno="60704">
<summary>
Do not audit attempts to receive pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pktcable_cops_client_packets" lineno="60723">
<summary>
Send and receive pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pktcable_cops_client_packets" lineno="60739">
<summary>
Do not audit attempts to send and receive pktcable_cops_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pktcable_cops_client_packets" lineno="60754">
<summary>
Relabel packets to pktcable_cops_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pktcable_cops_server_packets" lineno="60774">
<summary>
Send pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pktcable_cops_server_packets" lineno="60793">
<summary>
Do not audit attempts to send pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pktcable_cops_server_packets" lineno="60812">
<summary>
Receive pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pktcable_cops_server_packets" lineno="60831">
<summary>
Do not audit attempts to receive pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pktcable_cops_server_packets" lineno="60850">
<summary>
Send and receive pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pktcable_cops_server_packets" lineno="60866">
<summary>
Do not audit attempts to send and receive pktcable_cops_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pktcable_cops_server_packets" lineno="60881">
<summary>
Relabel packets to pktcable_cops_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pop_port" lineno="60903">
<summary>
Send and receive TCP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pop_port" lineno="60918">
<summary>
Send UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pop_port" lineno="60933">
<summary>
Do not audit attempts to send UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pop_port" lineno="60948">
<summary>
Receive UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pop_port" lineno="60963">
<summary>
Do not audit attempts to receive UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pop_port" lineno="60978">
<summary>
Send and receive UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pop_port" lineno="60994">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pop_port" lineno="61009">
<summary>
Bind TCP sockets to the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pop_port" lineno="61029">
<summary>
Bind UDP sockets to the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pop_port" lineno="61048">
<summary>
Make a TCP connection to the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pop_client_packets" lineno="61068">
<summary>
Send pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pop_client_packets" lineno="61087">
<summary>
Do not audit attempts to send pop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pop_client_packets" lineno="61106">
<summary>
Receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pop_client_packets" lineno="61125">
<summary>
Do not audit attempts to receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pop_client_packets" lineno="61144">
<summary>
Send and receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pop_client_packets" lineno="61160">
<summary>
Do not audit attempts to send and receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pop_client_packets" lineno="61175">
<summary>
Relabel packets to pop_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pop_server_packets" lineno="61195">
<summary>
Send pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pop_server_packets" lineno="61214">
<summary>
Do not audit attempts to send pop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pop_server_packets" lineno="61233">
<summary>
Receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pop_server_packets" lineno="61252">
<summary>
Do not audit attempts to receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pop_server_packets" lineno="61271">
<summary>
Send and receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pop_server_packets" lineno="61287">
<summary>
Do not audit attempts to send and receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pop_server_packets" lineno="61302">
<summary>
Relabel packets to pop_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_portmap_port" lineno="61324">
<summary>
Send and receive TCP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_portmap_port" lineno="61339">
<summary>
Send UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_portmap_port" lineno="61354">
<summary>
Do not audit attempts to send UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_portmap_port" lineno="61369">
<summary>
Receive UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_portmap_port" lineno="61384">
<summary>
Do not audit attempts to receive UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_portmap_port" lineno="61399">
<summary>
Send and receive UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_portmap_port" lineno="61415">
<summary>
Do not audit attempts to send and receive
UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_portmap_port" lineno="61430">
<summary>
Bind TCP sockets to the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_portmap_port" lineno="61450">
<summary>
Bind UDP sockets to the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_portmap_port" lineno="61469">
<summary>
Make a TCP connection to the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_portmap_client_packets" lineno="61489">
<summary>
Send portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_portmap_client_packets" lineno="61508">
<summary>
Do not audit attempts to send portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_portmap_client_packets" lineno="61527">
<summary>
Receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_portmap_client_packets" lineno="61546">
<summary>
Do not audit attempts to receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_portmap_client_packets" lineno="61565">
<summary>
Send and receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_portmap_client_packets" lineno="61581">
<summary>
Do not audit attempts to send and receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_portmap_client_packets" lineno="61596">
<summary>
Relabel packets to portmap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_portmap_server_packets" lineno="61616">
<summary>
Send portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_portmap_server_packets" lineno="61635">
<summary>
Do not audit attempts to send portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_portmap_server_packets" lineno="61654">
<summary>
Receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_portmap_server_packets" lineno="61673">
<summary>
Do not audit attempts to receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_portmap_server_packets" lineno="61692">
<summary>
Send and receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_portmap_server_packets" lineno="61708">
<summary>
Do not audit attempts to send and receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_portmap_server_packets" lineno="61723">
<summary>
Relabel packets to portmap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_postfix_policyd_port" lineno="61745">
<summary>
Send and receive TCP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_postfix_policyd_port" lineno="61760">
<summary>
Send UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_postfix_policyd_port" lineno="61775">
<summary>
Do not audit attempts to send UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_postfix_policyd_port" lineno="61790">
<summary>
Receive UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_postfix_policyd_port" lineno="61805">
<summary>
Do not audit attempts to receive UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_postfix_policyd_port" lineno="61820">
<summary>
Send and receive UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_postfix_policyd_port" lineno="61836">
<summary>
Do not audit attempts to send and receive
UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_postfix_policyd_port" lineno="61851">
<summary>
Bind TCP sockets to the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_postfix_policyd_port" lineno="61871">
<summary>
Bind UDP sockets to the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_postfix_policyd_port" lineno="61890">
<summary>
Make a TCP connection to the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postfix_policyd_client_packets" lineno="61910">
<summary>
Send postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postfix_policyd_client_packets" lineno="61929">
<summary>
Do not audit attempts to send postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postfix_policyd_client_packets" lineno="61948">
<summary>
Receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postfix_policyd_client_packets" lineno="61967">
<summary>
Do not audit attempts to receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postfix_policyd_client_packets" lineno="61986">
<summary>
Send and receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postfix_policyd_client_packets" lineno="62002">
<summary>
Do not audit attempts to send and receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postfix_policyd_client_packets" lineno="62017">
<summary>
Relabel packets to postfix_policyd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postfix_policyd_server_packets" lineno="62037">
<summary>
Send postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postfix_policyd_server_packets" lineno="62056">
<summary>
Do not audit attempts to send postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postfix_policyd_server_packets" lineno="62075">
<summary>
Receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postfix_policyd_server_packets" lineno="62094">
<summary>
Do not audit attempts to receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postfix_policyd_server_packets" lineno="62113">
<summary>
Send and receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postfix_policyd_server_packets" lineno="62129">
<summary>
Do not audit attempts to send and receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postfix_policyd_server_packets" lineno="62144">
<summary>
Relabel packets to postfix_policyd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_postgresql_port" lineno="62166">
<summary>
Send and receive TCP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_postgresql_port" lineno="62181">
<summary>
Send UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_postgresql_port" lineno="62196">
<summary>
Do not audit attempts to send UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_postgresql_port" lineno="62211">
<summary>
Receive UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_postgresql_port" lineno="62226">
<summary>
Do not audit attempts to receive UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_postgresql_port" lineno="62241">
<summary>
Send and receive UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_postgresql_port" lineno="62257">
<summary>
Do not audit attempts to send and receive
UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_postgresql_port" lineno="62272">
<summary>
Bind TCP sockets to the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_postgresql_port" lineno="62292">
<summary>
Bind UDP sockets to the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_postgresql_port" lineno="62311">
<summary>
Make a TCP connection to the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgresql_client_packets" lineno="62331">
<summary>
Send postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgresql_client_packets" lineno="62350">
<summary>
Do not audit attempts to send postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgresql_client_packets" lineno="62369">
<summary>
Receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgresql_client_packets" lineno="62388">
<summary>
Do not audit attempts to receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgresql_client_packets" lineno="62407">
<summary>
Send and receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgresql_client_packets" lineno="62423">
<summary>
Do not audit attempts to send and receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgresql_client_packets" lineno="62438">
<summary>
Relabel packets to postgresql_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgresql_server_packets" lineno="62458">
<summary>
Send postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgresql_server_packets" lineno="62477">
<summary>
Do not audit attempts to send postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgresql_server_packets" lineno="62496">
<summary>
Receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgresql_server_packets" lineno="62515">
<summary>
Do not audit attempts to receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgresql_server_packets" lineno="62534">
<summary>
Send and receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgresql_server_packets" lineno="62550">
<summary>
Do not audit attempts to send and receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgresql_server_packets" lineno="62565">
<summary>
Relabel packets to postgresql_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_postgrey_port" lineno="62587">
<summary>
Send and receive TCP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_postgrey_port" lineno="62602">
<summary>
Send UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_postgrey_port" lineno="62617">
<summary>
Do not audit attempts to send UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_postgrey_port" lineno="62632">
<summary>
Receive UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_postgrey_port" lineno="62647">
<summary>
Do not audit attempts to receive UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_postgrey_port" lineno="62662">
<summary>
Send and receive UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_postgrey_port" lineno="62678">
<summary>
Do not audit attempts to send and receive
UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_postgrey_port" lineno="62693">
<summary>
Bind TCP sockets to the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_postgrey_port" lineno="62713">
<summary>
Bind UDP sockets to the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_postgrey_port" lineno="62732">
<summary>
Make a TCP connection to the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgrey_client_packets" lineno="62752">
<summary>
Send postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgrey_client_packets" lineno="62771">
<summary>
Do not audit attempts to send postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgrey_client_packets" lineno="62790">
<summary>
Receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgrey_client_packets" lineno="62809">
<summary>
Do not audit attempts to receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgrey_client_packets" lineno="62828">
<summary>
Send and receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgrey_client_packets" lineno="62844">
<summary>
Do not audit attempts to send and receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgrey_client_packets" lineno="62859">
<summary>
Relabel packets to postgrey_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgrey_server_packets" lineno="62879">
<summary>
Send postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgrey_server_packets" lineno="62898">
<summary>
Do not audit attempts to send postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgrey_server_packets" lineno="62917">
<summary>
Receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgrey_server_packets" lineno="62936">
<summary>
Do not audit attempts to receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgrey_server_packets" lineno="62955">
<summary>
Send and receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgrey_server_packets" lineno="62971">
<summary>
Do not audit attempts to send and receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgrey_server_packets" lineno="62986">
<summary>
Relabel packets to postgrey_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pptp_port" lineno="63008">
<summary>
Send and receive TCP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pptp_port" lineno="63023">
<summary>
Send UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pptp_port" lineno="63038">
<summary>
Do not audit attempts to send UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pptp_port" lineno="63053">
<summary>
Receive UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pptp_port" lineno="63068">
<summary>
Do not audit attempts to receive UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pptp_port" lineno="63083">
<summary>
Send and receive UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pptp_port" lineno="63099">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pptp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pptp_port" lineno="63114">
<summary>
Bind TCP sockets to the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pptp_port" lineno="63134">
<summary>
Bind UDP sockets to the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pptp_port" lineno="63153">
<summary>
Make a TCP connection to the pptp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pptp_client_packets" lineno="63173">
<summary>
Send pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pptp_client_packets" lineno="63192">
<summary>
Do not audit attempts to send pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pptp_client_packets" lineno="63211">
<summary>
Receive pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pptp_client_packets" lineno="63230">
<summary>
Do not audit attempts to receive pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pptp_client_packets" lineno="63249">
<summary>
Send and receive pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pptp_client_packets" lineno="63265">
<summary>
Do not audit attempts to send and receive pptp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pptp_client_packets" lineno="63280">
<summary>
Relabel packets to pptp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pptp_server_packets" lineno="63300">
<summary>
Send pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pptp_server_packets" lineno="63319">
<summary>
Do not audit attempts to send pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pptp_server_packets" lineno="63338">
<summary>
Receive pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pptp_server_packets" lineno="63357">
<summary>
Do not audit attempts to receive pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pptp_server_packets" lineno="63376">
<summary>
Send and receive pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pptp_server_packets" lineno="63392">
<summary>
Do not audit attempts to send and receive pptp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pptp_server_packets" lineno="63407">
<summary>
Relabel packets to pptp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_prelude_port" lineno="63429">
<summary>
Send and receive TCP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_prelude_port" lineno="63444">
<summary>
Send UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_prelude_port" lineno="63459">
<summary>
Do not audit attempts to send UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_prelude_port" lineno="63474">
<summary>
Receive UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_prelude_port" lineno="63489">
<summary>
Do not audit attempts to receive UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_prelude_port" lineno="63504">
<summary>
Send and receive UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_prelude_port" lineno="63520">
<summary>
Do not audit attempts to send and receive
UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_prelude_port" lineno="63535">
<summary>
Bind TCP sockets to the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_prelude_port" lineno="63555">
<summary>
Bind UDP sockets to the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_prelude_port" lineno="63574">
<summary>
Make a TCP connection to the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_prelude_client_packets" lineno="63594">
<summary>
Send prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_prelude_client_packets" lineno="63613">
<summary>
Do not audit attempts to send prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_prelude_client_packets" lineno="63632">
<summary>
Receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_prelude_client_packets" lineno="63651">
<summary>
Do not audit attempts to receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_prelude_client_packets" lineno="63670">
<summary>
Send and receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_prelude_client_packets" lineno="63686">
<summary>
Do not audit attempts to send and receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_prelude_client_packets" lineno="63701">
<summary>
Relabel packets to prelude_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_prelude_server_packets" lineno="63721">
<summary>
Send prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_prelude_server_packets" lineno="63740">
<summary>
Do not audit attempts to send prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_prelude_server_packets" lineno="63759">
<summary>
Receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_prelude_server_packets" lineno="63778">
<summary>
Do not audit attempts to receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_prelude_server_packets" lineno="63797">
<summary>
Send and receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_prelude_server_packets" lineno="63813">
<summary>
Do not audit attempts to send and receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_prelude_server_packets" lineno="63828">
<summary>
Relabel packets to prelude_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_presence_port" lineno="63850">
<summary>
Send and receive TCP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_presence_port" lineno="63865">
<summary>
Send UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_presence_port" lineno="63880">
<summary>
Do not audit attempts to send UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_presence_port" lineno="63895">
<summary>
Receive UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_presence_port" lineno="63910">
<summary>
Do not audit attempts to receive UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_presence_port" lineno="63925">
<summary>
Send and receive UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_presence_port" lineno="63941">
<summary>
Do not audit attempts to send and receive
UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_presence_port" lineno="63956">
<summary>
Bind TCP sockets to the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_presence_port" lineno="63976">
<summary>
Bind UDP sockets to the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_presence_port" lineno="63995">
<summary>
Make a TCP connection to the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_presence_client_packets" lineno="64015">
<summary>
Send presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_presence_client_packets" lineno="64034">
<summary>
Do not audit attempts to send presence_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_presence_client_packets" lineno="64053">
<summary>
Receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_presence_client_packets" lineno="64072">
<summary>
Do not audit attempts to receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_presence_client_packets" lineno="64091">
<summary>
Send and receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_presence_client_packets" lineno="64107">
<summary>
Do not audit attempts to send and receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_presence_client_packets" lineno="64122">
<summary>
Relabel packets to presence_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_presence_server_packets" lineno="64142">
<summary>
Send presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_presence_server_packets" lineno="64161">
<summary>
Do not audit attempts to send presence_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_presence_server_packets" lineno="64180">
<summary>
Receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_presence_server_packets" lineno="64199">
<summary>
Do not audit attempts to receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_presence_server_packets" lineno="64218">
<summary>
Send and receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_presence_server_packets" lineno="64234">
<summary>
Do not audit attempts to send and receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_presence_server_packets" lineno="64249">
<summary>
Relabel packets to presence_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_printer_port" lineno="64271">
<summary>
Send and receive TCP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_printer_port" lineno="64286">
<summary>
Send UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_printer_port" lineno="64301">
<summary>
Do not audit attempts to send UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_printer_port" lineno="64316">
<summary>
Receive UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_printer_port" lineno="64331">
<summary>
Do not audit attempts to receive UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_printer_port" lineno="64346">
<summary>
Send and receive UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_printer_port" lineno="64362">
<summary>
Do not audit attempts to send and receive
UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_printer_port" lineno="64377">
<summary>
Bind TCP sockets to the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_printer_port" lineno="64397">
<summary>
Bind UDP sockets to the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_printer_port" lineno="64416">
<summary>
Make a TCP connection to the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_printer_client_packets" lineno="64436">
<summary>
Send printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_printer_client_packets" lineno="64455">
<summary>
Do not audit attempts to send printer_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_printer_client_packets" lineno="64474">
<summary>
Receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_printer_client_packets" lineno="64493">
<summary>
Do not audit attempts to receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_printer_client_packets" lineno="64512">
<summary>
Send and receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_printer_client_packets" lineno="64528">
<summary>
Do not audit attempts to send and receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_printer_client_packets" lineno="64543">
<summary>
Relabel packets to printer_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_printer_server_packets" lineno="64563">
<summary>
Send printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_printer_server_packets" lineno="64582">
<summary>
Do not audit attempts to send printer_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_printer_server_packets" lineno="64601">
<summary>
Receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_printer_server_packets" lineno="64620">
<summary>
Do not audit attempts to receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_printer_server_packets" lineno="64639">
<summary>
Send and receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_printer_server_packets" lineno="64655">
<summary>
Do not audit attempts to send and receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_printer_server_packets" lineno="64670">
<summary>
Relabel packets to printer_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ptal_port" lineno="64692">
<summary>
Send and receive TCP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ptal_port" lineno="64707">
<summary>
Send UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ptal_port" lineno="64722">
<summary>
Do not audit attempts to send UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ptal_port" lineno="64737">
<summary>
Receive UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ptal_port" lineno="64752">
<summary>
Do not audit attempts to receive UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ptal_port" lineno="64767">
<summary>
Send and receive UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ptal_port" lineno="64783">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ptal_port" lineno="64798">
<summary>
Bind TCP sockets to the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ptal_port" lineno="64818">
<summary>
Bind UDP sockets to the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ptal_port" lineno="64837">
<summary>
Make a TCP connection to the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ptal_client_packets" lineno="64857">
<summary>
Send ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ptal_client_packets" lineno="64876">
<summary>
Do not audit attempts to send ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ptal_client_packets" lineno="64895">
<summary>
Receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ptal_client_packets" lineno="64914">
<summary>
Do not audit attempts to receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ptal_client_packets" lineno="64933">
<summary>
Send and receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ptal_client_packets" lineno="64949">
<summary>
Do not audit attempts to send and receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ptal_client_packets" lineno="64964">
<summary>
Relabel packets to ptal_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ptal_server_packets" lineno="64984">
<summary>
Send ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ptal_server_packets" lineno="65003">
<summary>
Do not audit attempts to send ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ptal_server_packets" lineno="65022">
<summary>
Receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ptal_server_packets" lineno="65041">
<summary>
Do not audit attempts to receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ptal_server_packets" lineno="65060">
<summary>
Send and receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ptal_server_packets" lineno="65076">
<summary>
Do not audit attempts to send and receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ptal_server_packets" lineno="65091">
<summary>
Relabel packets to ptal_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pulseaudio_port" lineno="65113">
<summary>
Send and receive TCP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pulseaudio_port" lineno="65128">
<summary>
Send UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pulseaudio_port" lineno="65143">
<summary>
Do not audit attempts to send UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pulseaudio_port" lineno="65158">
<summary>
Receive UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pulseaudio_port" lineno="65173">
<summary>
Do not audit attempts to receive UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pulseaudio_port" lineno="65188">
<summary>
Send and receive UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pulseaudio_port" lineno="65204">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pulseaudio_port" lineno="65219">
<summary>
Bind TCP sockets to the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pulseaudio_port" lineno="65239">
<summary>
Bind UDP sockets to the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pulseaudio_port" lineno="65258">
<summary>
Make a TCP connection to the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pulseaudio_client_packets" lineno="65278">
<summary>
Send pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pulseaudio_client_packets" lineno="65297">
<summary>
Do not audit attempts to send pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pulseaudio_client_packets" lineno="65316">
<summary>
Receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pulseaudio_client_packets" lineno="65335">
<summary>
Do not audit attempts to receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pulseaudio_client_packets" lineno="65354">
<summary>
Send and receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pulseaudio_client_packets" lineno="65370">
<summary>
Do not audit attempts to send and receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pulseaudio_client_packets" lineno="65385">
<summary>
Relabel packets to pulseaudio_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pulseaudio_server_packets" lineno="65405">
<summary>
Send pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pulseaudio_server_packets" lineno="65424">
<summary>
Do not audit attempts to send pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pulseaudio_server_packets" lineno="65443">
<summary>
Receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pulseaudio_server_packets" lineno="65462">
<summary>
Do not audit attempts to receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pulseaudio_server_packets" lineno="65481">
<summary>
Send and receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pulseaudio_server_packets" lineno="65497">
<summary>
Do not audit attempts to send and receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pulseaudio_server_packets" lineno="65512">
<summary>
Relabel packets to pulseaudio_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_puppet_port" lineno="65534">
<summary>
Send and receive TCP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_puppet_port" lineno="65549">
<summary>
Send UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_puppet_port" lineno="65564">
<summary>
Do not audit attempts to send UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_puppet_port" lineno="65579">
<summary>
Receive UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_puppet_port" lineno="65594">
<summary>
Do not audit attempts to receive UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_puppet_port" lineno="65609">
<summary>
Send and receive UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_puppet_port" lineno="65625">
<summary>
Do not audit attempts to send and receive
UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_puppet_port" lineno="65640">
<summary>
Bind TCP sockets to the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_puppet_port" lineno="65660">
<summary>
Bind UDP sockets to the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_puppet_port" lineno="65679">
<summary>
Make a TCP connection to the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_puppet_client_packets" lineno="65699">
<summary>
Send puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_puppet_client_packets" lineno="65718">
<summary>
Do not audit attempts to send puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_puppet_client_packets" lineno="65737">
<summary>
Receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_puppet_client_packets" lineno="65756">
<summary>
Do not audit attempts to receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_puppet_client_packets" lineno="65775">
<summary>
Send and receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_puppet_client_packets" lineno="65791">
<summary>
Do not audit attempts to send and receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_puppet_client_packets" lineno="65806">
<summary>
Relabel packets to puppet_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_puppet_server_packets" lineno="65826">
<summary>
Send puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_puppet_server_packets" lineno="65845">
<summary>
Do not audit attempts to send puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_puppet_server_packets" lineno="65864">
<summary>
Receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_puppet_server_packets" lineno="65883">
<summary>
Do not audit attempts to receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_puppet_server_packets" lineno="65902">
<summary>
Send and receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_puppet_server_packets" lineno="65918">
<summary>
Do not audit attempts to send and receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_puppet_server_packets" lineno="65933">
<summary>
Relabel packets to puppet_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pxe_port" lineno="65955">
<summary>
Send and receive TCP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pxe_port" lineno="65970">
<summary>
Send UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pxe_port" lineno="65985">
<summary>
Do not audit attempts to send UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pxe_port" lineno="66000">
<summary>
Receive UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pxe_port" lineno="66015">
<summary>
Do not audit attempts to receive UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pxe_port" lineno="66030">
<summary>
Send and receive UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pxe_port" lineno="66046">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pxe_port" lineno="66061">
<summary>
Bind TCP sockets to the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pxe_port" lineno="66081">
<summary>
Bind UDP sockets to the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pxe_port" lineno="66100">
<summary>
Make a TCP connection to the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pxe_client_packets" lineno="66120">
<summary>
Send pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pxe_client_packets" lineno="66139">
<summary>
Do not audit attempts to send pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pxe_client_packets" lineno="66158">
<summary>
Receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pxe_client_packets" lineno="66177">
<summary>
Do not audit attempts to receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pxe_client_packets" lineno="66196">
<summary>
Send and receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pxe_client_packets" lineno="66212">
<summary>
Do not audit attempts to send and receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pxe_client_packets" lineno="66227">
<summary>
Relabel packets to pxe_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pxe_server_packets" lineno="66247">
<summary>
Send pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pxe_server_packets" lineno="66266">
<summary>
Do not audit attempts to send pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pxe_server_packets" lineno="66285">
<summary>
Receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pxe_server_packets" lineno="66304">
<summary>
Do not audit attempts to receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pxe_server_packets" lineno="66323">
<summary>
Send and receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pxe_server_packets" lineno="66339">
<summary>
Do not audit attempts to send and receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pxe_server_packets" lineno="66354">
<summary>
Relabel packets to pxe_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pyzor_port" lineno="66376">
<summary>
Send and receive TCP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pyzor_port" lineno="66391">
<summary>
Send UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pyzor_port" lineno="66406">
<summary>
Do not audit attempts to send UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pyzor_port" lineno="66421">
<summary>
Receive UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pyzor_port" lineno="66436">
<summary>
Do not audit attempts to receive UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pyzor_port" lineno="66451">
<summary>
Send and receive UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pyzor_port" lineno="66467">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pyzor_port" lineno="66482">
<summary>
Bind TCP sockets to the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pyzor_port" lineno="66502">
<summary>
Bind UDP sockets to the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pyzor_port" lineno="66521">
<summary>
Make a TCP connection to the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pyzor_client_packets" lineno="66541">
<summary>
Send pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pyzor_client_packets" lineno="66560">
<summary>
Do not audit attempts to send pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pyzor_client_packets" lineno="66579">
<summary>
Receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pyzor_client_packets" lineno="66598">
<summary>
Do not audit attempts to receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pyzor_client_packets" lineno="66617">
<summary>
Send and receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pyzor_client_packets" lineno="66633">
<summary>
Do not audit attempts to send and receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pyzor_client_packets" lineno="66648">
<summary>
Relabel packets to pyzor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pyzor_server_packets" lineno="66668">
<summary>
Send pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pyzor_server_packets" lineno="66687">
<summary>
Do not audit attempts to send pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pyzor_server_packets" lineno="66706">
<summary>
Receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pyzor_server_packets" lineno="66725">
<summary>
Do not audit attempts to receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pyzor_server_packets" lineno="66744">
<summary>
Send and receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pyzor_server_packets" lineno="66760">
<summary>
Do not audit attempts to send and receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pyzor_server_packets" lineno="66775">
<summary>
Relabel packets to pyzor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_radacct_port" lineno="66797">
<summary>
Send and receive TCP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_radacct_port" lineno="66812">
<summary>
Send UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_radacct_port" lineno="66827">
<summary>
Do not audit attempts to send UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_radacct_port" lineno="66842">
<summary>
Receive UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_radacct_port" lineno="66857">
<summary>
Do not audit attempts to receive UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_radacct_port" lineno="66872">
<summary>
Send and receive UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_radacct_port" lineno="66888">
<summary>
Do not audit attempts to send and receive
UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_radacct_port" lineno="66903">
<summary>
Bind TCP sockets to the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_radacct_port" lineno="66923">
<summary>
Bind UDP sockets to the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_radacct_port" lineno="66942">
<summary>
Make a TCP connection to the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radacct_client_packets" lineno="66962">
<summary>
Send radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radacct_client_packets" lineno="66981">
<summary>
Do not audit attempts to send radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radacct_client_packets" lineno="67000">
<summary>
Receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radacct_client_packets" lineno="67019">
<summary>
Do not audit attempts to receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radacct_client_packets" lineno="67038">
<summary>
Send and receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radacct_client_packets" lineno="67054">
<summary>
Do not audit attempts to send and receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radacct_client_packets" lineno="67069">
<summary>
Relabel packets to radacct_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radacct_server_packets" lineno="67089">
<summary>
Send radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radacct_server_packets" lineno="67108">
<summary>
Do not audit attempts to send radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radacct_server_packets" lineno="67127">
<summary>
Receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radacct_server_packets" lineno="67146">
<summary>
Do not audit attempts to receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radacct_server_packets" lineno="67165">
<summary>
Send and receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radacct_server_packets" lineno="67181">
<summary>
Do not audit attempts to send and receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radacct_server_packets" lineno="67196">
<summary>
Relabel packets to radacct_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_radius_port" lineno="67218">
<summary>
Send and receive TCP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_radius_port" lineno="67233">
<summary>
Send UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_radius_port" lineno="67248">
<summary>
Do not audit attempts to send UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_radius_port" lineno="67263">
<summary>
Receive UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_radius_port" lineno="67278">
<summary>
Do not audit attempts to receive UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_radius_port" lineno="67293">
<summary>
Send and receive UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_radius_port" lineno="67309">
<summary>
Do not audit attempts to send and receive
UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_radius_port" lineno="67324">
<summary>
Bind TCP sockets to the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_radius_port" lineno="67344">
<summary>
Bind UDP sockets to the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_radius_port" lineno="67363">
<summary>
Make a TCP connection to the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radius_client_packets" lineno="67383">
<summary>
Send radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radius_client_packets" lineno="67402">
<summary>
Do not audit attempts to send radius_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radius_client_packets" lineno="67421">
<summary>
Receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radius_client_packets" lineno="67440">
<summary>
Do not audit attempts to receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radius_client_packets" lineno="67459">
<summary>
Send and receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radius_client_packets" lineno="67475">
<summary>
Do not audit attempts to send and receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radius_client_packets" lineno="67490">
<summary>
Relabel packets to radius_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radius_server_packets" lineno="67510">
<summary>
Send radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radius_server_packets" lineno="67529">
<summary>
Do not audit attempts to send radius_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radius_server_packets" lineno="67548">
<summary>
Receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radius_server_packets" lineno="67567">
<summary>
Do not audit attempts to receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radius_server_packets" lineno="67586">
<summary>
Send and receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radius_server_packets" lineno="67602">
<summary>
Do not audit attempts to send and receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radius_server_packets" lineno="67617">
<summary>
Relabel packets to radius_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_radsec_port" lineno="67639">
<summary>
Send and receive TCP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_radsec_port" lineno="67654">
<summary>
Send UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_radsec_port" lineno="67669">
<summary>
Do not audit attempts to send UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_radsec_port" lineno="67684">
<summary>
Receive UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_radsec_port" lineno="67699">
<summary>
Do not audit attempts to receive UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_radsec_port" lineno="67714">
<summary>
Send and receive UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_radsec_port" lineno="67730">
<summary>
Do not audit attempts to send and receive
UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_radsec_port" lineno="67745">
<summary>
Bind TCP sockets to the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_radsec_port" lineno="67765">
<summary>
Bind UDP sockets to the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_radsec_port" lineno="67784">
<summary>
Make a TCP connection to the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radsec_client_packets" lineno="67804">
<summary>
Send radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radsec_client_packets" lineno="67823">
<summary>
Do not audit attempts to send radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radsec_client_packets" lineno="67842">
<summary>
Receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radsec_client_packets" lineno="67861">
<summary>
Do not audit attempts to receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radsec_client_packets" lineno="67880">
<summary>
Send and receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radsec_client_packets" lineno="67896">
<summary>
Do not audit attempts to send and receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radsec_client_packets" lineno="67911">
<summary>
Relabel packets to radsec_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radsec_server_packets" lineno="67931">
<summary>
Send radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radsec_server_packets" lineno="67950">
<summary>
Do not audit attempts to send radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radsec_server_packets" lineno="67969">
<summary>
Receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radsec_server_packets" lineno="67988">
<summary>
Do not audit attempts to receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radsec_server_packets" lineno="68007">
<summary>
Send and receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radsec_server_packets" lineno="68023">
<summary>
Do not audit attempts to send and receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radsec_server_packets" lineno="68038">
<summary>
Relabel packets to radsec_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_razor_port" lineno="68060">
<summary>
Send and receive TCP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_razor_port" lineno="68075">
<summary>
Send UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_razor_port" lineno="68090">
<summary>
Do not audit attempts to send UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_razor_port" lineno="68105">
<summary>
Receive UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_razor_port" lineno="68120">
<summary>
Do not audit attempts to receive UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_razor_port" lineno="68135">
<summary>
Send and receive UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_razor_port" lineno="68151">
<summary>
Do not audit attempts to send and receive
UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_razor_port" lineno="68166">
<summary>
Bind TCP sockets to the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_razor_port" lineno="68186">
<summary>
Bind UDP sockets to the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_razor_port" lineno="68205">
<summary>
Make a TCP connection to the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_razor_client_packets" lineno="68225">
<summary>
Send razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_razor_client_packets" lineno="68244">
<summary>
Do not audit attempts to send razor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_razor_client_packets" lineno="68263">
<summary>
Receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_razor_client_packets" lineno="68282">
<summary>
Do not audit attempts to receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_razor_client_packets" lineno="68301">
<summary>
Send and receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_razor_client_packets" lineno="68317">
<summary>
Do not audit attempts to send and receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_razor_client_packets" lineno="68332">
<summary>
Relabel packets to razor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_razor_server_packets" lineno="68352">
<summary>
Send razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_razor_server_packets" lineno="68371">
<summary>
Do not audit attempts to send razor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_razor_server_packets" lineno="68390">
<summary>
Receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_razor_server_packets" lineno="68409">
<summary>
Do not audit attempts to receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_razor_server_packets" lineno="68428">
<summary>
Send and receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_razor_server_packets" lineno="68444">
<summary>
Do not audit attempts to send and receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_razor_server_packets" lineno="68459">
<summary>
Relabel packets to razor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_redis_port" lineno="68481">
<summary>
Send and receive TCP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_redis_port" lineno="68496">
<summary>
Send UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_redis_port" lineno="68511">
<summary>
Do not audit attempts to send UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_redis_port" lineno="68526">
<summary>
Receive UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_redis_port" lineno="68541">
<summary>
Do not audit attempts to receive UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_redis_port" lineno="68556">
<summary>
Send and receive UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_redis_port" lineno="68572">
<summary>
Do not audit attempts to send and receive
UDP traffic on the redis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_redis_port" lineno="68587">
<summary>
Bind TCP sockets to the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_redis_port" lineno="68607">
<summary>
Bind UDP sockets to the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_redis_port" lineno="68626">
<summary>
Make a TCP connection to the redis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_redis_client_packets" lineno="68646">
<summary>
Send redis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_redis_client_packets" lineno="68665">
<summary>
Do not audit attempts to send redis_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_redis_client_packets" lineno="68684">
<summary>
Receive redis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_redis_client_packets" lineno="68703">
<summary>
Do not audit attempts to receive redis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_redis_client_packets" lineno="68722">
<summary>
Send and receive redis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_redis_client_packets" lineno="68738">
<summary>
Do not audit attempts to send and receive redis_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_redis_client_packets" lineno="68753">
<summary>
Relabel packets to redis_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_redis_server_packets" lineno="68773">
<summary>
Send redis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_redis_server_packets" lineno="68792">
<summary>
Do not audit attempts to send redis_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_redis_server_packets" lineno="68811">
<summary>
Receive redis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_redis_server_packets" lineno="68830">
<summary>
Do not audit attempts to receive redis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_redis_server_packets" lineno="68849">
<summary>
Send and receive redis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_redis_server_packets" lineno="68865">
<summary>
Do not audit attempts to send and receive redis_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_redis_server_packets" lineno="68880">
<summary>
Relabel packets to redis_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_repository_port" lineno="68902">
<summary>
Send and receive TCP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_repository_port" lineno="68917">
<summary>
Send UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_repository_port" lineno="68932">
<summary>
Do not audit attempts to send UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_repository_port" lineno="68947">
<summary>
Receive UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_repository_port" lineno="68962">
<summary>
Do not audit attempts to receive UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_repository_port" lineno="68977">
<summary>
Send and receive UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_repository_port" lineno="68993">
<summary>
Do not audit attempts to send and receive
UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_repository_port" lineno="69008">
<summary>
Bind TCP sockets to the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_repository_port" lineno="69028">
<summary>
Bind UDP sockets to the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_repository_port" lineno="69047">
<summary>
Make a TCP connection to the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_repository_client_packets" lineno="69067">
<summary>
Send repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_repository_client_packets" lineno="69086">
<summary>
Do not audit attempts to send repository_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_repository_client_packets" lineno="69105">
<summary>
Receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_repository_client_packets" lineno="69124">
<summary>
Do not audit attempts to receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_repository_client_packets" lineno="69143">
<summary>
Send and receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_repository_client_packets" lineno="69159">
<summary>
Do not audit attempts to send and receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_repository_client_packets" lineno="69174">
<summary>
Relabel packets to repository_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_repository_server_packets" lineno="69194">
<summary>
Send repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_repository_server_packets" lineno="69213">
<summary>
Do not audit attempts to send repository_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_repository_server_packets" lineno="69232">
<summary>
Receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_repository_server_packets" lineno="69251">
<summary>
Do not audit attempts to receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_repository_server_packets" lineno="69270">
<summary>
Send and receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_repository_server_packets" lineno="69286">
<summary>
Do not audit attempts to send and receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_repository_server_packets" lineno="69301">
<summary>
Relabel packets to repository_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ricci_port" lineno="69323">
<summary>
Send and receive TCP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ricci_port" lineno="69338">
<summary>
Send UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ricci_port" lineno="69353">
<summary>
Do not audit attempts to send UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ricci_port" lineno="69368">
<summary>
Receive UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ricci_port" lineno="69383">
<summary>
Do not audit attempts to receive UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ricci_port" lineno="69398">
<summary>
Send and receive UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ricci_port" lineno="69414">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ricci_port" lineno="69429">
<summary>
Bind TCP sockets to the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ricci_port" lineno="69449">
<summary>
Bind UDP sockets to the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ricci_port" lineno="69468">
<summary>
Make a TCP connection to the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_client_packets" lineno="69488">
<summary>
Send ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_client_packets" lineno="69507">
<summary>
Do not audit attempts to send ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_client_packets" lineno="69526">
<summary>
Receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_client_packets" lineno="69545">
<summary>
Do not audit attempts to receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_client_packets" lineno="69564">
<summary>
Send and receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_client_packets" lineno="69580">
<summary>
Do not audit attempts to send and receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_client_packets" lineno="69595">
<summary>
Relabel packets to ricci_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_server_packets" lineno="69615">
<summary>
Send ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_server_packets" lineno="69634">
<summary>
Do not audit attempts to send ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_server_packets" lineno="69653">
<summary>
Receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_server_packets" lineno="69672">
<summary>
Do not audit attempts to receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_server_packets" lineno="69691">
<summary>
Send and receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_server_packets" lineno="69707">
<summary>
Do not audit attempts to send and receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_server_packets" lineno="69722">
<summary>
Relabel packets to ricci_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ricci_modcluster_port" lineno="69744">
<summary>
Send and receive TCP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ricci_modcluster_port" lineno="69759">
<summary>
Send UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ricci_modcluster_port" lineno="69774">
<summary>
Do not audit attempts to send UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ricci_modcluster_port" lineno="69789">
<summary>
Receive UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ricci_modcluster_port" lineno="69804">
<summary>
Do not audit attempts to receive UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ricci_modcluster_port" lineno="69819">
<summary>
Send and receive UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ricci_modcluster_port" lineno="69835">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ricci_modcluster_port" lineno="69850">
<summary>
Bind TCP sockets to the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ricci_modcluster_port" lineno="69870">
<summary>
Bind UDP sockets to the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ricci_modcluster_port" lineno="69889">
<summary>
Make a TCP connection to the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_modcluster_client_packets" lineno="69909">
<summary>
Send ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_modcluster_client_packets" lineno="69928">
<summary>
Do not audit attempts to send ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_modcluster_client_packets" lineno="69947">
<summary>
Receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_modcluster_client_packets" lineno="69966">
<summary>
Do not audit attempts to receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_modcluster_client_packets" lineno="69985">
<summary>
Send and receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_client_packets" lineno="70001">
<summary>
Do not audit attempts to send and receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_modcluster_client_packets" lineno="70016">
<summary>
Relabel packets to ricci_modcluster_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_modcluster_server_packets" lineno="70036">
<summary>
Send ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_modcluster_server_packets" lineno="70055">
<summary>
Do not audit attempts to send ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_modcluster_server_packets" lineno="70074">
<summary>
Receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_modcluster_server_packets" lineno="70093">
<summary>
Do not audit attempts to receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_modcluster_server_packets" lineno="70112">
<summary>
Send and receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_server_packets" lineno="70128">
<summary>
Do not audit attempts to send and receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_modcluster_server_packets" lineno="70143">
<summary>
Relabel packets to ricci_modcluster_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rlogind_port" lineno="70165">
<summary>
Send and receive TCP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rlogind_port" lineno="70180">
<summary>
Send UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rlogind_port" lineno="70195">
<summary>
Do not audit attempts to send UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rlogind_port" lineno="70210">
<summary>
Receive UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rlogind_port" lineno="70225">
<summary>
Do not audit attempts to receive UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rlogind_port" lineno="70240">
<summary>
Send and receive UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rlogind_port" lineno="70256">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rlogind_port" lineno="70271">
<summary>
Bind TCP sockets to the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rlogind_port" lineno="70291">
<summary>
Bind UDP sockets to the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rlogind_port" lineno="70310">
<summary>
Make a TCP connection to the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rlogind_client_packets" lineno="70330">
<summary>
Send rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rlogind_client_packets" lineno="70349">
<summary>
Do not audit attempts to send rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rlogind_client_packets" lineno="70368">
<summary>
Receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rlogind_client_packets" lineno="70387">
<summary>
Do not audit attempts to receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rlogind_client_packets" lineno="70406">
<summary>
Send and receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rlogind_client_packets" lineno="70422">
<summary>
Do not audit attempts to send and receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rlogind_client_packets" lineno="70437">
<summary>
Relabel packets to rlogind_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rlogind_server_packets" lineno="70457">
<summary>
Send rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rlogind_server_packets" lineno="70476">
<summary>
Do not audit attempts to send rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rlogind_server_packets" lineno="70495">
<summary>
Receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rlogind_server_packets" lineno="70514">
<summary>
Do not audit attempts to receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rlogind_server_packets" lineno="70533">
<summary>
Send and receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rlogind_server_packets" lineno="70549">
<summary>
Do not audit attempts to send and receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rlogind_server_packets" lineno="70564">
<summary>
Relabel packets to rlogind_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rndc_port" lineno="70586">
<summary>
Send and receive TCP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rndc_port" lineno="70601">
<summary>
Send UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rndc_port" lineno="70616">
<summary>
Do not audit attempts to send UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rndc_port" lineno="70631">
<summary>
Receive UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rndc_port" lineno="70646">
<summary>
Do not audit attempts to receive UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rndc_port" lineno="70661">
<summary>
Send and receive UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rndc_port" lineno="70677">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rndc_port" lineno="70692">
<summary>
Bind TCP sockets to the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rndc_port" lineno="70712">
<summary>
Bind UDP sockets to the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rndc_port" lineno="70731">
<summary>
Make a TCP connection to the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rndc_client_packets" lineno="70751">
<summary>
Send rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rndc_client_packets" lineno="70770">
<summary>
Do not audit attempts to send rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rndc_client_packets" lineno="70789">
<summary>
Receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rndc_client_packets" lineno="70808">
<summary>
Do not audit attempts to receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rndc_client_packets" lineno="70827">
<summary>
Send and receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rndc_client_packets" lineno="70843">
<summary>
Do not audit attempts to send and receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rndc_client_packets" lineno="70858">
<summary>
Relabel packets to rndc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rndc_server_packets" lineno="70878">
<summary>
Send rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rndc_server_packets" lineno="70897">
<summary>
Do not audit attempts to send rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rndc_server_packets" lineno="70916">
<summary>
Receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rndc_server_packets" lineno="70935">
<summary>
Do not audit attempts to receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rndc_server_packets" lineno="70954">
<summary>
Send and receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rndc_server_packets" lineno="70970">
<summary>
Do not audit attempts to send and receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rndc_server_packets" lineno="70985">
<summary>
Relabel packets to rndc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_router_port" lineno="71007">
<summary>
Send and receive TCP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_router_port" lineno="71022">
<summary>
Send UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_router_port" lineno="71037">
<summary>
Do not audit attempts to send UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_router_port" lineno="71052">
<summary>
Receive UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_router_port" lineno="71067">
<summary>
Do not audit attempts to receive UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_router_port" lineno="71082">
<summary>
Send and receive UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_router_port" lineno="71098">
<summary>
Do not audit attempts to send and receive
UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_router_port" lineno="71113">
<summary>
Bind TCP sockets to the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_router_port" lineno="71133">
<summary>
Bind UDP sockets to the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_router_port" lineno="71152">
<summary>
Make a TCP connection to the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_router_client_packets" lineno="71172">
<summary>
Send router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_router_client_packets" lineno="71191">
<summary>
Do not audit attempts to send router_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_router_client_packets" lineno="71210">
<summary>
Receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_router_client_packets" lineno="71229">
<summary>
Do not audit attempts to receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_router_client_packets" lineno="71248">
<summary>
Send and receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_router_client_packets" lineno="71264">
<summary>
Do not audit attempts to send and receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_router_client_packets" lineno="71279">
<summary>
Relabel packets to router_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_router_server_packets" lineno="71299">
<summary>
Send router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_router_server_packets" lineno="71318">
<summary>
Do not audit attempts to send router_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_router_server_packets" lineno="71337">
<summary>
Receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_router_server_packets" lineno="71356">
<summary>
Do not audit attempts to receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_router_server_packets" lineno="71375">
<summary>
Send and receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_router_server_packets" lineno="71391">
<summary>
Do not audit attempts to send and receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_router_server_packets" lineno="71406">
<summary>
Relabel packets to router_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rsh_port" lineno="71428">
<summary>
Send and receive TCP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rsh_port" lineno="71443">
<summary>
Send UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rsh_port" lineno="71458">
<summary>
Do not audit attempts to send UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rsh_port" lineno="71473">
<summary>
Receive UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rsh_port" lineno="71488">
<summary>
Do not audit attempts to receive UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rsh_port" lineno="71503">
<summary>
Send and receive UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rsh_port" lineno="71519">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rsh_port" lineno="71534">
<summary>
Bind TCP sockets to the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rsh_port" lineno="71554">
<summary>
Bind UDP sockets to the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rsh_port" lineno="71573">
<summary>
Make a TCP connection to the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsh_client_packets" lineno="71593">
<summary>
Send rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsh_client_packets" lineno="71612">
<summary>
Do not audit attempts to send rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsh_client_packets" lineno="71631">
<summary>
Receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsh_client_packets" lineno="71650">
<summary>
Do not audit attempts to receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsh_client_packets" lineno="71669">
<summary>
Send and receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsh_client_packets" lineno="71685">
<summary>
Do not audit attempts to send and receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsh_client_packets" lineno="71700">
<summary>
Relabel packets to rsh_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsh_server_packets" lineno="71720">
<summary>
Send rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsh_server_packets" lineno="71739">
<summary>
Do not audit attempts to send rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsh_server_packets" lineno="71758">
<summary>
Receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsh_server_packets" lineno="71777">
<summary>
Do not audit attempts to receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsh_server_packets" lineno="71796">
<summary>
Send and receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsh_server_packets" lineno="71812">
<summary>
Do not audit attempts to send and receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsh_server_packets" lineno="71827">
<summary>
Relabel packets to rsh_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rsync_port" lineno="71849">
<summary>
Send and receive TCP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rsync_port" lineno="71864">
<summary>
Send UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rsync_port" lineno="71879">
<summary>
Do not audit attempts to send UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rsync_port" lineno="71894">
<summary>
Receive UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rsync_port" lineno="71909">
<summary>
Do not audit attempts to receive UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rsync_port" lineno="71924">
<summary>
Send and receive UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rsync_port" lineno="71940">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rsync_port" lineno="71955">
<summary>
Bind TCP sockets to the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rsync_port" lineno="71975">
<summary>
Bind UDP sockets to the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rsync_port" lineno="71994">
<summary>
Make a TCP connection to the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsync_client_packets" lineno="72014">
<summary>
Send rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsync_client_packets" lineno="72033">
<summary>
Do not audit attempts to send rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsync_client_packets" lineno="72052">
<summary>
Receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsync_client_packets" lineno="72071">
<summary>
Do not audit attempts to receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsync_client_packets" lineno="72090">
<summary>
Send and receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsync_client_packets" lineno="72106">
<summary>
Do not audit attempts to send and receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsync_client_packets" lineno="72121">
<summary>
Relabel packets to rsync_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsync_server_packets" lineno="72141">
<summary>
Send rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsync_server_packets" lineno="72160">
<summary>
Do not audit attempts to send rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsync_server_packets" lineno="72179">
<summary>
Receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsync_server_packets" lineno="72198">
<summary>
Do not audit attempts to receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsync_server_packets" lineno="72217">
<summary>
Send and receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsync_server_packets" lineno="72233">
<summary>
Do not audit attempts to send and receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsync_server_packets" lineno="72248">
<summary>
Relabel packets to rsync_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rtsp_port" lineno="72270">
<summary>
Send and receive TCP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rtsp_port" lineno="72285">
<summary>
Send UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rtsp_port" lineno="72300">
<summary>
Do not audit attempts to send UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rtsp_port" lineno="72315">
<summary>
Receive UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rtsp_port" lineno="72330">
<summary>
Do not audit attempts to receive UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rtsp_port" lineno="72345">
<summary>
Send and receive UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rtsp_port" lineno="72361">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rtsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rtsp_port" lineno="72376">
<summary>
Bind TCP sockets to the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rtsp_port" lineno="72396">
<summary>
Bind UDP sockets to the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rtsp_port" lineno="72415">
<summary>
Make a TCP connection to the rtsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rtsp_client_packets" lineno="72435">
<summary>
Send rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rtsp_client_packets" lineno="72454">
<summary>
Do not audit attempts to send rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rtsp_client_packets" lineno="72473">
<summary>
Receive rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rtsp_client_packets" lineno="72492">
<summary>
Do not audit attempts to receive rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rtsp_client_packets" lineno="72511">
<summary>
Send and receive rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rtsp_client_packets" lineno="72527">
<summary>
Do not audit attempts to send and receive rtsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rtsp_client_packets" lineno="72542">
<summary>
Relabel packets to rtsp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rtsp_server_packets" lineno="72562">
<summary>
Send rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rtsp_server_packets" lineno="72581">
<summary>
Do not audit attempts to send rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rtsp_server_packets" lineno="72600">
<summary>
Receive rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rtsp_server_packets" lineno="72619">
<summary>
Do not audit attempts to receive rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rtsp_server_packets" lineno="72638">
<summary>
Send and receive rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rtsp_server_packets" lineno="72654">
<summary>
Do not audit attempts to send and receive rtsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rtsp_server_packets" lineno="72669">
<summary>
Relabel packets to rtsp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rwho_port" lineno="72691">
<summary>
Send and receive TCP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rwho_port" lineno="72706">
<summary>
Send UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rwho_port" lineno="72721">
<summary>
Do not audit attempts to send UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rwho_port" lineno="72736">
<summary>
Receive UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rwho_port" lineno="72751">
<summary>
Do not audit attempts to receive UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rwho_port" lineno="72766">
<summary>
Send and receive UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rwho_port" lineno="72782">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rwho_port" lineno="72797">
<summary>
Bind TCP sockets to the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rwho_port" lineno="72817">
<summary>
Bind UDP sockets to the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rwho_port" lineno="72836">
<summary>
Make a TCP connection to the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rwho_client_packets" lineno="72856">
<summary>
Send rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rwho_client_packets" lineno="72875">
<summary>
Do not audit attempts to send rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rwho_client_packets" lineno="72894">
<summary>
Receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rwho_client_packets" lineno="72913">
<summary>
Do not audit attempts to receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rwho_client_packets" lineno="72932">
<summary>
Send and receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rwho_client_packets" lineno="72948">
<summary>
Do not audit attempts to send and receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rwho_client_packets" lineno="72963">
<summary>
Relabel packets to rwho_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rwho_server_packets" lineno="72983">
<summary>
Send rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rwho_server_packets" lineno="73002">
<summary>
Do not audit attempts to send rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rwho_server_packets" lineno="73021">
<summary>
Receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rwho_server_packets" lineno="73040">
<summary>
Do not audit attempts to receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rwho_server_packets" lineno="73059">
<summary>
Send and receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rwho_server_packets" lineno="73075">
<summary>
Do not audit attempts to send and receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rwho_server_packets" lineno="73090">
<summary>
Relabel packets to rwho_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sap_port" lineno="73112">
<summary>
Send and receive TCP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sap_port" lineno="73127">
<summary>
Send UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sap_port" lineno="73142">
<summary>
Do not audit attempts to send UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sap_port" lineno="73157">
<summary>
Receive UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sap_port" lineno="73172">
<summary>
Do not audit attempts to receive UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sap_port" lineno="73187">
<summary>
Send and receive UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sap_port" lineno="73203">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sap_port" lineno="73218">
<summary>
Bind TCP sockets to the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sap_port" lineno="73238">
<summary>
Bind UDP sockets to the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sap_port" lineno="73257">
<summary>
Make a TCP connection to the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sap_client_packets" lineno="73277">
<summary>
Send sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sap_client_packets" lineno="73296">
<summary>
Do not audit attempts to send sap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sap_client_packets" lineno="73315">
<summary>
Receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sap_client_packets" lineno="73334">
<summary>
Do not audit attempts to receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sap_client_packets" lineno="73353">
<summary>
Send and receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sap_client_packets" lineno="73369">
<summary>
Do not audit attempts to send and receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sap_client_packets" lineno="73384">
<summary>
Relabel packets to sap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sap_server_packets" lineno="73404">
<summary>
Send sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sap_server_packets" lineno="73423">
<summary>
Do not audit attempts to send sap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sap_server_packets" lineno="73442">
<summary>
Receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sap_server_packets" lineno="73461">
<summary>
Do not audit attempts to receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sap_server_packets" lineno="73480">
<summary>
Send and receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sap_server_packets" lineno="73496">
<summary>
Do not audit attempts to send and receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sap_server_packets" lineno="73511">
<summary>
Relabel packets to sap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_servistaitsm_port" lineno="73533">
<summary>
Send and receive TCP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_servistaitsm_port" lineno="73548">
<summary>
Send UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_servistaitsm_port" lineno="73563">
<summary>
Do not audit attempts to send UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_servistaitsm_port" lineno="73578">
<summary>
Receive UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_servistaitsm_port" lineno="73593">
<summary>
Do not audit attempts to receive UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_servistaitsm_port" lineno="73608">
<summary>
Send and receive UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_servistaitsm_port" lineno="73624">
<summary>
Do not audit attempts to send and receive
UDP traffic on the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_servistaitsm_port" lineno="73639">
<summary>
Bind TCP sockets to the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_servistaitsm_port" lineno="73659">
<summary>
Bind UDP sockets to the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_servistaitsm_port" lineno="73678">
<summary>
Make a TCP connection to the servistaitsm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_servistaitsm_client_packets" lineno="73698">
<summary>
Send servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_servistaitsm_client_packets" lineno="73717">
<summary>
Do not audit attempts to send servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_servistaitsm_client_packets" lineno="73736">
<summary>
Receive servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_servistaitsm_client_packets" lineno="73755">
<summary>
Do not audit attempts to receive servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_servistaitsm_client_packets" lineno="73774">
<summary>
Send and receive servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_servistaitsm_client_packets" lineno="73790">
<summary>
Do not audit attempts to send and receive servistaitsm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_servistaitsm_client_packets" lineno="73805">
<summary>
Relabel packets to servistaitsm_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_servistaitsm_server_packets" lineno="73825">
<summary>
Send servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_servistaitsm_server_packets" lineno="73844">
<summary>
Do not audit attempts to send servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_servistaitsm_server_packets" lineno="73863">
<summary>
Receive servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_servistaitsm_server_packets" lineno="73882">
<summary>
Do not audit attempts to receive servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_servistaitsm_server_packets" lineno="73901">
<summary>
Send and receive servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_servistaitsm_server_packets" lineno="73917">
<summary>
Do not audit attempts to send and receive servistaitsm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_servistaitsm_server_packets" lineno="73932">
<summary>
Relabel packets to servistaitsm_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sieve_port" lineno="73954">
<summary>
Send and receive TCP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sieve_port" lineno="73969">
<summary>
Send UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sieve_port" lineno="73984">
<summary>
Do not audit attempts to send UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sieve_port" lineno="73999">
<summary>
Receive UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sieve_port" lineno="74014">
<summary>
Do not audit attempts to receive UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sieve_port" lineno="74029">
<summary>
Send and receive UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sieve_port" lineno="74045">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sieve_port" lineno="74060">
<summary>
Bind TCP sockets to the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sieve_port" lineno="74080">
<summary>
Bind UDP sockets to the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sieve_port" lineno="74099">
<summary>
Make a TCP connection to the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sieve_client_packets" lineno="74119">
<summary>
Send sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sieve_client_packets" lineno="74138">
<summary>
Do not audit attempts to send sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sieve_client_packets" lineno="74157">
<summary>
Receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sieve_client_packets" lineno="74176">
<summary>
Do not audit attempts to receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sieve_client_packets" lineno="74195">
<summary>
Send and receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sieve_client_packets" lineno="74211">
<summary>
Do not audit attempts to send and receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sieve_client_packets" lineno="74226">
<summary>
Relabel packets to sieve_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sieve_server_packets" lineno="74246">
<summary>
Send sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sieve_server_packets" lineno="74265">
<summary>
Do not audit attempts to send sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sieve_server_packets" lineno="74284">
<summary>
Receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sieve_server_packets" lineno="74303">
<summary>
Do not audit attempts to receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sieve_server_packets" lineno="74322">
<summary>
Send and receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sieve_server_packets" lineno="74338">
<summary>
Do not audit attempts to send and receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sieve_server_packets" lineno="74353">
<summary>
Relabel packets to sieve_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sip_port" lineno="74375">
<summary>
Send and receive TCP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sip_port" lineno="74390">
<summary>
Send UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sip_port" lineno="74405">
<summary>
Do not audit attempts to send UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sip_port" lineno="74420">
<summary>
Receive UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sip_port" lineno="74435">
<summary>
Do not audit attempts to receive UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sip_port" lineno="74450">
<summary>
Send and receive UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sip_port" lineno="74466">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sip_port" lineno="74481">
<summary>
Bind TCP sockets to the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sip_port" lineno="74501">
<summary>
Bind UDP sockets to the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sip_port" lineno="74520">
<summary>
Make a TCP connection to the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sip_client_packets" lineno="74540">
<summary>
Send sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sip_client_packets" lineno="74559">
<summary>
Do not audit attempts to send sip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sip_client_packets" lineno="74578">
<summary>
Receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sip_client_packets" lineno="74597">
<summary>
Do not audit attempts to receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sip_client_packets" lineno="74616">
<summary>
Send and receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sip_client_packets" lineno="74632">
<summary>
Do not audit attempts to send and receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sip_client_packets" lineno="74647">
<summary>
Relabel packets to sip_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sip_server_packets" lineno="74667">
<summary>
Send sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sip_server_packets" lineno="74686">
<summary>
Do not audit attempts to send sip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sip_server_packets" lineno="74705">
<summary>
Receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sip_server_packets" lineno="74724">
<summary>
Do not audit attempts to receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sip_server_packets" lineno="74743">
<summary>
Send and receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sip_server_packets" lineno="74759">
<summary>
Do not audit attempts to send and receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sip_server_packets" lineno="74774">
<summary>
Relabel packets to sip_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sixxsconfig_port" lineno="74796">
<summary>
Send and receive TCP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sixxsconfig_port" lineno="74811">
<summary>
Send UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sixxsconfig_port" lineno="74826">
<summary>
Do not audit attempts to send UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sixxsconfig_port" lineno="74841">
<summary>
Receive UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sixxsconfig_port" lineno="74856">
<summary>
Do not audit attempts to receive UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sixxsconfig_port" lineno="74871">
<summary>
Send and receive UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sixxsconfig_port" lineno="74887">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sixxsconfig_port" lineno="74902">
<summary>
Bind TCP sockets to the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sixxsconfig_port" lineno="74922">
<summary>
Bind UDP sockets to the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sixxsconfig_port" lineno="74941">
<summary>
Make a TCP connection to the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sixxsconfig_client_packets" lineno="74961">
<summary>
Send sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sixxsconfig_client_packets" lineno="74980">
<summary>
Do not audit attempts to send sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sixxsconfig_client_packets" lineno="74999">
<summary>
Receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sixxsconfig_client_packets" lineno="75018">
<summary>
Do not audit attempts to receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sixxsconfig_client_packets" lineno="75037">
<summary>
Send and receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sixxsconfig_client_packets" lineno="75053">
<summary>
Do not audit attempts to send and receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sixxsconfig_client_packets" lineno="75068">
<summary>
Relabel packets to sixxsconfig_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sixxsconfig_server_packets" lineno="75088">
<summary>
Send sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sixxsconfig_server_packets" lineno="75107">
<summary>
Do not audit attempts to send sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sixxsconfig_server_packets" lineno="75126">
<summary>
Receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sixxsconfig_server_packets" lineno="75145">
<summary>
Do not audit attempts to receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sixxsconfig_server_packets" lineno="75164">
<summary>
Send and receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sixxsconfig_server_packets" lineno="75180">
<summary>
Do not audit attempts to send and receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sixxsconfig_server_packets" lineno="75195">
<summary>
Relabel packets to sixxsconfig_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_smbd_port" lineno="75217">
<summary>
Send and receive TCP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_smbd_port" lineno="75232">
<summary>
Send UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_smbd_port" lineno="75247">
<summary>
Do not audit attempts to send UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_smbd_port" lineno="75262">
<summary>
Receive UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_smbd_port" lineno="75277">
<summary>
Do not audit attempts to receive UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_smbd_port" lineno="75292">
<summary>
Send and receive UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_smbd_port" lineno="75308">
<summary>
Do not audit attempts to send and receive
UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_smbd_port" lineno="75323">
<summary>
Bind TCP sockets to the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_smbd_port" lineno="75343">
<summary>
Bind UDP sockets to the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_smbd_port" lineno="75362">
<summary>
Make a TCP connection to the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smbd_client_packets" lineno="75382">
<summary>
Send smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smbd_client_packets" lineno="75401">
<summary>
Do not audit attempts to send smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smbd_client_packets" lineno="75420">
<summary>
Receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smbd_client_packets" lineno="75439">
<summary>
Do not audit attempts to receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smbd_client_packets" lineno="75458">
<summary>
Send and receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smbd_client_packets" lineno="75474">
<summary>
Do not audit attempts to send and receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smbd_client_packets" lineno="75489">
<summary>
Relabel packets to smbd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smbd_server_packets" lineno="75509">
<summary>
Send smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smbd_server_packets" lineno="75528">
<summary>
Do not audit attempts to send smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smbd_server_packets" lineno="75547">
<summary>
Receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smbd_server_packets" lineno="75566">
<summary>
Do not audit attempts to receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smbd_server_packets" lineno="75585">
<summary>
Send and receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smbd_server_packets" lineno="75601">
<summary>
Do not audit attempts to send and receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smbd_server_packets" lineno="75616">
<summary>
Relabel packets to smbd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_smtp_port" lineno="75638">
<summary>
Send and receive TCP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_smtp_port" lineno="75653">
<summary>
Send UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_smtp_port" lineno="75668">
<summary>
Do not audit attempts to send UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_smtp_port" lineno="75683">
<summary>
Receive UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_smtp_port" lineno="75698">
<summary>
Do not audit attempts to receive UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_smtp_port" lineno="75713">
<summary>
Send and receive UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_smtp_port" lineno="75729">
<summary>
Do not audit attempts to send and receive
UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_smtp_port" lineno="75744">
<summary>
Bind TCP sockets to the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_smtp_port" lineno="75764">
<summary>
Bind UDP sockets to the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_smtp_port" lineno="75783">
<summary>
Make a TCP connection to the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smtp_client_packets" lineno="75803">
<summary>
Send smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smtp_client_packets" lineno="75822">
<summary>
Do not audit attempts to send smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smtp_client_packets" lineno="75841">
<summary>
Receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smtp_client_packets" lineno="75860">
<summary>
Do not audit attempts to receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smtp_client_packets" lineno="75879">
<summary>
Send and receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smtp_client_packets" lineno="75895">
<summary>
Do not audit attempts to send and receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smtp_client_packets" lineno="75910">
<summary>
Relabel packets to smtp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smtp_server_packets" lineno="75930">
<summary>
Send smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smtp_server_packets" lineno="75949">
<summary>
Do not audit attempts to send smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smtp_server_packets" lineno="75968">
<summary>
Receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smtp_server_packets" lineno="75987">
<summary>
Do not audit attempts to receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smtp_server_packets" lineno="76006">
<summary>
Send and receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smtp_server_packets" lineno="76022">
<summary>
Do not audit attempts to send and receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smtp_server_packets" lineno="76037">
<summary>
Relabel packets to smtp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_snmp_port" lineno="76059">
<summary>
Send and receive TCP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_snmp_port" lineno="76074">
<summary>
Send UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_snmp_port" lineno="76089">
<summary>
Do not audit attempts to send UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_snmp_port" lineno="76104">
<summary>
Receive UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_snmp_port" lineno="76119">
<summary>
Do not audit attempts to receive UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_snmp_port" lineno="76134">
<summary>
Send and receive UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_snmp_port" lineno="76150">
<summary>
Do not audit attempts to send and receive
UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_snmp_port" lineno="76165">
<summary>
Bind TCP sockets to the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_snmp_port" lineno="76185">
<summary>
Bind UDP sockets to the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_snmp_port" lineno="76204">
<summary>
Make a TCP connection to the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_snmp_client_packets" lineno="76224">
<summary>
Send snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_snmp_client_packets" lineno="76243">
<summary>
Do not audit attempts to send snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_snmp_client_packets" lineno="76262">
<summary>
Receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_snmp_client_packets" lineno="76281">
<summary>
Do not audit attempts to receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_snmp_client_packets" lineno="76300">
<summary>
Send and receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_snmp_client_packets" lineno="76316">
<summary>
Do not audit attempts to send and receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_snmp_client_packets" lineno="76331">
<summary>
Relabel packets to snmp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_snmp_server_packets" lineno="76351">
<summary>
Send snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_snmp_server_packets" lineno="76370">
<summary>
Do not audit attempts to send snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_snmp_server_packets" lineno="76389">
<summary>
Receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_snmp_server_packets" lineno="76408">
<summary>
Do not audit attempts to receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_snmp_server_packets" lineno="76427">
<summary>
Send and receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_snmp_server_packets" lineno="76443">
<summary>
Do not audit attempts to send and receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_snmp_server_packets" lineno="76458">
<summary>
Relabel packets to snmp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_socks_port" lineno="76480">
<summary>
Send and receive TCP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_socks_port" lineno="76495">
<summary>
Send UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_socks_port" lineno="76510">
<summary>
Do not audit attempts to send UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_socks_port" lineno="76525">
<summary>
Receive UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_socks_port" lineno="76540">
<summary>
Do not audit attempts to receive UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_socks_port" lineno="76555">
<summary>
Send and receive UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_socks_port" lineno="76571">
<summary>
Do not audit attempts to send and receive
UDP traffic on the socks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_socks_port" lineno="76586">
<summary>
Bind TCP sockets to the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_socks_port" lineno="76606">
<summary>
Bind UDP sockets to the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_socks_port" lineno="76625">
<summary>
Make a TCP connection to the socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_socks_client_packets" lineno="76645">
<summary>
Send socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_socks_client_packets" lineno="76664">
<summary>
Do not audit attempts to send socks_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_socks_client_packets" lineno="76683">
<summary>
Receive socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_socks_client_packets" lineno="76702">
<summary>
Do not audit attempts to receive socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_socks_client_packets" lineno="76721">
<summary>
Send and receive socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_socks_client_packets" lineno="76737">
<summary>
Do not audit attempts to send and receive socks_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_socks_client_packets" lineno="76752">
<summary>
Relabel packets to socks_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_socks_server_packets" lineno="76772">
<summary>
Send socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_socks_server_packets" lineno="76791">
<summary>
Do not audit attempts to send socks_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_socks_server_packets" lineno="76810">
<summary>
Receive socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_socks_server_packets" lineno="76829">
<summary>
Do not audit attempts to receive socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_socks_server_packets" lineno="76848">
<summary>
Send and receive socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_socks_server_packets" lineno="76864">
<summary>
Do not audit attempts to send and receive socks_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_socks_server_packets" lineno="76879">
<summary>
Relabel packets to socks_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_soundd_port" lineno="76901">
<summary>
Send and receive TCP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_soundd_port" lineno="76916">
<summary>
Send UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_soundd_port" lineno="76931">
<summary>
Do not audit attempts to send UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_soundd_port" lineno="76946">
<summary>
Receive UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_soundd_port" lineno="76961">
<summary>
Do not audit attempts to receive UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_soundd_port" lineno="76976">
<summary>
Send and receive UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_soundd_port" lineno="76992">
<summary>
Do not audit attempts to send and receive
UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_soundd_port" lineno="77007">
<summary>
Bind TCP sockets to the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_soundd_port" lineno="77027">
<summary>
Bind UDP sockets to the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_soundd_port" lineno="77046">
<summary>
Make a TCP connection to the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_soundd_client_packets" lineno="77066">
<summary>
Send soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_soundd_client_packets" lineno="77085">
<summary>
Do not audit attempts to send soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_soundd_client_packets" lineno="77104">
<summary>
Receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_soundd_client_packets" lineno="77123">
<summary>
Do not audit attempts to receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_soundd_client_packets" lineno="77142">
<summary>
Send and receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_soundd_client_packets" lineno="77158">
<summary>
Do not audit attempts to send and receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_soundd_client_packets" lineno="77173">
<summary>
Relabel packets to soundd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_soundd_server_packets" lineno="77193">
<summary>
Send soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_soundd_server_packets" lineno="77212">
<summary>
Do not audit attempts to send soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_soundd_server_packets" lineno="77231">
<summary>
Receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_soundd_server_packets" lineno="77250">
<summary>
Do not audit attempts to receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_soundd_server_packets" lineno="77269">
<summary>
Send and receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_soundd_server_packets" lineno="77285">
<summary>
Do not audit attempts to send and receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_soundd_server_packets" lineno="77300">
<summary>
Relabel packets to soundd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_spamd_port" lineno="77322">
<summary>
Send and receive TCP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_spamd_port" lineno="77337">
<summary>
Send UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_spamd_port" lineno="77352">
<summary>
Do not audit attempts to send UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_spamd_port" lineno="77367">
<summary>
Receive UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_spamd_port" lineno="77382">
<summary>
Do not audit attempts to receive UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_spamd_port" lineno="77397">
<summary>
Send and receive UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_spamd_port" lineno="77413">
<summary>
Do not audit attempts to send and receive
UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_spamd_port" lineno="77428">
<summary>
Bind TCP sockets to the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_spamd_port" lineno="77448">
<summary>
Bind UDP sockets to the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_spamd_port" lineno="77467">
<summary>
Make a TCP connection to the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_spamd_client_packets" lineno="77487">
<summary>
Send spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_spamd_client_packets" lineno="77506">
<summary>
Do not audit attempts to send spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_spamd_client_packets" lineno="77525">
<summary>
Receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_spamd_client_packets" lineno="77544">
<summary>
Do not audit attempts to receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_spamd_client_packets" lineno="77563">
<summary>
Send and receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_spamd_client_packets" lineno="77579">
<summary>
Do not audit attempts to send and receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_spamd_client_packets" lineno="77594">
<summary>
Relabel packets to spamd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_spamd_server_packets" lineno="77614">
<summary>
Send spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_spamd_server_packets" lineno="77633">
<summary>
Do not audit attempts to send spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_spamd_server_packets" lineno="77652">
<summary>
Receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_spamd_server_packets" lineno="77671">
<summary>
Do not audit attempts to receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_spamd_server_packets" lineno="77690">
<summary>
Send and receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_spamd_server_packets" lineno="77706">
<summary>
Do not audit attempts to send and receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_spamd_server_packets" lineno="77721">
<summary>
Relabel packets to spamd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_speech_port" lineno="77743">
<summary>
Send and receive TCP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_speech_port" lineno="77758">
<summary>
Send UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_speech_port" lineno="77773">
<summary>
Do not audit attempts to send UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_speech_port" lineno="77788">
<summary>
Receive UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_speech_port" lineno="77803">
<summary>
Do not audit attempts to receive UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_speech_port" lineno="77818">
<summary>
Send and receive UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_speech_port" lineno="77834">
<summary>
Do not audit attempts to send and receive
UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_speech_port" lineno="77849">
<summary>
Bind TCP sockets to the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_speech_port" lineno="77869">
<summary>
Bind UDP sockets to the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_speech_port" lineno="77888">
<summary>
Make a TCP connection to the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_speech_client_packets" lineno="77908">
<summary>
Send speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_speech_client_packets" lineno="77927">
<summary>
Do not audit attempts to send speech_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_speech_client_packets" lineno="77946">
<summary>
Receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_speech_client_packets" lineno="77965">
<summary>
Do not audit attempts to receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_speech_client_packets" lineno="77984">
<summary>
Send and receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_speech_client_packets" lineno="78000">
<summary>
Do not audit attempts to send and receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_speech_client_packets" lineno="78015">
<summary>
Relabel packets to speech_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_speech_server_packets" lineno="78035">
<summary>
Send speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_speech_server_packets" lineno="78054">
<summary>
Do not audit attempts to send speech_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_speech_server_packets" lineno="78073">
<summary>
Receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_speech_server_packets" lineno="78092">
<summary>
Do not audit attempts to receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_speech_server_packets" lineno="78111">
<summary>
Send and receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_speech_server_packets" lineno="78127">
<summary>
Do not audit attempts to send and receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_speech_server_packets" lineno="78142">
<summary>
Relabel packets to speech_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_squid_port" lineno="78164">
<summary>
Send and receive TCP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_squid_port" lineno="78179">
<summary>
Send UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_squid_port" lineno="78194">
<summary>
Do not audit attempts to send UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_squid_port" lineno="78209">
<summary>
Receive UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_squid_port" lineno="78224">
<summary>
Do not audit attempts to receive UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_squid_port" lineno="78239">
<summary>
Send and receive UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_squid_port" lineno="78255">
<summary>
Do not audit attempts to send and receive
UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_squid_port" lineno="78270">
<summary>
Bind TCP sockets to the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_squid_port" lineno="78290">
<summary>
Bind UDP sockets to the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_squid_port" lineno="78309">
<summary>
Make a TCP connection to the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_squid_client_packets" lineno="78329">
<summary>
Send squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_squid_client_packets" lineno="78348">
<summary>
Do not audit attempts to send squid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_squid_client_packets" lineno="78367">
<summary>
Receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_squid_client_packets" lineno="78386">
<summary>
Do not audit attempts to receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_squid_client_packets" lineno="78405">
<summary>
Send and receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_squid_client_packets" lineno="78421">
<summary>
Do not audit attempts to send and receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_squid_client_packets" lineno="78436">
<summary>
Relabel packets to squid_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_squid_server_packets" lineno="78456">
<summary>
Send squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_squid_server_packets" lineno="78475">
<summary>
Do not audit attempts to send squid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_squid_server_packets" lineno="78494">
<summary>
Receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_squid_server_packets" lineno="78513">
<summary>
Do not audit attempts to receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_squid_server_packets" lineno="78532">
<summary>
Send and receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_squid_server_packets" lineno="78548">
<summary>
Do not audit attempts to send and receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_squid_server_packets" lineno="78563">
<summary>
Relabel packets to squid_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ssdp_port" lineno="78585">
<summary>
Send and receive TCP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ssdp_port" lineno="78600">
<summary>
Send UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ssdp_port" lineno="78615">
<summary>
Do not audit attempts to send UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ssdp_port" lineno="78630">
<summary>
Receive UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ssdp_port" lineno="78645">
<summary>
Do not audit attempts to receive UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ssdp_port" lineno="78660">
<summary>
Send and receive UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ssdp_port" lineno="78676">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ssdp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ssdp_port" lineno="78691">
<summary>
Bind TCP sockets to the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ssdp_port" lineno="78711">
<summary>
Bind UDP sockets to the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ssdp_port" lineno="78730">
<summary>
Make a TCP connection to the ssdp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ssdp_client_packets" lineno="78750">
<summary>
Send ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ssdp_client_packets" lineno="78769">
<summary>
Do not audit attempts to send ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ssdp_client_packets" lineno="78788">
<summary>
Receive ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ssdp_client_packets" lineno="78807">
<summary>
Do not audit attempts to receive ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ssdp_client_packets" lineno="78826">
<summary>
Send and receive ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ssdp_client_packets" lineno="78842">
<summary>
Do not audit attempts to send and receive ssdp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ssdp_client_packets" lineno="78857">
<summary>
Relabel packets to ssdp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ssdp_server_packets" lineno="78877">
<summary>
Send ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ssdp_server_packets" lineno="78896">
<summary>
Do not audit attempts to send ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ssdp_server_packets" lineno="78915">
<summary>
Receive ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ssdp_server_packets" lineno="78934">
<summary>
Do not audit attempts to receive ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ssdp_server_packets" lineno="78953">
<summary>
Send and receive ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ssdp_server_packets" lineno="78969">
<summary>
Do not audit attempts to send and receive ssdp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ssdp_server_packets" lineno="78984">
<summary>
Relabel packets to ssdp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ssh_port" lineno="79006">
<summary>
Send and receive TCP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ssh_port" lineno="79021">
<summary>
Send UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ssh_port" lineno="79036">
<summary>
Do not audit attempts to send UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ssh_port" lineno="79051">
<summary>
Receive UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ssh_port" lineno="79066">
<summary>
Do not audit attempts to receive UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ssh_port" lineno="79081">
<summary>
Send and receive UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ssh_port" lineno="79097">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ssh_port" lineno="79112">
<summary>
Bind TCP sockets to the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ssh_port" lineno="79132">
<summary>
Bind UDP sockets to the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ssh_port" lineno="79151">
<summary>
Make a TCP connection to the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ssh_client_packets" lineno="79171">
<summary>
Send ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ssh_client_packets" lineno="79190">
<summary>
Do not audit attempts to send ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ssh_client_packets" lineno="79209">
<summary>
Receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ssh_client_packets" lineno="79228">
<summary>
Do not audit attempts to receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ssh_client_packets" lineno="79247">
<summary>
Send and receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ssh_client_packets" lineno="79263">
<summary>
Do not audit attempts to send and receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ssh_client_packets" lineno="79278">
<summary>
Relabel packets to ssh_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ssh_server_packets" lineno="79298">
<summary>
Send ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ssh_server_packets" lineno="79317">
<summary>
Do not audit attempts to send ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ssh_server_packets" lineno="79336">
<summary>
Receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ssh_server_packets" lineno="79355">
<summary>
Do not audit attempts to receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ssh_server_packets" lineno="79374">
<summary>
Send and receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ssh_server_packets" lineno="79390">
<summary>
Do not audit attempts to send and receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ssh_server_packets" lineno="79405">
<summary>
Relabel packets to ssh_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_stunnel_port" lineno="79427">
<summary>
Send and receive TCP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_stunnel_port" lineno="79442">
<summary>
Send UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_stunnel_port" lineno="79457">
<summary>
Do not audit attempts to send UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_stunnel_port" lineno="79472">
<summary>
Receive UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_stunnel_port" lineno="79487">
<summary>
Do not audit attempts to receive UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_stunnel_port" lineno="79502">
<summary>
Send and receive UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_stunnel_port" lineno="79518">
<summary>
Do not audit attempts to send and receive
UDP traffic on the stunnel port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_stunnel_port" lineno="79533">
<summary>
Bind TCP sockets to the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_stunnel_port" lineno="79553">
<summary>
Bind UDP sockets to the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_stunnel_port" lineno="79572">
<summary>
Make a TCP connection to the stunnel port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_stunnel_client_packets" lineno="79592">
<summary>
Send stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_stunnel_client_packets" lineno="79611">
<summary>
Do not audit attempts to send stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_stunnel_client_packets" lineno="79630">
<summary>
Receive stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_stunnel_client_packets" lineno="79649">
<summary>
Do not audit attempts to receive stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_stunnel_client_packets" lineno="79668">
<summary>
Send and receive stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_stunnel_client_packets" lineno="79684">
<summary>
Do not audit attempts to send and receive stunnel_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_stunnel_client_packets" lineno="79699">
<summary>
Relabel packets to stunnel_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_stunnel_server_packets" lineno="79719">
<summary>
Send stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_stunnel_server_packets" lineno="79738">
<summary>
Do not audit attempts to send stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_stunnel_server_packets" lineno="79757">
<summary>
Receive stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_stunnel_server_packets" lineno="79776">
<summary>
Do not audit attempts to receive stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_stunnel_server_packets" lineno="79795">
<summary>
Send and receive stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_stunnel_server_packets" lineno="79811">
<summary>
Do not audit attempts to send and receive stunnel_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_stunnel_server_packets" lineno="79826">
<summary>
Relabel packets to stunnel_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_svn_port" lineno="79848">
<summary>
Send and receive TCP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_svn_port" lineno="79863">
<summary>
Send UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_svn_port" lineno="79878">
<summary>
Do not audit attempts to send UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_svn_port" lineno="79893">
<summary>
Receive UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_svn_port" lineno="79908">
<summary>
Do not audit attempts to receive UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_svn_port" lineno="79923">
<summary>
Send and receive UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_svn_port" lineno="79939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_svn_port" lineno="79954">
<summary>
Bind TCP sockets to the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_svn_port" lineno="79974">
<summary>
Bind UDP sockets to the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_svn_port" lineno="79993">
<summary>
Make a TCP connection to the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_svn_client_packets" lineno="80013">
<summary>
Send svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_svn_client_packets" lineno="80032">
<summary>
Do not audit attempts to send svn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_svn_client_packets" lineno="80051">
<summary>
Receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_svn_client_packets" lineno="80070">
<summary>
Do not audit attempts to receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_svn_client_packets" lineno="80089">
<summary>
Send and receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_svn_client_packets" lineno="80105">
<summary>
Do not audit attempts to send and receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_svn_client_packets" lineno="80120">
<summary>
Relabel packets to svn_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_svn_server_packets" lineno="80140">
<summary>
Send svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_svn_server_packets" lineno="80159">
<summary>
Do not audit attempts to send svn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_svn_server_packets" lineno="80178">
<summary>
Receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_svn_server_packets" lineno="80197">
<summary>
Do not audit attempts to receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_svn_server_packets" lineno="80216">
<summary>
Send and receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_svn_server_packets" lineno="80232">
<summary>
Do not audit attempts to send and receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_svn_server_packets" lineno="80247">
<summary>
Relabel packets to svn_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_svrloc_port" lineno="80269">
<summary>
Send and receive TCP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_svrloc_port" lineno="80284">
<summary>
Send UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_svrloc_port" lineno="80299">
<summary>
Do not audit attempts to send UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_svrloc_port" lineno="80314">
<summary>
Receive UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_svrloc_port" lineno="80329">
<summary>
Do not audit attempts to receive UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_svrloc_port" lineno="80344">
<summary>
Send and receive UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_svrloc_port" lineno="80360">
<summary>
Do not audit attempts to send and receive
UDP traffic on the svrloc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_svrloc_port" lineno="80375">
<summary>
Bind TCP sockets to the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_svrloc_port" lineno="80395">
<summary>
Bind UDP sockets to the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_svrloc_port" lineno="80414">
<summary>
Make a TCP connection to the svrloc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_svrloc_client_packets" lineno="80434">
<summary>
Send svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_svrloc_client_packets" lineno="80453">
<summary>
Do not audit attempts to send svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_svrloc_client_packets" lineno="80472">
<summary>
Receive svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_svrloc_client_packets" lineno="80491">
<summary>
Do not audit attempts to receive svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_svrloc_client_packets" lineno="80510">
<summary>
Send and receive svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_svrloc_client_packets" lineno="80526">
<summary>
Do not audit attempts to send and receive svrloc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_svrloc_client_packets" lineno="80541">
<summary>
Relabel packets to svrloc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_svrloc_server_packets" lineno="80561">
<summary>
Send svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_svrloc_server_packets" lineno="80580">
<summary>
Do not audit attempts to send svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_svrloc_server_packets" lineno="80599">
<summary>
Receive svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_svrloc_server_packets" lineno="80618">
<summary>
Do not audit attempts to receive svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_svrloc_server_packets" lineno="80637">
<summary>
Send and receive svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_svrloc_server_packets" lineno="80653">
<summary>
Do not audit attempts to send and receive svrloc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_svrloc_server_packets" lineno="80668">
<summary>
Relabel packets to svrloc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_swat_port" lineno="80690">
<summary>
Send and receive TCP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_swat_port" lineno="80705">
<summary>
Send UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_swat_port" lineno="80720">
<summary>
Do not audit attempts to send UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_swat_port" lineno="80735">
<summary>
Receive UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_swat_port" lineno="80750">
<summary>
Do not audit attempts to receive UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_swat_port" lineno="80765">
<summary>
Send and receive UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_swat_port" lineno="80781">
<summary>
Do not audit attempts to send and receive
UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_swat_port" lineno="80796">
<summary>
Bind TCP sockets to the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_swat_port" lineno="80816">
<summary>
Bind UDP sockets to the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_swat_port" lineno="80835">
<summary>
Make a TCP connection to the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_swat_client_packets" lineno="80855">
<summary>
Send swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_swat_client_packets" lineno="80874">
<summary>
Do not audit attempts to send swat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_swat_client_packets" lineno="80893">
<summary>
Receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_swat_client_packets" lineno="80912">
<summary>
Do not audit attempts to receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_swat_client_packets" lineno="80931">
<summary>
Send and receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_swat_client_packets" lineno="80947">
<summary>
Do not audit attempts to send and receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_swat_client_packets" lineno="80962">
<summary>
Relabel packets to swat_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_swat_server_packets" lineno="80982">
<summary>
Send swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_swat_server_packets" lineno="81001">
<summary>
Do not audit attempts to send swat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_swat_server_packets" lineno="81020">
<summary>
Receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_swat_server_packets" lineno="81039">
<summary>
Do not audit attempts to receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_swat_server_packets" lineno="81058">
<summary>
Send and receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_swat_server_packets" lineno="81074">
<summary>
Do not audit attempts to send and receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_swat_server_packets" lineno="81089">
<summary>
Relabel packets to swat_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_syncthing_port" lineno="81111">
<summary>
Send and receive TCP traffic on the syncthing port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_syncthing_port" lineno="81126">
<summary>
Send UDP traffic on the syncthing port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_syncthing_port" lineno="81141">
<summary>
Do not audit attempts to send UDP traffic on the syncthing port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_syncthing_port" lineno="81156">
<summary>
Receive UDP traffic on the syncthing port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_syncthing_port" lineno="81171">
<summary>
Do not audit attempts to receive UDP traffic on the syncthing port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_syncthing_port" lineno="81186">
<summary>
Send and receive UDP traffic on the syncthing port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_syncthing_port" lineno="81202">
<summary>
Do not audit attempts to send and receive
UDP traffic on the syncthing port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_syncthing_port" lineno="81217">
<summary>
Bind TCP sockets to the syncthing port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_syncthing_port" lineno="81237">
<summary>
Bind UDP sockets to the syncthing port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_syncthing_port" lineno="81256">
<summary>
Make a TCP connection to the syncthing port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syncthing_client_packets" lineno="81276">
<summary>
Send syncthing_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syncthing_client_packets" lineno="81295">
<summary>
Do not audit attempts to send syncthing_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syncthing_client_packets" lineno="81314">
<summary>
Receive syncthing_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syncthing_client_packets" lineno="81333">
<summary>
Do not audit attempts to receive syncthing_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syncthing_client_packets" lineno="81352">
<summary>
Send and receive syncthing_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syncthing_client_packets" lineno="81368">
<summary>
Do not audit attempts to send and receive syncthing_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syncthing_client_packets" lineno="81383">
<summary>
Relabel packets to syncthing_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syncthing_server_packets" lineno="81403">
<summary>
Send syncthing_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syncthing_server_packets" lineno="81422">
<summary>
Do not audit attempts to send syncthing_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syncthing_server_packets" lineno="81441">
<summary>
Receive syncthing_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syncthing_server_packets" lineno="81460">
<summary>
Do not audit attempts to receive syncthing_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syncthing_server_packets" lineno="81479">
<summary>
Send and receive syncthing_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syncthing_server_packets" lineno="81495">
<summary>
Do not audit attempts to send and receive syncthing_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syncthing_server_packets" lineno="81510">
<summary>
Relabel packets to syncthing_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_syncthing_admin_port" lineno="81532">
<summary>
Send and receive TCP traffic on the syncthing_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_syncthing_admin_port" lineno="81547">
<summary>
Send UDP traffic on the syncthing_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_syncthing_admin_port" lineno="81562">
<summary>
Do not audit attempts to send UDP traffic on the syncthing_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_syncthing_admin_port" lineno="81577">
<summary>
Receive UDP traffic on the syncthing_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_syncthing_admin_port" lineno="81592">
<summary>
Do not audit attempts to receive UDP traffic on the syncthing_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_syncthing_admin_port" lineno="81607">
<summary>
Send and receive UDP traffic on the syncthing_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_syncthing_admin_port" lineno="81623">
<summary>
Do not audit attempts to send and receive
UDP traffic on the syncthing_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_syncthing_admin_port" lineno="81638">
<summary>
Bind TCP sockets to the syncthing_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_syncthing_admin_port" lineno="81658">
<summary>
Bind UDP sockets to the syncthing_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_syncthing_admin_port" lineno="81677">
<summary>
Make a TCP connection to the syncthing_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syncthing_admin_client_packets" lineno="81697">
<summary>
Send syncthing_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syncthing_admin_client_packets" lineno="81716">
<summary>
Do not audit attempts to send syncthing_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syncthing_admin_client_packets" lineno="81735">
<summary>
Receive syncthing_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syncthing_admin_client_packets" lineno="81754">
<summary>
Do not audit attempts to receive syncthing_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syncthing_admin_client_packets" lineno="81773">
<summary>
Send and receive syncthing_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syncthing_admin_client_packets" lineno="81789">
<summary>
Do not audit attempts to send and receive syncthing_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syncthing_admin_client_packets" lineno="81804">
<summary>
Relabel packets to syncthing_admin_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syncthing_admin_server_packets" lineno="81824">
<summary>
Send syncthing_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syncthing_admin_server_packets" lineno="81843">
<summary>
Do not audit attempts to send syncthing_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syncthing_admin_server_packets" lineno="81862">
<summary>
Receive syncthing_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syncthing_admin_server_packets" lineno="81881">
<summary>
Do not audit attempts to receive syncthing_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syncthing_admin_server_packets" lineno="81900">
<summary>
Send and receive syncthing_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syncthing_admin_server_packets" lineno="81916">
<summary>
Do not audit attempts to send and receive syncthing_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syncthing_admin_server_packets" lineno="81931">
<summary>
Relabel packets to syncthing_admin_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_syncthing_discovery_port" lineno="81953">
<summary>
Send and receive TCP traffic on the syncthing_discovery port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_syncthing_discovery_port" lineno="81968">
<summary>
Send UDP traffic on the syncthing_discovery port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_syncthing_discovery_port" lineno="81983">
<summary>
Do not audit attempts to send UDP traffic on the syncthing_discovery port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_syncthing_discovery_port" lineno="81998">
<summary>
Receive UDP traffic on the syncthing_discovery port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_syncthing_discovery_port" lineno="82013">
<summary>
Do not audit attempts to receive UDP traffic on the syncthing_discovery port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_syncthing_discovery_port" lineno="82028">
<summary>
Send and receive UDP traffic on the syncthing_discovery port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_syncthing_discovery_port" lineno="82044">
<summary>
Do not audit attempts to send and receive
UDP traffic on the syncthing_discovery port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_syncthing_discovery_port" lineno="82059">
<summary>
Bind TCP sockets to the syncthing_discovery port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_syncthing_discovery_port" lineno="82079">
<summary>
Bind UDP sockets to the syncthing_discovery port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_syncthing_discovery_port" lineno="82098">
<summary>
Make a TCP connection to the syncthing_discovery port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syncthing_discovery_client_packets" lineno="82118">
<summary>
Send syncthing_discovery_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syncthing_discovery_client_packets" lineno="82137">
<summary>
Do not audit attempts to send syncthing_discovery_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syncthing_discovery_client_packets" lineno="82156">
<summary>
Receive syncthing_discovery_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syncthing_discovery_client_packets" lineno="82175">
<summary>
Do not audit attempts to receive syncthing_discovery_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syncthing_discovery_client_packets" lineno="82194">
<summary>
Send and receive syncthing_discovery_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syncthing_discovery_client_packets" lineno="82210">
<summary>
Do not audit attempts to send and receive syncthing_discovery_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syncthing_discovery_client_packets" lineno="82225">
<summary>
Relabel packets to syncthing_discovery_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syncthing_discovery_server_packets" lineno="82245">
<summary>
Send syncthing_discovery_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syncthing_discovery_server_packets" lineno="82264">
<summary>
Do not audit attempts to send syncthing_discovery_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syncthing_discovery_server_packets" lineno="82283">
<summary>
Receive syncthing_discovery_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syncthing_discovery_server_packets" lineno="82302">
<summary>
Do not audit attempts to receive syncthing_discovery_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syncthing_discovery_server_packets" lineno="82321">
<summary>
Send and receive syncthing_discovery_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syncthing_discovery_server_packets" lineno="82337">
<summary>
Do not audit attempts to send and receive syncthing_discovery_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syncthing_discovery_server_packets" lineno="82352">
<summary>
Relabel packets to syncthing_discovery_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sype_transport_port" lineno="82374">
<summary>
Send and receive TCP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sype_transport_port" lineno="82389">
<summary>
Send UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sype_transport_port" lineno="82404">
<summary>
Do not audit attempts to send UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sype_transport_port" lineno="82419">
<summary>
Receive UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sype_transport_port" lineno="82434">
<summary>
Do not audit attempts to receive UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sype_transport_port" lineno="82449">
<summary>
Send and receive UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sype_transport_port" lineno="82465">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sype_transport_port" lineno="82480">
<summary>
Bind TCP sockets to the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sype_transport_port" lineno="82500">
<summary>
Bind UDP sockets to the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sype_transport_port" lineno="82519">
<summary>
Make a TCP connection to the sype_transport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sype_transport_client_packets" lineno="82539">
<summary>
Send sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sype_transport_client_packets" lineno="82558">
<summary>
Do not audit attempts to send sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sype_transport_client_packets" lineno="82577">
<summary>
Receive sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sype_transport_client_packets" lineno="82596">
<summary>
Do not audit attempts to receive sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sype_transport_client_packets" lineno="82615">
<summary>
Send and receive sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sype_transport_client_packets" lineno="82631">
<summary>
Do not audit attempts to send and receive sype_transport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sype_transport_client_packets" lineno="82646">
<summary>
Relabel packets to sype_transport_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sype_transport_server_packets" lineno="82666">
<summary>
Send sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sype_transport_server_packets" lineno="82685">
<summary>
Do not audit attempts to send sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sype_transport_server_packets" lineno="82704">
<summary>
Receive sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sype_transport_server_packets" lineno="82723">
<summary>
Do not audit attempts to receive sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sype_transport_server_packets" lineno="82742">
<summary>
Send and receive sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sype_transport_server_packets" lineno="82758">
<summary>
Do not audit attempts to send and receive sype_transport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sype_transport_server_packets" lineno="82773">
<summary>
Relabel packets to sype_transport_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_syslogd_port" lineno="82795">
<summary>
Send and receive TCP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_syslogd_port" lineno="82810">
<summary>
Send UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_syslogd_port" lineno="82825">
<summary>
Do not audit attempts to send UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_syslogd_port" lineno="82840">
<summary>
Receive UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_syslogd_port" lineno="82855">
<summary>
Do not audit attempts to receive UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_syslogd_port" lineno="82870">
<summary>
Send and receive UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_syslogd_port" lineno="82886">
<summary>
Do not audit attempts to send and receive
UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_syslogd_port" lineno="82901">
<summary>
Bind TCP sockets to the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_syslogd_port" lineno="82921">
<summary>
Bind UDP sockets to the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_syslogd_port" lineno="82940">
<summary>
Make a TCP connection to the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syslogd_client_packets" lineno="82960">
<summary>
Send syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syslogd_client_packets" lineno="82979">
<summary>
Do not audit attempts to send syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syslogd_client_packets" lineno="82998">
<summary>
Receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syslogd_client_packets" lineno="83017">
<summary>
Do not audit attempts to receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syslogd_client_packets" lineno="83036">
<summary>
Send and receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syslogd_client_packets" lineno="83052">
<summary>
Do not audit attempts to send and receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syslogd_client_packets" lineno="83067">
<summary>
Relabel packets to syslogd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syslogd_server_packets" lineno="83087">
<summary>
Send syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syslogd_server_packets" lineno="83106">
<summary>
Do not audit attempts to send syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syslogd_server_packets" lineno="83125">
<summary>
Receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syslogd_server_packets" lineno="83144">
<summary>
Do not audit attempts to receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syslogd_server_packets" lineno="83163">
<summary>
Send and receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syslogd_server_packets" lineno="83179">
<summary>
Do not audit attempts to send and receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syslogd_server_packets" lineno="83194">
<summary>
Relabel packets to syslogd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_syslog_tls_port" lineno="83216">
<summary>
Send and receive TCP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_syslog_tls_port" lineno="83231">
<summary>
Send UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_syslog_tls_port" lineno="83246">
<summary>
Do not audit attempts to send UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_syslog_tls_port" lineno="83261">
<summary>
Receive UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_syslog_tls_port" lineno="83276">
<summary>
Do not audit attempts to receive UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_syslog_tls_port" lineno="83291">
<summary>
Send and receive UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_syslog_tls_port" lineno="83307">
<summary>
Do not audit attempts to send and receive
UDP traffic on the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_syslog_tls_port" lineno="83322">
<summary>
Bind TCP sockets to the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_syslog_tls_port" lineno="83342">
<summary>
Bind UDP sockets to the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_syslog_tls_port" lineno="83361">
<summary>
Make a TCP connection to the syslog_tls port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syslog_tls_client_packets" lineno="83381">
<summary>
Send syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syslog_tls_client_packets" lineno="83400">
<summary>
Do not audit attempts to send syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syslog_tls_client_packets" lineno="83419">
<summary>
Receive syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syslog_tls_client_packets" lineno="83438">
<summary>
Do not audit attempts to receive syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syslog_tls_client_packets" lineno="83457">
<summary>
Send and receive syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syslog_tls_client_packets" lineno="83473">
<summary>
Do not audit attempts to send and receive syslog_tls_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syslog_tls_client_packets" lineno="83488">
<summary>
Relabel packets to syslog_tls_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syslog_tls_server_packets" lineno="83508">
<summary>
Send syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syslog_tls_server_packets" lineno="83527">
<summary>
Do not audit attempts to send syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syslog_tls_server_packets" lineno="83546">
<summary>
Receive syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syslog_tls_server_packets" lineno="83565">
<summary>
Do not audit attempts to receive syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syslog_tls_server_packets" lineno="83584">
<summary>
Send and receive syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syslog_tls_server_packets" lineno="83600">
<summary>
Do not audit attempts to send and receive syslog_tls_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syslog_tls_server_packets" lineno="83615">
<summary>
Relabel packets to syslog_tls_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_tcs_port" lineno="83637">
<summary>
Send and receive TCP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_tcs_port" lineno="83652">
<summary>
Send UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_tcs_port" lineno="83667">
<summary>
Do not audit attempts to send UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_tcs_port" lineno="83682">
<summary>
Receive UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_tcs_port" lineno="83697">
<summary>
Do not audit attempts to receive UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_tcs_port" lineno="83712">
<summary>
Send and receive UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_tcs_port" lineno="83728">
<summary>
Do not audit attempts to send and receive
UDP traffic on the tcs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_tcs_port" lineno="83743">
<summary>
Bind TCP sockets to the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_tcs_port" lineno="83763">
<summary>
Bind UDP sockets to the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_tcs_port" lineno="83782">
<summary>
Make a TCP connection to the tcs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tcs_client_packets" lineno="83802">
<summary>
Send tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tcs_client_packets" lineno="83821">
<summary>
Do not audit attempts to send tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tcs_client_packets" lineno="83840">
<summary>
Receive tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tcs_client_packets" lineno="83859">
<summary>
Do not audit attempts to receive tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tcs_client_packets" lineno="83878">
<summary>
Send and receive tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tcs_client_packets" lineno="83894">
<summary>
Do not audit attempts to send and receive tcs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tcs_client_packets" lineno="83909">
<summary>
Relabel packets to tcs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tcs_server_packets" lineno="83929">
<summary>
Send tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tcs_server_packets" lineno="83948">
<summary>
Do not audit attempts to send tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tcs_server_packets" lineno="83967">
<summary>
Receive tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tcs_server_packets" lineno="83986">
<summary>
Do not audit attempts to receive tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tcs_server_packets" lineno="84005">
<summary>
Send and receive tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tcs_server_packets" lineno="84021">
<summary>
Do not audit attempts to send and receive tcs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tcs_server_packets" lineno="84036">
<summary>
Relabel packets to tcs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_telnetd_port" lineno="84058">
<summary>
Send and receive TCP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_telnetd_port" lineno="84073">
<summary>
Send UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_telnetd_port" lineno="84088">
<summary>
Do not audit attempts to send UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_telnetd_port" lineno="84103">
<summary>
Receive UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_telnetd_port" lineno="84118">
<summary>
Do not audit attempts to receive UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_telnetd_port" lineno="84133">
<summary>
Send and receive UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_telnetd_port" lineno="84149">
<summary>
Do not audit attempts to send and receive
UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_telnetd_port" lineno="84164">
<summary>
Bind TCP sockets to the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_telnetd_port" lineno="84184">
<summary>
Bind UDP sockets to the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_telnetd_port" lineno="84203">
<summary>
Make a TCP connection to the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_telnetd_client_packets" lineno="84223">
<summary>
Send telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_telnetd_client_packets" lineno="84242">
<summary>
Do not audit attempts to send telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_telnetd_client_packets" lineno="84261">
<summary>
Receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_telnetd_client_packets" lineno="84280">
<summary>
Do not audit attempts to receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_telnetd_client_packets" lineno="84299">
<summary>
Send and receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_telnetd_client_packets" lineno="84315">
<summary>
Do not audit attempts to send and receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_telnetd_client_packets" lineno="84330">
<summary>
Relabel packets to telnetd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_telnetd_server_packets" lineno="84350">
<summary>
Send telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_telnetd_server_packets" lineno="84369">
<summary>
Do not audit attempts to send telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_telnetd_server_packets" lineno="84388">
<summary>
Receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_telnetd_server_packets" lineno="84407">
<summary>
Do not audit attempts to receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_telnetd_server_packets" lineno="84426">
<summary>
Send and receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_telnetd_server_packets" lineno="84442">
<summary>
Do not audit attempts to send and receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_telnetd_server_packets" lineno="84457">
<summary>
Relabel packets to telnetd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_tftp_port" lineno="84479">
<summary>
Send and receive TCP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_tftp_port" lineno="84494">
<summary>
Send UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_tftp_port" lineno="84509">
<summary>
Do not audit attempts to send UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_tftp_port" lineno="84524">
<summary>
Receive UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_tftp_port" lineno="84539">
<summary>
Do not audit attempts to receive UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_tftp_port" lineno="84554">
<summary>
Send and receive UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_tftp_port" lineno="84570">
<summary>
Do not audit attempts to send and receive
UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_tftp_port" lineno="84585">
<summary>
Bind TCP sockets to the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_tftp_port" lineno="84605">
<summary>
Bind UDP sockets to the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_tftp_port" lineno="84624">
<summary>
Make a TCP connection to the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tftp_client_packets" lineno="84644">
<summary>
Send tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tftp_client_packets" lineno="84663">
<summary>
Do not audit attempts to send tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tftp_client_packets" lineno="84682">
<summary>
Receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tftp_client_packets" lineno="84701">
<summary>
Do not audit attempts to receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tftp_client_packets" lineno="84720">
<summary>
Send and receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tftp_client_packets" lineno="84736">
<summary>
Do not audit attempts to send and receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tftp_client_packets" lineno="84751">
<summary>
Relabel packets to tftp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tftp_server_packets" lineno="84771">
<summary>
Send tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tftp_server_packets" lineno="84790">
<summary>
Do not audit attempts to send tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tftp_server_packets" lineno="84809">
<summary>
Receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tftp_server_packets" lineno="84828">
<summary>
Do not audit attempts to receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tftp_server_packets" lineno="84847">
<summary>
Send and receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tftp_server_packets" lineno="84863">
<summary>
Do not audit attempts to send and receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tftp_server_packets" lineno="84878">
<summary>
Relabel packets to tftp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_tor_port" lineno="84900">
<summary>
Send and receive TCP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_tor_port" lineno="84915">
<summary>
Send UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_tor_port" lineno="84930">
<summary>
Do not audit attempts to send UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_tor_port" lineno="84945">
<summary>
Receive UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_tor_port" lineno="84960">
<summary>
Do not audit attempts to receive UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_tor_port" lineno="84975">
<summary>
Send and receive UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_tor_port" lineno="84991">
<summary>
Do not audit attempts to send and receive
UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_tor_port" lineno="85006">
<summary>
Bind TCP sockets to the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_tor_port" lineno="85026">
<summary>
Bind UDP sockets to the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_tor_port" lineno="85045">
<summary>
Make a TCP connection to the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tor_client_packets" lineno="85065">
<summary>
Send tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tor_client_packets" lineno="85084">
<summary>
Do not audit attempts to send tor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tor_client_packets" lineno="85103">
<summary>
Receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tor_client_packets" lineno="85122">
<summary>
Do not audit attempts to receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tor_client_packets" lineno="85141">
<summary>
Send and receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tor_client_packets" lineno="85157">
<summary>
Do not audit attempts to send and receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tor_client_packets" lineno="85172">
<summary>
Relabel packets to tor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tor_server_packets" lineno="85192">
<summary>
Send tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tor_server_packets" lineno="85211">
<summary>
Do not audit attempts to send tor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tor_server_packets" lineno="85230">
<summary>
Receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tor_server_packets" lineno="85249">
<summary>
Do not audit attempts to receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tor_server_packets" lineno="85268">
<summary>
Send and receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tor_server_packets" lineno="85284">
<summary>
Do not audit attempts to send and receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tor_server_packets" lineno="85299">
<summary>
Relabel packets to tor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_traceroute_port" lineno="85321">
<summary>
Send and receive TCP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_traceroute_port" lineno="85336">
<summary>
Send UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_traceroute_port" lineno="85351">
<summary>
Do not audit attempts to send UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_traceroute_port" lineno="85366">
<summary>
Receive UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_traceroute_port" lineno="85381">
<summary>
Do not audit attempts to receive UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_traceroute_port" lineno="85396">
<summary>
Send and receive UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_traceroute_port" lineno="85412">
<summary>
Do not audit attempts to send and receive
UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_traceroute_port" lineno="85427">
<summary>
Bind TCP sockets to the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_traceroute_port" lineno="85447">
<summary>
Bind UDP sockets to the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_traceroute_port" lineno="85466">
<summary>
Make a TCP connection to the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_traceroute_client_packets" lineno="85486">
<summary>
Send traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_traceroute_client_packets" lineno="85505">
<summary>
Do not audit attempts to send traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_traceroute_client_packets" lineno="85524">
<summary>
Receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_traceroute_client_packets" lineno="85543">
<summary>
Do not audit attempts to receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_traceroute_client_packets" lineno="85562">
<summary>
Send and receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_traceroute_client_packets" lineno="85578">
<summary>
Do not audit attempts to send and receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_traceroute_client_packets" lineno="85593">
<summary>
Relabel packets to traceroute_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_traceroute_server_packets" lineno="85613">
<summary>
Send traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_traceroute_server_packets" lineno="85632">
<summary>
Do not audit attempts to send traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_traceroute_server_packets" lineno="85651">
<summary>
Receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_traceroute_server_packets" lineno="85670">
<summary>
Do not audit attempts to receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_traceroute_server_packets" lineno="85689">
<summary>
Send and receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_traceroute_server_packets" lineno="85705">
<summary>
Do not audit attempts to send and receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_traceroute_server_packets" lineno="85720">
<summary>
Relabel packets to traceroute_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_transproxy_port" lineno="85742">
<summary>
Send and receive TCP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_transproxy_port" lineno="85757">
<summary>
Send UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_transproxy_port" lineno="85772">
<summary>
Do not audit attempts to send UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_transproxy_port" lineno="85787">
<summary>
Receive UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_transproxy_port" lineno="85802">
<summary>
Do not audit attempts to receive UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_transproxy_port" lineno="85817">
<summary>
Send and receive UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_transproxy_port" lineno="85833">
<summary>
Do not audit attempts to send and receive
UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_transproxy_port" lineno="85848">
<summary>
Bind TCP sockets to the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_transproxy_port" lineno="85868">
<summary>
Bind UDP sockets to the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_transproxy_port" lineno="85887">
<summary>
Make a TCP connection to the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_transproxy_client_packets" lineno="85907">
<summary>
Send transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_transproxy_client_packets" lineno="85926">
<summary>
Do not audit attempts to send transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_transproxy_client_packets" lineno="85945">
<summary>
Receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_transproxy_client_packets" lineno="85964">
<summary>
Do not audit attempts to receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_transproxy_client_packets" lineno="85983">
<summary>
Send and receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_transproxy_client_packets" lineno="85999">
<summary>
Do not audit attempts to send and receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_transproxy_client_packets" lineno="86014">
<summary>
Relabel packets to transproxy_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_transproxy_server_packets" lineno="86034">
<summary>
Send transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_transproxy_server_packets" lineno="86053">
<summary>
Do not audit attempts to send transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_transproxy_server_packets" lineno="86072">
<summary>
Receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_transproxy_server_packets" lineno="86091">
<summary>
Do not audit attempts to receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_transproxy_server_packets" lineno="86110">
<summary>
Send and receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_transproxy_server_packets" lineno="86126">
<summary>
Do not audit attempts to send and receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_transproxy_server_packets" lineno="86141">
<summary>
Relabel packets to transproxy_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_trisoap_port" lineno="86163">
<summary>
Send and receive TCP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_trisoap_port" lineno="86178">
<summary>
Send UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_trisoap_port" lineno="86193">
<summary>
Do not audit attempts to send UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_trisoap_port" lineno="86208">
<summary>
Receive UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_trisoap_port" lineno="86223">
<summary>
Do not audit attempts to receive UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_trisoap_port" lineno="86238">
<summary>
Send and receive UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_trisoap_port" lineno="86254">
<summary>
Do not audit attempts to send and receive
UDP traffic on the trisoap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_trisoap_port" lineno="86269">
<summary>
Bind TCP sockets to the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_trisoap_port" lineno="86289">
<summary>
Bind UDP sockets to the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_trisoap_port" lineno="86308">
<summary>
Make a TCP connection to the trisoap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_trisoap_client_packets" lineno="86328">
<summary>
Send trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_trisoap_client_packets" lineno="86347">
<summary>
Do not audit attempts to send trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_trisoap_client_packets" lineno="86366">
<summary>
Receive trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_trisoap_client_packets" lineno="86385">
<summary>
Do not audit attempts to receive trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_trisoap_client_packets" lineno="86404">
<summary>
Send and receive trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_trisoap_client_packets" lineno="86420">
<summary>
Do not audit attempts to send and receive trisoap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_trisoap_client_packets" lineno="86435">
<summary>
Relabel packets to trisoap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_trisoap_server_packets" lineno="86455">
<summary>
Send trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_trisoap_server_packets" lineno="86474">
<summary>
Do not audit attempts to send trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_trisoap_server_packets" lineno="86493">
<summary>
Receive trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_trisoap_server_packets" lineno="86512">
<summary>
Do not audit attempts to receive trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_trisoap_server_packets" lineno="86531">
<summary>
Send and receive trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_trisoap_server_packets" lineno="86547">
<summary>
Do not audit attempts to send and receive trisoap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_trisoap_server_packets" lineno="86562">
<summary>
Relabel packets to trisoap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_trivnet1_port" lineno="86584">
<summary>
Send and receive TCP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_trivnet1_port" lineno="86599">
<summary>
Send UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_trivnet1_port" lineno="86614">
<summary>
Do not audit attempts to send UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_trivnet1_port" lineno="86629">
<summary>
Receive UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_trivnet1_port" lineno="86644">
<summary>
Do not audit attempts to receive UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_trivnet1_port" lineno="86659">
<summary>
Send and receive UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_trivnet1_port" lineno="86675">
<summary>
Do not audit attempts to send and receive
UDP traffic on the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_trivnet1_port" lineno="86690">
<summary>
Bind TCP sockets to the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_trivnet1_port" lineno="86710">
<summary>
Bind UDP sockets to the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_trivnet1_port" lineno="86729">
<summary>
Make a TCP connection to the trivnet1 port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_trivnet1_client_packets" lineno="86749">
<summary>
Send trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_trivnet1_client_packets" lineno="86768">
<summary>
Do not audit attempts to send trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_trivnet1_client_packets" lineno="86787">
<summary>
Receive trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_trivnet1_client_packets" lineno="86806">
<summary>
Do not audit attempts to receive trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_trivnet1_client_packets" lineno="86825">
<summary>
Send and receive trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_trivnet1_client_packets" lineno="86841">
<summary>
Do not audit attempts to send and receive trivnet1_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_trivnet1_client_packets" lineno="86856">
<summary>
Relabel packets to trivnet1_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_trivnet1_server_packets" lineno="86876">
<summary>
Send trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_trivnet1_server_packets" lineno="86895">
<summary>
Do not audit attempts to send trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_trivnet1_server_packets" lineno="86914">
<summary>
Receive trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_trivnet1_server_packets" lineno="86933">
<summary>
Do not audit attempts to receive trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_trivnet1_server_packets" lineno="86952">
<summary>
Send and receive trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_trivnet1_server_packets" lineno="86968">
<summary>
Do not audit attempts to send and receive trivnet1_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_trivnet1_server_packets" lineno="86983">
<summary>
Relabel packets to trivnet1_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ups_port" lineno="87005">
<summary>
Send and receive TCP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ups_port" lineno="87020">
<summary>
Send UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ups_port" lineno="87035">
<summary>
Do not audit attempts to send UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ups_port" lineno="87050">
<summary>
Receive UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ups_port" lineno="87065">
<summary>
Do not audit attempts to receive UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ups_port" lineno="87080">
<summary>
Send and receive UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ups_port" lineno="87096">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ups_port" lineno="87111">
<summary>
Bind TCP sockets to the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ups_port" lineno="87131">
<summary>
Bind UDP sockets to the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ups_port" lineno="87150">
<summary>
Make a TCP connection to the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ups_client_packets" lineno="87170">
<summary>
Send ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ups_client_packets" lineno="87189">
<summary>
Do not audit attempts to send ups_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ups_client_packets" lineno="87208">
<summary>
Receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ups_client_packets" lineno="87227">
<summary>
Do not audit attempts to receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ups_client_packets" lineno="87246">
<summary>
Send and receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ups_client_packets" lineno="87262">
<summary>
Do not audit attempts to send and receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ups_client_packets" lineno="87277">
<summary>
Relabel packets to ups_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ups_server_packets" lineno="87297">
<summary>
Send ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ups_server_packets" lineno="87316">
<summary>
Do not audit attempts to send ups_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ups_server_packets" lineno="87335">
<summary>
Receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ups_server_packets" lineno="87354">
<summary>
Do not audit attempts to receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ups_server_packets" lineno="87373">
<summary>
Send and receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ups_server_packets" lineno="87389">
<summary>
Do not audit attempts to send and receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ups_server_packets" lineno="87404">
<summary>
Relabel packets to ups_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_utcpserver_port" lineno="87426">
<summary>
Send and receive TCP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_utcpserver_port" lineno="87441">
<summary>
Send UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_utcpserver_port" lineno="87456">
<summary>
Do not audit attempts to send UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_utcpserver_port" lineno="87471">
<summary>
Receive UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_utcpserver_port" lineno="87486">
<summary>
Do not audit attempts to receive UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_utcpserver_port" lineno="87501">
<summary>
Send and receive UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_utcpserver_port" lineno="87517">
<summary>
Do not audit attempts to send and receive
UDP traffic on the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_utcpserver_port" lineno="87532">
<summary>
Bind TCP sockets to the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_utcpserver_port" lineno="87552">
<summary>
Bind UDP sockets to the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_utcpserver_port" lineno="87571">
<summary>
Make a TCP connection to the utcpserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_utcpserver_client_packets" lineno="87591">
<summary>
Send utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_utcpserver_client_packets" lineno="87610">
<summary>
Do not audit attempts to send utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_utcpserver_client_packets" lineno="87629">
<summary>
Receive utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_utcpserver_client_packets" lineno="87648">
<summary>
Do not audit attempts to receive utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_utcpserver_client_packets" lineno="87667">
<summary>
Send and receive utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_utcpserver_client_packets" lineno="87683">
<summary>
Do not audit attempts to send and receive utcpserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_utcpserver_client_packets" lineno="87698">
<summary>
Relabel packets to utcpserver_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_utcpserver_server_packets" lineno="87718">
<summary>
Send utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_utcpserver_server_packets" lineno="87737">
<summary>
Do not audit attempts to send utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_utcpserver_server_packets" lineno="87756">
<summary>
Receive utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_utcpserver_server_packets" lineno="87775">
<summary>
Do not audit attempts to receive utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_utcpserver_server_packets" lineno="87794">
<summary>
Send and receive utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_utcpserver_server_packets" lineno="87810">
<summary>
Do not audit attempts to send and receive utcpserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_utcpserver_server_packets" lineno="87825">
<summary>
Relabel packets to utcpserver_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_uucpd_port" lineno="87847">
<summary>
Send and receive TCP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_uucpd_port" lineno="87862">
<summary>
Send UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_uucpd_port" lineno="87877">
<summary>
Do not audit attempts to send UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_uucpd_port" lineno="87892">
<summary>
Receive UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_uucpd_port" lineno="87907">
<summary>
Do not audit attempts to receive UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_uucpd_port" lineno="87922">
<summary>
Send and receive UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_uucpd_port" lineno="87938">
<summary>
Do not audit attempts to send and receive
UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_uucpd_port" lineno="87953">
<summary>
Bind TCP sockets to the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_uucpd_port" lineno="87973">
<summary>
Bind UDP sockets to the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_uucpd_port" lineno="87992">
<summary>
Make a TCP connection to the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_uucpd_client_packets" lineno="88012">
<summary>
Send uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_uucpd_client_packets" lineno="88031">
<summary>
Do not audit attempts to send uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_uucpd_client_packets" lineno="88050">
<summary>
Receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_uucpd_client_packets" lineno="88069">
<summary>
Do not audit attempts to receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_uucpd_client_packets" lineno="88088">
<summary>
Send and receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_uucpd_client_packets" lineno="88104">
<summary>
Do not audit attempts to send and receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_uucpd_client_packets" lineno="88119">
<summary>
Relabel packets to uucpd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_uucpd_server_packets" lineno="88139">
<summary>
Send uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_uucpd_server_packets" lineno="88158">
<summary>
Do not audit attempts to send uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_uucpd_server_packets" lineno="88177">
<summary>
Receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_uucpd_server_packets" lineno="88196">
<summary>
Do not audit attempts to receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_uucpd_server_packets" lineno="88215">
<summary>
Send and receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_uucpd_server_packets" lineno="88231">
<summary>
Do not audit attempts to send and receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_uucpd_server_packets" lineno="88246">
<summary>
Relabel packets to uucpd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_varnishd_port" lineno="88268">
<summary>
Send and receive TCP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_varnishd_port" lineno="88283">
<summary>
Send UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_varnishd_port" lineno="88298">
<summary>
Do not audit attempts to send UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_varnishd_port" lineno="88313">
<summary>
Receive UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_varnishd_port" lineno="88328">
<summary>
Do not audit attempts to receive UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_varnishd_port" lineno="88343">
<summary>
Send and receive UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_varnishd_port" lineno="88359">
<summary>
Do not audit attempts to send and receive
UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_varnishd_port" lineno="88374">
<summary>
Bind TCP sockets to the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_varnishd_port" lineno="88394">
<summary>
Bind UDP sockets to the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_varnishd_port" lineno="88413">
<summary>
Make a TCP connection to the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_varnishd_client_packets" lineno="88433">
<summary>
Send varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_varnishd_client_packets" lineno="88452">
<summary>
Do not audit attempts to send varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_varnishd_client_packets" lineno="88471">
<summary>
Receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_varnishd_client_packets" lineno="88490">
<summary>
Do not audit attempts to receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_varnishd_client_packets" lineno="88509">
<summary>
Send and receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_varnishd_client_packets" lineno="88525">
<summary>
Do not audit attempts to send and receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_varnishd_client_packets" lineno="88540">
<summary>
Relabel packets to varnishd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_varnishd_server_packets" lineno="88560">
<summary>
Send varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_varnishd_server_packets" lineno="88579">
<summary>
Do not audit attempts to send varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_varnishd_server_packets" lineno="88598">
<summary>
Receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_varnishd_server_packets" lineno="88617">
<summary>
Do not audit attempts to receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_varnishd_server_packets" lineno="88636">
<summary>
Send and receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_varnishd_server_packets" lineno="88652">
<summary>
Do not audit attempts to send and receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_varnishd_server_packets" lineno="88667">
<summary>
Relabel packets to varnishd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_virt_port" lineno="88689">
<summary>
Send and receive TCP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_virt_port" lineno="88704">
<summary>
Send UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_virt_port" lineno="88719">
<summary>
Do not audit attempts to send UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_virt_port" lineno="88734">
<summary>
Receive UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_virt_port" lineno="88749">
<summary>
Do not audit attempts to receive UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_virt_port" lineno="88764">
<summary>
Send and receive UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_virt_port" lineno="88780">
<summary>
Do not audit attempts to send and receive
UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_virt_port" lineno="88795">
<summary>
Bind TCP sockets to the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_virt_port" lineno="88815">
<summary>
Bind UDP sockets to the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_virt_port" lineno="88834">
<summary>
Make a TCP connection to the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_client_packets" lineno="88854">
<summary>
Send virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_client_packets" lineno="88873">
<summary>
Do not audit attempts to send virt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_client_packets" lineno="88892">
<summary>
Receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_client_packets" lineno="88911">
<summary>
Do not audit attempts to receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_client_packets" lineno="88930">
<summary>
Send and receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_client_packets" lineno="88946">
<summary>
Do not audit attempts to send and receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_client_packets" lineno="88961">
<summary>
Relabel packets to virt_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_server_packets" lineno="88981">
<summary>
Send virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_server_packets" lineno="89000">
<summary>
Do not audit attempts to send virt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_server_packets" lineno="89019">
<summary>
Receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_server_packets" lineno="89038">
<summary>
Do not audit attempts to receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_server_packets" lineno="89057">
<summary>
Send and receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_server_packets" lineno="89073">
<summary>
Do not audit attempts to send and receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_server_packets" lineno="89088">
<summary>
Relabel packets to virt_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_virtual_places_port" lineno="89110">
<summary>
Send and receive TCP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_virtual_places_port" lineno="89125">
<summary>
Send UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_virtual_places_port" lineno="89140">
<summary>
Do not audit attempts to send UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_virtual_places_port" lineno="89155">
<summary>
Receive UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_virtual_places_port" lineno="89170">
<summary>
Do not audit attempts to receive UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_virtual_places_port" lineno="89185">
<summary>
Send and receive UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_virtual_places_port" lineno="89201">
<summary>
Do not audit attempts to send and receive
UDP traffic on the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_virtual_places_port" lineno="89216">
<summary>
Bind TCP sockets to the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_virtual_places_port" lineno="89236">
<summary>
Bind UDP sockets to the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_virtual_places_port" lineno="89255">
<summary>
Make a TCP connection to the virtual_places port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virtual_places_client_packets" lineno="89275">
<summary>
Send virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virtual_places_client_packets" lineno="89294">
<summary>
Do not audit attempts to send virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virtual_places_client_packets" lineno="89313">
<summary>
Receive virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virtual_places_client_packets" lineno="89332">
<summary>
Do not audit attempts to receive virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virtual_places_client_packets" lineno="89351">
<summary>
Send and receive virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virtual_places_client_packets" lineno="89367">
<summary>
Do not audit attempts to send and receive virtual_places_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virtual_places_client_packets" lineno="89382">
<summary>
Relabel packets to virtual_places_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virtual_places_server_packets" lineno="89402">
<summary>
Send virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virtual_places_server_packets" lineno="89421">
<summary>
Do not audit attempts to send virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virtual_places_server_packets" lineno="89440">
<summary>
Receive virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virtual_places_server_packets" lineno="89459">
<summary>
Do not audit attempts to receive virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virtual_places_server_packets" lineno="89478">
<summary>
Send and receive virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virtual_places_server_packets" lineno="89494">
<summary>
Do not audit attempts to send and receive virtual_places_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virtual_places_server_packets" lineno="89509">
<summary>
Relabel packets to virtual_places_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_virt_migration_port" lineno="89531">
<summary>
Send and receive TCP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_virt_migration_port" lineno="89546">
<summary>
Send UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_virt_migration_port" lineno="89561">
<summary>
Do not audit attempts to send UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_virt_migration_port" lineno="89576">
<summary>
Receive UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_virt_migration_port" lineno="89591">
<summary>
Do not audit attempts to receive UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_virt_migration_port" lineno="89606">
<summary>
Send and receive UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_virt_migration_port" lineno="89622">
<summary>
Do not audit attempts to send and receive
UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_virt_migration_port" lineno="89637">
<summary>
Bind TCP sockets to the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_virt_migration_port" lineno="89657">
<summary>
Bind UDP sockets to the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_virt_migration_port" lineno="89676">
<summary>
Make a TCP connection to the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_migration_client_packets" lineno="89696">
<summary>
Send virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_migration_client_packets" lineno="89715">
<summary>
Do not audit attempts to send virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_migration_client_packets" lineno="89734">
<summary>
Receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_migration_client_packets" lineno="89753">
<summary>
Do not audit attempts to receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_migration_client_packets" lineno="89772">
<summary>
Send and receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_migration_client_packets" lineno="89788">
<summary>
Do not audit attempts to send and receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_migration_client_packets" lineno="89803">
<summary>
Relabel packets to virt_migration_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_migration_server_packets" lineno="89823">
<summary>
Send virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_migration_server_packets" lineno="89842">
<summary>
Do not audit attempts to send virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_migration_server_packets" lineno="89861">
<summary>
Receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_migration_server_packets" lineno="89880">
<summary>
Do not audit attempts to receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_migration_server_packets" lineno="89899">
<summary>
Send and receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_migration_server_packets" lineno="89915">
<summary>
Do not audit attempts to send and receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_migration_server_packets" lineno="89930">
<summary>
Relabel packets to virt_migration_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_vnc_port" lineno="89952">
<summary>
Send and receive TCP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_vnc_port" lineno="89967">
<summary>
Send UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_vnc_port" lineno="89982">
<summary>
Do not audit attempts to send UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_vnc_port" lineno="89997">
<summary>
Receive UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_vnc_port" lineno="90012">
<summary>
Do not audit attempts to receive UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_vnc_port" lineno="90027">
<summary>
Send and receive UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_vnc_port" lineno="90043">
<summary>
Do not audit attempts to send and receive
UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_vnc_port" lineno="90058">
<summary>
Bind TCP sockets to the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_vnc_port" lineno="90078">
<summary>
Bind UDP sockets to the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_vnc_port" lineno="90097">
<summary>
Make a TCP connection to the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_vnc_client_packets" lineno="90117">
<summary>
Send vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_vnc_client_packets" lineno="90136">
<summary>
Do not audit attempts to send vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_vnc_client_packets" lineno="90155">
<summary>
Receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_vnc_client_packets" lineno="90174">
<summary>
Do not audit attempts to receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_vnc_client_packets" lineno="90193">
<summary>
Send and receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_vnc_client_packets" lineno="90209">
<summary>
Do not audit attempts to send and receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_vnc_client_packets" lineno="90224">
<summary>
Relabel packets to vnc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_vnc_server_packets" lineno="90244">
<summary>
Send vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_vnc_server_packets" lineno="90263">
<summary>
Do not audit attempts to send vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_vnc_server_packets" lineno="90282">
<summary>
Receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_vnc_server_packets" lineno="90301">
<summary>
Do not audit attempts to receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_vnc_server_packets" lineno="90320">
<summary>
Send and receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_vnc_server_packets" lineno="90336">
<summary>
Do not audit attempts to send and receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_vnc_server_packets" lineno="90351">
<summary>
Relabel packets to vnc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_wccp_port" lineno="90373">
<summary>
Send and receive TCP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_wccp_port" lineno="90388">
<summary>
Send UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_wccp_port" lineno="90403">
<summary>
Do not audit attempts to send UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_wccp_port" lineno="90418">
<summary>
Receive UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_wccp_port" lineno="90433">
<summary>
Do not audit attempts to receive UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_wccp_port" lineno="90448">
<summary>
Send and receive UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_wccp_port" lineno="90464">
<summary>
Do not audit attempts to send and receive
UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_wccp_port" lineno="90479">
<summary>
Bind TCP sockets to the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_wccp_port" lineno="90499">
<summary>
Bind UDP sockets to the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_wccp_port" lineno="90518">
<summary>
Make a TCP connection to the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wccp_client_packets" lineno="90538">
<summary>
Send wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wccp_client_packets" lineno="90557">
<summary>
Do not audit attempts to send wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wccp_client_packets" lineno="90576">
<summary>
Receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wccp_client_packets" lineno="90595">
<summary>
Do not audit attempts to receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wccp_client_packets" lineno="90614">
<summary>
Send and receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wccp_client_packets" lineno="90630">
<summary>
Do not audit attempts to send and receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wccp_client_packets" lineno="90645">
<summary>
Relabel packets to wccp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wccp_server_packets" lineno="90665">
<summary>
Send wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wccp_server_packets" lineno="90684">
<summary>
Do not audit attempts to send wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wccp_server_packets" lineno="90703">
<summary>
Receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wccp_server_packets" lineno="90722">
<summary>
Do not audit attempts to receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wccp_server_packets" lineno="90741">
<summary>
Send and receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wccp_server_packets" lineno="90757">
<summary>
Do not audit attempts to send and receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wccp_server_packets" lineno="90772">
<summary>
Relabel packets to wccp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_websm_port" lineno="90794">
<summary>
Send and receive TCP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_websm_port" lineno="90809">
<summary>
Send UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_websm_port" lineno="90824">
<summary>
Do not audit attempts to send UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_websm_port" lineno="90839">
<summary>
Receive UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_websm_port" lineno="90854">
<summary>
Do not audit attempts to receive UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_websm_port" lineno="90869">
<summary>
Send and receive UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_websm_port" lineno="90885">
<summary>
Do not audit attempts to send and receive
UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_websm_port" lineno="90900">
<summary>
Bind TCP sockets to the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_websm_port" lineno="90920">
<summary>
Bind UDP sockets to the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_websm_port" lineno="90939">
<summary>
Make a TCP connection to the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_websm_client_packets" lineno="90959">
<summary>
Send websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_websm_client_packets" lineno="90978">
<summary>
Do not audit attempts to send websm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_websm_client_packets" lineno="90997">
<summary>
Receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_websm_client_packets" lineno="91016">
<summary>
Do not audit attempts to receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_websm_client_packets" lineno="91035">
<summary>
Send and receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_websm_client_packets" lineno="91051">
<summary>
Do not audit attempts to send and receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_websm_client_packets" lineno="91066">
<summary>
Relabel packets to websm_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_websm_server_packets" lineno="91086">
<summary>
Send websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_websm_server_packets" lineno="91105">
<summary>
Do not audit attempts to send websm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_websm_server_packets" lineno="91124">
<summary>
Receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_websm_server_packets" lineno="91143">
<summary>
Do not audit attempts to receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_websm_server_packets" lineno="91162">
<summary>
Send and receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_websm_server_packets" lineno="91178">
<summary>
Do not audit attempts to send and receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_websm_server_packets" lineno="91193">
<summary>
Relabel packets to websm_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_whois_port" lineno="91215">
<summary>
Send and receive TCP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_whois_port" lineno="91230">
<summary>
Send UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_whois_port" lineno="91245">
<summary>
Do not audit attempts to send UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_whois_port" lineno="91260">
<summary>
Receive UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_whois_port" lineno="91275">
<summary>
Do not audit attempts to receive UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_whois_port" lineno="91290">
<summary>
Send and receive UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_whois_port" lineno="91306">
<summary>
Do not audit attempts to send and receive
UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_whois_port" lineno="91321">
<summary>
Bind TCP sockets to the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_whois_port" lineno="91341">
<summary>
Bind UDP sockets to the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_whois_port" lineno="91360">
<summary>
Make a TCP connection to the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_whois_client_packets" lineno="91380">
<summary>
Send whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_whois_client_packets" lineno="91399">
<summary>
Do not audit attempts to send whois_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_whois_client_packets" lineno="91418">
<summary>
Receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_whois_client_packets" lineno="91437">
<summary>
Do not audit attempts to receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_whois_client_packets" lineno="91456">
<summary>
Send and receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_whois_client_packets" lineno="91472">
<summary>
Do not audit attempts to send and receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_whois_client_packets" lineno="91487">
<summary>
Relabel packets to whois_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_whois_server_packets" lineno="91507">
<summary>
Send whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_whois_server_packets" lineno="91526">
<summary>
Do not audit attempts to send whois_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_whois_server_packets" lineno="91545">
<summary>
Receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_whois_server_packets" lineno="91564">
<summary>
Do not audit attempts to receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_whois_server_packets" lineno="91583">
<summary>
Send and receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_whois_server_packets" lineno="91599">
<summary>
Do not audit attempts to send and receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_whois_server_packets" lineno="91614">
<summary>
Relabel packets to whois_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_winshadow_port" lineno="91636">
<summary>
Send and receive TCP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_winshadow_port" lineno="91651">
<summary>
Send UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_winshadow_port" lineno="91666">
<summary>
Do not audit attempts to send UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_winshadow_port" lineno="91681">
<summary>
Receive UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_winshadow_port" lineno="91696">
<summary>
Do not audit attempts to receive UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_winshadow_port" lineno="91711">
<summary>
Send and receive UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_winshadow_port" lineno="91727">
<summary>
Do not audit attempts to send and receive
UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_winshadow_port" lineno="91742">
<summary>
Bind TCP sockets to the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_winshadow_port" lineno="91762">
<summary>
Bind UDP sockets to the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_winshadow_port" lineno="91781">
<summary>
Make a TCP connection to the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_winshadow_client_packets" lineno="91801">
<summary>
Send winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_winshadow_client_packets" lineno="91820">
<summary>
Do not audit attempts to send winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_winshadow_client_packets" lineno="91839">
<summary>
Receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_winshadow_client_packets" lineno="91858">
<summary>
Do not audit attempts to receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_winshadow_client_packets" lineno="91877">
<summary>
Send and receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_winshadow_client_packets" lineno="91893">
<summary>
Do not audit attempts to send and receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_winshadow_client_packets" lineno="91908">
<summary>
Relabel packets to winshadow_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_winshadow_server_packets" lineno="91928">
<summary>
Send winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_winshadow_server_packets" lineno="91947">
<summary>
Do not audit attempts to send winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_winshadow_server_packets" lineno="91966">
<summary>
Receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_winshadow_server_packets" lineno="91985">
<summary>
Do not audit attempts to receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_winshadow_server_packets" lineno="92004">
<summary>
Send and receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_winshadow_server_packets" lineno="92020">
<summary>
Do not audit attempts to send and receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_winshadow_server_packets" lineno="92035">
<summary>
Relabel packets to winshadow_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_wsdapi_port" lineno="92057">
<summary>
Send and receive TCP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_wsdapi_port" lineno="92072">
<summary>
Send UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_wsdapi_port" lineno="92087">
<summary>
Do not audit attempts to send UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_wsdapi_port" lineno="92102">
<summary>
Receive UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_wsdapi_port" lineno="92117">
<summary>
Do not audit attempts to receive UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_wsdapi_port" lineno="92132">
<summary>
Send and receive UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_wsdapi_port" lineno="92148">
<summary>
Do not audit attempts to send and receive
UDP traffic on the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_wsdapi_port" lineno="92163">
<summary>
Bind TCP sockets to the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_wsdapi_port" lineno="92183">
<summary>
Bind UDP sockets to the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_wsdapi_port" lineno="92202">
<summary>
Make a TCP connection to the wsdapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wsdapi_client_packets" lineno="92222">
<summary>
Send wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wsdapi_client_packets" lineno="92241">
<summary>
Do not audit attempts to send wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wsdapi_client_packets" lineno="92260">
<summary>
Receive wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wsdapi_client_packets" lineno="92279">
<summary>
Do not audit attempts to receive wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wsdapi_client_packets" lineno="92298">
<summary>
Send and receive wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wsdapi_client_packets" lineno="92314">
<summary>
Do not audit attempts to send and receive wsdapi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wsdapi_client_packets" lineno="92329">
<summary>
Relabel packets to wsdapi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wsdapi_server_packets" lineno="92349">
<summary>
Send wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wsdapi_server_packets" lineno="92368">
<summary>
Do not audit attempts to send wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wsdapi_server_packets" lineno="92387">
<summary>
Receive wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wsdapi_server_packets" lineno="92406">
<summary>
Do not audit attempts to receive wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wsdapi_server_packets" lineno="92425">
<summary>
Send and receive wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wsdapi_server_packets" lineno="92441">
<summary>
Do not audit attempts to send and receive wsdapi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wsdapi_server_packets" lineno="92456">
<summary>
Relabel packets to wsdapi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_wsicopy_port" lineno="92478">
<summary>
Send and receive TCP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_wsicopy_port" lineno="92493">
<summary>
Send UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_wsicopy_port" lineno="92508">
<summary>
Do not audit attempts to send UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_wsicopy_port" lineno="92523">
<summary>
Receive UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_wsicopy_port" lineno="92538">
<summary>
Do not audit attempts to receive UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_wsicopy_port" lineno="92553">
<summary>
Send and receive UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_wsicopy_port" lineno="92569">
<summary>
Do not audit attempts to send and receive
UDP traffic on the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_wsicopy_port" lineno="92584">
<summary>
Bind TCP sockets to the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_wsicopy_port" lineno="92604">
<summary>
Bind UDP sockets to the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_wsicopy_port" lineno="92623">
<summary>
Make a TCP connection to the wsicopy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wsicopy_client_packets" lineno="92643">
<summary>
Send wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wsicopy_client_packets" lineno="92662">
<summary>
Do not audit attempts to send wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wsicopy_client_packets" lineno="92681">
<summary>
Receive wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wsicopy_client_packets" lineno="92700">
<summary>
Do not audit attempts to receive wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wsicopy_client_packets" lineno="92719">
<summary>
Send and receive wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wsicopy_client_packets" lineno="92735">
<summary>
Do not audit attempts to send and receive wsicopy_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wsicopy_client_packets" lineno="92750">
<summary>
Relabel packets to wsicopy_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wsicopy_server_packets" lineno="92770">
<summary>
Send wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wsicopy_server_packets" lineno="92789">
<summary>
Do not audit attempts to send wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wsicopy_server_packets" lineno="92808">
<summary>
Receive wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wsicopy_server_packets" lineno="92827">
<summary>
Do not audit attempts to receive wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wsicopy_server_packets" lineno="92846">
<summary>
Send and receive wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wsicopy_server_packets" lineno="92862">
<summary>
Do not audit attempts to send and receive wsicopy_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wsicopy_server_packets" lineno="92877">
<summary>
Relabel packets to wsicopy_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xdmcp_port" lineno="92899">
<summary>
Send and receive TCP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xdmcp_port" lineno="92914">
<summary>
Send UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xdmcp_port" lineno="92929">
<summary>
Do not audit attempts to send UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xdmcp_port" lineno="92944">
<summary>
Receive UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xdmcp_port" lineno="92959">
<summary>
Do not audit attempts to receive UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xdmcp_port" lineno="92974">
<summary>
Send and receive UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xdmcp_port" lineno="92990">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xdmcp_port" lineno="93005">
<summary>
Bind TCP sockets to the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xdmcp_port" lineno="93025">
<summary>
Bind UDP sockets to the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xdmcp_port" lineno="93044">
<summary>
Make a TCP connection to the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xdmcp_client_packets" lineno="93064">
<summary>
Send xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xdmcp_client_packets" lineno="93083">
<summary>
Do not audit attempts to send xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xdmcp_client_packets" lineno="93102">
<summary>
Receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xdmcp_client_packets" lineno="93121">
<summary>
Do not audit attempts to receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xdmcp_client_packets" lineno="93140">
<summary>
Send and receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xdmcp_client_packets" lineno="93156">
<summary>
Do not audit attempts to send and receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xdmcp_client_packets" lineno="93171">
<summary>
Relabel packets to xdmcp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xdmcp_server_packets" lineno="93191">
<summary>
Send xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xdmcp_server_packets" lineno="93210">
<summary>
Do not audit attempts to send xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xdmcp_server_packets" lineno="93229">
<summary>
Receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xdmcp_server_packets" lineno="93248">
<summary>
Do not audit attempts to receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xdmcp_server_packets" lineno="93267">
<summary>
Send and receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xdmcp_server_packets" lineno="93283">
<summary>
Do not audit attempts to send and receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xdmcp_server_packets" lineno="93298">
<summary>
Relabel packets to xdmcp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xen_port" lineno="93320">
<summary>
Send and receive TCP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xen_port" lineno="93335">
<summary>
Send UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xen_port" lineno="93350">
<summary>
Do not audit attempts to send UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xen_port" lineno="93365">
<summary>
Receive UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xen_port" lineno="93380">
<summary>
Do not audit attempts to receive UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xen_port" lineno="93395">
<summary>
Send and receive UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xen_port" lineno="93411">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xen_port" lineno="93426">
<summary>
Bind TCP sockets to the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xen_port" lineno="93446">
<summary>
Bind UDP sockets to the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xen_port" lineno="93465">
<summary>
Make a TCP connection to the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xen_client_packets" lineno="93485">
<summary>
Send xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xen_client_packets" lineno="93504">
<summary>
Do not audit attempts to send xen_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xen_client_packets" lineno="93523">
<summary>
Receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xen_client_packets" lineno="93542">
<summary>
Do not audit attempts to receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xen_client_packets" lineno="93561">
<summary>
Send and receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xen_client_packets" lineno="93577">
<summary>
Do not audit attempts to send and receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xen_client_packets" lineno="93592">
<summary>
Relabel packets to xen_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xen_server_packets" lineno="93612">
<summary>
Send xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xen_server_packets" lineno="93631">
<summary>
Do not audit attempts to send xen_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xen_server_packets" lineno="93650">
<summary>
Receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xen_server_packets" lineno="93669">
<summary>
Do not audit attempts to receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xen_server_packets" lineno="93688">
<summary>
Send and receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xen_server_packets" lineno="93704">
<summary>
Do not audit attempts to send and receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xen_server_packets" lineno="93719">
<summary>
Relabel packets to xen_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xfs_port" lineno="93741">
<summary>
Send and receive TCP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xfs_port" lineno="93756">
<summary>
Send UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xfs_port" lineno="93771">
<summary>
Do not audit attempts to send UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xfs_port" lineno="93786">
<summary>
Receive UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xfs_port" lineno="93801">
<summary>
Do not audit attempts to receive UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xfs_port" lineno="93816">
<summary>
Send and receive UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xfs_port" lineno="93832">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xfs_port" lineno="93847">
<summary>
Bind TCP sockets to the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xfs_port" lineno="93867">
<summary>
Bind UDP sockets to the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xfs_port" lineno="93886">
<summary>
Make a TCP connection to the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xfs_client_packets" lineno="93906">
<summary>
Send xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xfs_client_packets" lineno="93925">
<summary>
Do not audit attempts to send xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xfs_client_packets" lineno="93944">
<summary>
Receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xfs_client_packets" lineno="93963">
<summary>
Do not audit attempts to receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xfs_client_packets" lineno="93982">
<summary>
Send and receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xfs_client_packets" lineno="93998">
<summary>
Do not audit attempts to send and receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xfs_client_packets" lineno="94013">
<summary>
Relabel packets to xfs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xfs_server_packets" lineno="94033">
<summary>
Send xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xfs_server_packets" lineno="94052">
<summary>
Do not audit attempts to send xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xfs_server_packets" lineno="94071">
<summary>
Receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xfs_server_packets" lineno="94090">
<summary>
Do not audit attempts to receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xfs_server_packets" lineno="94109">
<summary>
Send and receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xfs_server_packets" lineno="94125">
<summary>
Do not audit attempts to send and receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xfs_server_packets" lineno="94140">
<summary>
Relabel packets to xfs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xserver_port" lineno="94162">
<summary>
Send and receive TCP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xserver_port" lineno="94177">
<summary>
Send UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xserver_port" lineno="94192">
<summary>
Do not audit attempts to send UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xserver_port" lineno="94207">
<summary>
Receive UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xserver_port" lineno="94222">
<summary>
Do not audit attempts to receive UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xserver_port" lineno="94237">
<summary>
Send and receive UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xserver_port" lineno="94253">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xserver_port" lineno="94268">
<summary>
Bind TCP sockets to the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xserver_port" lineno="94288">
<summary>
Bind UDP sockets to the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xserver_port" lineno="94307">
<summary>
Make a TCP connection to the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xserver_client_packets" lineno="94327">
<summary>
Send xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xserver_client_packets" lineno="94346">
<summary>
Do not audit attempts to send xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xserver_client_packets" lineno="94365">
<summary>
Receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xserver_client_packets" lineno="94384">
<summary>
Do not audit attempts to receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xserver_client_packets" lineno="94403">
<summary>
Send and receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xserver_client_packets" lineno="94419">
<summary>
Do not audit attempts to send and receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xserver_client_packets" lineno="94434">
<summary>
Relabel packets to xserver_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xserver_server_packets" lineno="94454">
<summary>
Send xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xserver_server_packets" lineno="94473">
<summary>
Do not audit attempts to send xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xserver_server_packets" lineno="94492">
<summary>
Receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xserver_server_packets" lineno="94511">
<summary>
Do not audit attempts to receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xserver_server_packets" lineno="94530">
<summary>
Send and receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xserver_server_packets" lineno="94546">
<summary>
Do not audit attempts to send and receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xserver_server_packets" lineno="94561">
<summary>
Relabel packets to xserver_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zarafa_port" lineno="94583">
<summary>
Send and receive TCP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zarafa_port" lineno="94598">
<summary>
Send UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zarafa_port" lineno="94613">
<summary>
Do not audit attempts to send UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zarafa_port" lineno="94628">
<summary>
Receive UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zarafa_port" lineno="94643">
<summary>
Do not audit attempts to receive UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zarafa_port" lineno="94658">
<summary>
Send and receive UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zarafa_port" lineno="94674">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zarafa_port" lineno="94689">
<summary>
Bind TCP sockets to the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zarafa_port" lineno="94709">
<summary>
Bind UDP sockets to the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zarafa_port" lineno="94728">
<summary>
Make a TCP connection to the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zarafa_client_packets" lineno="94748">
<summary>
Send zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zarafa_client_packets" lineno="94767">
<summary>
Do not audit attempts to send zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zarafa_client_packets" lineno="94786">
<summary>
Receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zarafa_client_packets" lineno="94805">
<summary>
Do not audit attempts to receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zarafa_client_packets" lineno="94824">
<summary>
Send and receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zarafa_client_packets" lineno="94840">
<summary>
Do not audit attempts to send and receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zarafa_client_packets" lineno="94855">
<summary>
Relabel packets to zarafa_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zarafa_server_packets" lineno="94875">
<summary>
Send zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zarafa_server_packets" lineno="94894">
<summary>
Do not audit attempts to send zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zarafa_server_packets" lineno="94913">
<summary>
Receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zarafa_server_packets" lineno="94932">
<summary>
Do not audit attempts to receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zarafa_server_packets" lineno="94951">
<summary>
Send and receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zarafa_server_packets" lineno="94967">
<summary>
Do not audit attempts to send and receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zarafa_server_packets" lineno="94982">
<summary>
Relabel packets to zarafa_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zabbix_port" lineno="95004">
<summary>
Send and receive TCP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zabbix_port" lineno="95019">
<summary>
Send UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zabbix_port" lineno="95034">
<summary>
Do not audit attempts to send UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zabbix_port" lineno="95049">
<summary>
Receive UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zabbix_port" lineno="95064">
<summary>
Do not audit attempts to receive UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zabbix_port" lineno="95079">
<summary>
Send and receive UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zabbix_port" lineno="95095">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zabbix_port" lineno="95110">
<summary>
Bind TCP sockets to the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zabbix_port" lineno="95130">
<summary>
Bind UDP sockets to the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zabbix_port" lineno="95149">
<summary>
Make a TCP connection to the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_client_packets" lineno="95169">
<summary>
Send zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_client_packets" lineno="95188">
<summary>
Do not audit attempts to send zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_client_packets" lineno="95207">
<summary>
Receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_client_packets" lineno="95226">
<summary>
Do not audit attempts to receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_client_packets" lineno="95245">
<summary>
Send and receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_client_packets" lineno="95261">
<summary>
Do not audit attempts to send and receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_client_packets" lineno="95276">
<summary>
Relabel packets to zabbix_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_server_packets" lineno="95296">
<summary>
Send zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_server_packets" lineno="95315">
<summary>
Do not audit attempts to send zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_server_packets" lineno="95334">
<summary>
Receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_server_packets" lineno="95353">
<summary>
Do not audit attempts to receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_server_packets" lineno="95372">
<summary>
Send and receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_server_packets" lineno="95388">
<summary>
Do not audit attempts to send and receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_server_packets" lineno="95403">
<summary>
Relabel packets to zabbix_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zabbix_agent_port" lineno="95425">
<summary>
Send and receive TCP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zabbix_agent_port" lineno="95440">
<summary>
Send UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zabbix_agent_port" lineno="95455">
<summary>
Do not audit attempts to send UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zabbix_agent_port" lineno="95470">
<summary>
Receive UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zabbix_agent_port" lineno="95485">
<summary>
Do not audit attempts to receive UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zabbix_agent_port" lineno="95500">
<summary>
Send and receive UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zabbix_agent_port" lineno="95516">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zabbix_agent_port" lineno="95531">
<summary>
Bind TCP sockets to the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zabbix_agent_port" lineno="95551">
<summary>
Bind UDP sockets to the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zabbix_agent_port" lineno="95570">
<summary>
Make a TCP connection to the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_agent_client_packets" lineno="95590">
<summary>
Send zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_agent_client_packets" lineno="95609">
<summary>
Do not audit attempts to send zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_agent_client_packets" lineno="95628">
<summary>
Receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_agent_client_packets" lineno="95647">
<summary>
Do not audit attempts to receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_agent_client_packets" lineno="95666">
<summary>
Send and receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_agent_client_packets" lineno="95682">
<summary>
Do not audit attempts to send and receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_agent_client_packets" lineno="95697">
<summary>
Relabel packets to zabbix_agent_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_agent_server_packets" lineno="95717">
<summary>
Send zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_agent_server_packets" lineno="95736">
<summary>
Do not audit attempts to send zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_agent_server_packets" lineno="95755">
<summary>
Receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_agent_server_packets" lineno="95774">
<summary>
Do not audit attempts to receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_agent_server_packets" lineno="95793">
<summary>
Send and receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_agent_server_packets" lineno="95809">
<summary>
Do not audit attempts to send and receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_agent_server_packets" lineno="95824">
<summary>
Relabel packets to zabbix_agent_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zookeeper_client_port" lineno="95846">
<summary>
Send and receive TCP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zookeeper_client_port" lineno="95861">
<summary>
Send UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zookeeper_client_port" lineno="95876">
<summary>
Do not audit attempts to send UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zookeeper_client_port" lineno="95891">
<summary>
Receive UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zookeeper_client_port" lineno="95906">
<summary>
Do not audit attempts to receive UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zookeeper_client_port" lineno="95921">
<summary>
Send and receive UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_client_port" lineno="95937">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zookeeper_client_port" lineno="95952">
<summary>
Bind TCP sockets to the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zookeeper_client_port" lineno="95972">
<summary>
Bind UDP sockets to the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zookeeper_client_port" lineno="95991">
<summary>
Make a TCP connection to the zookeeper_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_client_client_packets" lineno="96011">
<summary>
Send zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_client_client_packets" lineno="96030">
<summary>
Do not audit attempts to send zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_client_client_packets" lineno="96049">
<summary>
Receive zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_client_client_packets" lineno="96068">
<summary>
Do not audit attempts to receive zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_client_client_packets" lineno="96087">
<summary>
Send and receive zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_client_client_packets" lineno="96103">
<summary>
Do not audit attempts to send and receive zookeeper_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_client_client_packets" lineno="96118">
<summary>
Relabel packets to zookeeper_client_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_client_server_packets" lineno="96138">
<summary>
Send zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_client_server_packets" lineno="96157">
<summary>
Do not audit attempts to send zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_client_server_packets" lineno="96176">
<summary>
Receive zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_client_server_packets" lineno="96195">
<summary>
Do not audit attempts to receive zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_client_server_packets" lineno="96214">
<summary>
Send and receive zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_client_server_packets" lineno="96230">
<summary>
Do not audit attempts to send and receive zookeeper_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_client_server_packets" lineno="96245">
<summary>
Relabel packets to zookeeper_client_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zookeeper_election_port" lineno="96267">
<summary>
Send and receive TCP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zookeeper_election_port" lineno="96282">
<summary>
Send UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zookeeper_election_port" lineno="96297">
<summary>
Do not audit attempts to send UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zookeeper_election_port" lineno="96312">
<summary>
Receive UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zookeeper_election_port" lineno="96327">
<summary>
Do not audit attempts to receive UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zookeeper_election_port" lineno="96342">
<summary>
Send and receive UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_election_port" lineno="96358">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zookeeper_election_port" lineno="96373">
<summary>
Bind TCP sockets to the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zookeeper_election_port" lineno="96393">
<summary>
Bind UDP sockets to the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zookeeper_election_port" lineno="96412">
<summary>
Make a TCP connection to the zookeeper_election port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_election_client_packets" lineno="96432">
<summary>
Send zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_election_client_packets" lineno="96451">
<summary>
Do not audit attempts to send zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_election_client_packets" lineno="96470">
<summary>
Receive zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_election_client_packets" lineno="96489">
<summary>
Do not audit attempts to receive zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_election_client_packets" lineno="96508">
<summary>
Send and receive zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_election_client_packets" lineno="96524">
<summary>
Do not audit attempts to send and receive zookeeper_election_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_election_client_packets" lineno="96539">
<summary>
Relabel packets to zookeeper_election_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_election_server_packets" lineno="96559">
<summary>
Send zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_election_server_packets" lineno="96578">
<summary>
Do not audit attempts to send zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_election_server_packets" lineno="96597">
<summary>
Receive zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_election_server_packets" lineno="96616">
<summary>
Do not audit attempts to receive zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_election_server_packets" lineno="96635">
<summary>
Send and receive zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_election_server_packets" lineno="96651">
<summary>
Do not audit attempts to send and receive zookeeper_election_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_election_server_packets" lineno="96666">
<summary>
Relabel packets to zookeeper_election_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zookeeper_leader_port" lineno="96688">
<summary>
Send and receive TCP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zookeeper_leader_port" lineno="96703">
<summary>
Send UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zookeeper_leader_port" lineno="96718">
<summary>
Do not audit attempts to send UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zookeeper_leader_port" lineno="96733">
<summary>
Receive UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zookeeper_leader_port" lineno="96748">
<summary>
Do not audit attempts to receive UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zookeeper_leader_port" lineno="96763">
<summary>
Send and receive UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zookeeper_leader_port" lineno="96779">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zookeeper_leader_port" lineno="96794">
<summary>
Bind TCP sockets to the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zookeeper_leader_port" lineno="96814">
<summary>
Bind UDP sockets to the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zookeeper_leader_port" lineno="96833">
<summary>
Make a TCP connection to the zookeeper_leader port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_leader_client_packets" lineno="96853">
<summary>
Send zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_leader_client_packets" lineno="96872">
<summary>
Do not audit attempts to send zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_leader_client_packets" lineno="96891">
<summary>
Receive zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_leader_client_packets" lineno="96910">
<summary>
Do not audit attempts to receive zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_leader_client_packets" lineno="96929">
<summary>
Send and receive zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_leader_client_packets" lineno="96945">
<summary>
Do not audit attempts to send and receive zookeeper_leader_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_leader_client_packets" lineno="96960">
<summary>
Relabel packets to zookeeper_leader_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zookeeper_leader_server_packets" lineno="96980">
<summary>
Send zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zookeeper_leader_server_packets" lineno="96999">
<summary>
Do not audit attempts to send zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zookeeper_leader_server_packets" lineno="97018">
<summary>
Receive zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zookeeper_leader_server_packets" lineno="97037">
<summary>
Do not audit attempts to receive zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zookeeper_leader_server_packets" lineno="97056">
<summary>
Send and receive zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zookeeper_leader_server_packets" lineno="97072">
<summary>
Do not audit attempts to send and receive zookeeper_leader_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zookeeper_leader_server_packets" lineno="97087">
<summary>
Relabel packets to zookeeper_leader_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zebra_port" lineno="97109">
<summary>
Send and receive TCP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zebra_port" lineno="97124">
<summary>
Send UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zebra_port" lineno="97139">
<summary>
Do not audit attempts to send UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zebra_port" lineno="97154">
<summary>
Receive UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zebra_port" lineno="97169">
<summary>
Do not audit attempts to receive UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zebra_port" lineno="97184">
<summary>
Send and receive UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zebra_port" lineno="97200">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zebra_port" lineno="97215">
<summary>
Bind TCP sockets to the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zebra_port" lineno="97235">
<summary>
Bind UDP sockets to the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zebra_port" lineno="97254">
<summary>
Make a TCP connection to the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zebra_client_packets" lineno="97274">
<summary>
Send zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zebra_client_packets" lineno="97293">
<summary>
Do not audit attempts to send zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zebra_client_packets" lineno="97312">
<summary>
Receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zebra_client_packets" lineno="97331">
<summary>
Do not audit attempts to receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zebra_client_packets" lineno="97350">
<summary>
Send and receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zebra_client_packets" lineno="97366">
<summary>
Do not audit attempts to send and receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zebra_client_packets" lineno="97381">
<summary>
Relabel packets to zebra_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zebra_server_packets" lineno="97401">
<summary>
Send zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zebra_server_packets" lineno="97420">
<summary>
Do not audit attempts to send zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zebra_server_packets" lineno="97439">
<summary>
Receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zebra_server_packets" lineno="97458">
<summary>
Do not audit attempts to receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zebra_server_packets" lineno="97477">
<summary>
Send and receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zebra_server_packets" lineno="97493">
<summary>
Do not audit attempts to send and receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zebra_server_packets" lineno="97508">
<summary>
Relabel packets to zebra_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zented_port" lineno="97530">
<summary>
Send and receive TCP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zented_port" lineno="97545">
<summary>
Send UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zented_port" lineno="97560">
<summary>
Do not audit attempts to send UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zented_port" lineno="97575">
<summary>
Receive UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zented_port" lineno="97590">
<summary>
Do not audit attempts to receive UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zented_port" lineno="97605">
<summary>
Send and receive UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zented_port" lineno="97621">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zented_port" lineno="97636">
<summary>
Bind TCP sockets to the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zented_port" lineno="97656">
<summary>
Bind UDP sockets to the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zented_port" lineno="97675">
<summary>
Make a TCP connection to the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zented_client_packets" lineno="97695">
<summary>
Send zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zented_client_packets" lineno="97714">
<summary>
Do not audit attempts to send zented_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zented_client_packets" lineno="97733">
<summary>
Receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zented_client_packets" lineno="97752">
<summary>
Do not audit attempts to receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zented_client_packets" lineno="97771">
<summary>
Send and receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zented_client_packets" lineno="97787">
<summary>
Do not audit attempts to send and receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zented_client_packets" lineno="97802">
<summary>
Relabel packets to zented_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zented_server_packets" lineno="97822">
<summary>
Send zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zented_server_packets" lineno="97841">
<summary>
Do not audit attempts to send zented_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zented_server_packets" lineno="97860">
<summary>
Receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zented_server_packets" lineno="97879">
<summary>
Do not audit attempts to receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zented_server_packets" lineno="97898">
<summary>
Send and receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zented_server_packets" lineno="97914">
<summary>
Do not audit attempts to send and receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zented_server_packets" lineno="97929">
<summary>
Relabel packets to zented_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zope_port" lineno="97951">
<summary>
Send and receive TCP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zope_port" lineno="97966">
<summary>
Send UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zope_port" lineno="97981">
<summary>
Do not audit attempts to send UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zope_port" lineno="97996">
<summary>
Receive UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zope_port" lineno="98011">
<summary>
Do not audit attempts to receive UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zope_port" lineno="98026">
<summary>
Send and receive UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zope_port" lineno="98042">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zope_port" lineno="98057">
<summary>
Bind TCP sockets to the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zope_port" lineno="98077">
<summary>
Bind UDP sockets to the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zope_port" lineno="98096">
<summary>
Make a TCP connection to the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zope_client_packets" lineno="98116">
<summary>
Send zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zope_client_packets" lineno="98135">
<summary>
Do not audit attempts to send zope_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zope_client_packets" lineno="98154">
<summary>
Receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zope_client_packets" lineno="98173">
<summary>
Do not audit attempts to receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zope_client_packets" lineno="98192">
<summary>
Send and receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zope_client_packets" lineno="98208">
<summary>
Do not audit attempts to send and receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zope_client_packets" lineno="98223">
<summary>
Relabel packets to zope_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zope_server_packets" lineno="98243">
<summary>
Send zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zope_server_packets" lineno="98262">
<summary>
Do not audit attempts to send zope_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zope_server_packets" lineno="98281">
<summary>
Receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zope_server_packets" lineno="98300">
<summary>
Do not audit attempts to receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zope_server_packets" lineno="98319">
<summary>
Send and receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zope_server_packets" lineno="98335">
<summary>
Do not audit attempts to send and receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zope_server_packets" lineno="98350">
<summary>
Relabel packets to zope_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lo_if" lineno="98373">
<summary>
Send and receive TCP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lo_if" lineno="98392">
<summary>
Send UDP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_udp_receive_lo_if" lineno="98411">
<summary>
Receive UDP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_udp_sendrecv_lo_if" lineno="98430">
<summary>
Send and receive UDP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_raw_send_lo_if" lineno="98446">
<summary>
Send raw IP packets on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_raw_receive_lo_if" lineno="98465">
<summary>
Receive raw IP packets on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_raw_sendrecv_lo_if" lineno="98484">
<summary>
Send and receive raw IP packets on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
</module>
<module name="devices" filename="policy/modules/kernel/devices.if">
<summary>
Device nodes and interfaces for many basic system devices.
</summary>
<desc>
<p>
This module creates the device node concept and provides
the policy for many of the device files. Notable exceptions are
the mass storage and terminal devices that are covered by other
modules.
</p>
<p>
This module creates the concept of a device node. That is a
char or block device file, usually in /dev. All types that
are used to label device nodes should use the dev_node macro.
</p>
<p>
Additionally, this module controls access to three things:
<ul>
<li>the device directories containing device nodes</li>
<li>device nodes as a group</li>
<li>individual access to specific device nodes covered by
this module.</li>
</ul>
</p>
</desc>
<required val="true">
Depended on by other required modules.
</required>
<interface name="dev_node" lineno="66">
<summary>
Make the specified type usable for device
nodes in a filesystem.
</summary>
<desc>
<p>
Make the specified type usable for device nodes
in a filesystem.  Types used for device nodes that
do not use this interface, or an interface that
calls this one, will have unexpected behaviors
while the system is running.
</p>
<p>
Example:
</p>
<p>
type mydev_t;
dev_node(mydev_t)
allow mydomain_t mydev_t:chr_file read_chr_file_perms;
</p>
<p>
Related interfaces:
</p>
<ul>
<li>term_tty()</li>
<li>term_pty()</li>
</ul>
</desc>
<param name="type">
<summary>
Type to be used for device nodes.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="dev_associate" lineno="84">
<summary>
Associate the specified file type with device filesystem.
</summary>
<param name="file_type">
<summary>
The type of the file to be associated.
</summary>
</param>
</interface>
<interface name="dev_getattr_fs" lineno="103">
<summary>
Get attributes of device filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_watch_dev_dirs" lineno="121">
<summary>
Watch the directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_mounton" lineno="139">
<summary>
Mount a filesystem on /dev
</summary>
<param name="domain">
<summary>
Domain allow access.
</summary>
</param>
</interface>
<interface name="dev_relabel_all_dev_nodes" lineno="158">
<summary>
Allow full relabeling (to and from) of all device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_relabel_all_dev_files" lineno="184">
<summary>
Allow full relabeling (to and from) of all device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_list_all_dev_nodes" lineno="202">
<summary>
List all of the device nodes in a device directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_generic_dirs" lineno="221">
<summary>
Set the attributes of /dev directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_list_all_dev_nodes" lineno="239">
<summary>
Dontaudit attempts to list all device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_add_entry_generic_dirs" lineno="257">
<summary>
Add entries to directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_remove_entry_generic_dirs" lineno="275">
<summary>
Remove entries from directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_generic_dirs" lineno="293">
<summary>
Create a directory in the device directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_dirs" lineno="312">
<summary>
Delete a directory in the device directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_dirs" lineno="330">
<summary>
Manage of directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_generic_dev_dirs" lineno="348">
<summary>
Allow full relabeling (to and from) of directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_files" lineno="366">
<summary>
dontaudit getattr generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_generic_files" lineno="384">
<summary>
Read generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_generic_files" lineno="402">
<summary>
Read and write generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_files" lineno="420">
<summary>
Delete generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_files" lineno="438">
<summary>
Create a file in the device directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_pipes" lineno="456">
<summary>
Dontaudit getattr on generic pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_generic_sockets" lineno="474">
<summary>
Write generic socket files in /dev.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_getattr_generic_blk_files" lineno="492">
<summary>
Allow getattr on generic block devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_blk_files" lineno="510">
<summary>
Dontaudit getattr on generic block devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_generic_blk_files" lineno="529">
<summary>
Set the attributes on generic
block devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_generic_blk_files" lineno="547">
<summary>
Dontaudit setattr on generic block devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_create_generic_blk_files" lineno="565">
<summary>
Create generic block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_blk_files" lineno="583">
<summary>
Delete generic block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_generic_chr_files" lineno="601">
<summary>
Allow getattr for generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_chr_files" lineno="619">
<summary>
Dontaudit getattr for generic character device files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_generic_chr_files" lineno="638">
<summary>
Set the attributes for generic
character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_generic_chr_files" lineno="656">
<summary>
Dontaudit setattr for generic character device files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_generic_chr_files" lineno="674">
<summary>
Read generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_generic_chr_files" lineno="692">
<summary>
Read and write generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_generic_blk_files" lineno="710">
<summary>
Read and write generic block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_generic_chr_files" lineno="728">
<summary>
Dontaudit attempts to read/write generic character device files.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_create_generic_chr_files" lineno="746">
<summary>
Create generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_chr_files" lineno="764">
<summary>
Delete generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabelfrom_generic_chr_files" lineno="782">
<summary>
Relabel from generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_generic_symlinks" lineno="801">
<summary>
Do not audit attempts to set the attributes
of symbolic links in device directories (/dev).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_generic_symlinks" lineno="819">
<summary>
Read symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_generic_symlinks" lineno="837">
<summary>
Create symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_symlinks" lineno="855">
<summary>
Delete symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_symlinks" lineno="873">
<summary>
Create, delete, read, and write symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_generic_symlinks" lineno="891">
<summary>
Relabel symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_generic_sock_files" lineno="909">
<summary>
Write generic sock files in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_all_dev_nodes" lineno="927">
<summary>
Create, delete, read, and write device nodes in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_generic_dev_nodes" lineno="968">
<summary>
Dontaudit getattr for generic device files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_blk_files" lineno="986">
<summary>
Create, delete, read, and write block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_chr_files" lineno="1004">
<summary>
Create, delete, read, and write character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans" lineno="1039">
<summary>
Create, read, and write device nodes. The node
will be transitioned to the type provided.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file">
<summary>
Type to which the created node will be transitioned.
</summary>
</param>
<param name="objectclass(es)">
<summary>
Object class(es) (single or set including {}) for which this
the transition will occur.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_tmpfs_filetrans_dev" lineno="1074">
<summary>
Create, read, and write device nodes. The node
will be transitioned to the type provided.  This is
a temporary interface until devtmpfs functionality
fixed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="objectclass(es)">
<summary>
Object class(es) (single or set including {}) for which this
the transition will occur.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_getattr_all_blk_files" lineno="1093">
<summary>
Getattr on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_dontaudit_getattr_all_blk_files" lineno="1112">
<summary>
Dontaudit getattr on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_getattr_all_chr_files" lineno="1132">
<summary>
Getattr on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_dontaudit_getattr_all_chr_files" lineno="1151">
<summary>
Dontaudit getattr on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_all_blk_files" lineno="1171">
<summary>
Setattr on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_setattr_all_chr_files" lineno="1191">
<summary>
Setattr on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_dontaudit_read_all_blk_files" lineno="1210">
<summary>
Dontaudit read on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_all_blk_files" lineno="1228">
<summary>
Dontaudit write on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_all_chr_files" lineno="1246">
<summary>
Dontaudit read on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_all_chr_files" lineno="1264">
<summary>
Dontaudit write on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_create_all_blk_files" lineno="1282">
<summary>
Create all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_all_chr_files" lineno="1301">
<summary>
Create all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_all_blk_files" lineno="1320">
<summary>
Delete all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_all_chr_files" lineno="1339">
<summary>
Delete all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rename_all_blk_files" lineno="1358">
<summary>
Rename all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rename_all_chr_files" lineno="1377">
<summary>
Rename all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_all_blk_files" lineno="1396">
<summary>
Read, write, create, and delete all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_all_chr_files" lineno="1421">
<summary>
Read, write, create, and delete all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_acpi_bios_dev" lineno="1442">
<summary>
Get the attributes of the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_acpi_bios_dev" lineno="1461">
<summary>
Do not audit attempts to get the attributes of
the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_acpi_bios_dev" lineno="1479">
<summary>
Set the attributes of the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_acpi_bios_dev" lineno="1498">
<summary>
Do not audit attempts to set the attributes of
the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_acpi_bios" lineno="1516">
<summary>
Read and write the apm bios.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_agp_dev" lineno="1534">
<summary>
Getattr the agp devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_agp" lineno="1552">
<summary>
Read and write the agp devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_autofs_dev" lineno="1571">
<summary>
Get the attributes of the autofs device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_autofs_dev" lineno="1590">
<summary>
Do not audit attempts to get the attributes of
the autofs device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_autofs_dev" lineno="1608">
<summary>
Set the attributes of the autofs device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_autofs_dev" lineno="1627">
<summary>
Do not audit attempts to set the attributes of
the autofs device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_autofs" lineno="1645">
<summary>
Read and write the autofs device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_autofs_dev" lineno="1663">
<summary>
Relabel the autofs device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_cachefiles" lineno="1682">
<summary>
Read and write cachefiles character
device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_cardmgr" lineno="1700">
<summary>
Read and write the PCMCIA card manager device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_cardmgr" lineno="1719">
<summary>
Do not audit attempts to read and
write the PCMCIA card manager device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_create_cardmgr_dev" lineno="1739">
<summary>
Create, read, write, and delete
the PCMCIA card manager device
with the correct type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_cardmgr_dev" lineno="1759">
<summary>
Create, read, write, and delete
the PCMCIA card manager device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_cardmgr" lineno="1785">
<summary>
Automatic type transition to the type
for PCMCIA card manager device nodes when
created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_getattr_cpu_dev" lineno="1804">
<summary>
Get the attributes of the CPU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_cpu_dev" lineno="1823">
<summary>
Set the attributes of the CPU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_cpuid" lineno="1841">
<summary>
Read the CPU identity.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_cpu_microcode" lineno="1860">
<summary>
Read and write the the CPU microcode device. This
is required to load CPU microcode.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_crash" lineno="1878">
<summary>
Read the kernel crash device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_crypto" lineno="1896">
<summary>
Read and write the the hardware SSL accelerator.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_dlm_control" lineno="1914">
<summary>
Set the attributes of the dlm control devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_dlm_control" lineno="1932">
<summary>
Read and write the the dlm control device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_dri_dev" lineno="1950">
<summary>
getattr the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_dri_dev" lineno="1968">
<summary>
Setattr the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_ioctl_dri_dev" lineno="1986">
<summary>
IOCTL the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_dri" lineno="2004">
<summary>
Read and write the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_dri" lineno="2023">
<summary>
Dontaudit read and write on the dri devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_manage_dri_dev" lineno="2041">
<summary>
Create, read, write, and delete the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_dri" lineno="2066">
<summary>
Automatic type transition to the type
for DRI device nodes when created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_filetrans_input_dev" lineno="2090">
<summary>
Automatic type transition to the type
for event device nodes when created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_getattr_input_dev" lineno="2108">
<summary>
Get the attributes of the event devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_input_dev" lineno="2127">
<summary>
Set the attributes of the event devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_input" lineno="2146">
<summary>
Read input event devices (/dev/input).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_input_dev" lineno="2164">
<summary>
Read and write input event devices (/dev/input).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_input_dev" lineno="2182">
<summary>
Create, read, write, and delete input event devices (/dev/input).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_ioctl_input_dev" lineno="2200">
<summary>
IOCTL the input event devices (/dev/input).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_ipmi_dev" lineno="2218">
<summary>
Read and write ipmi devices (/dev/ipmi*).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_framebuffer_dev" lineno="2236">
<summary>
Get the attributes of the framebuffer device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_framebuffer_dev" lineno="2254">
<summary>
Set the attributes of the framebuffer device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_framebuffer_dev" lineno="2273">
<summary>
Dot not audit attempts to set the attributes
of the framebuffer device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_framebuffer" lineno="2291">
<summary>
Read the framebuffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_framebuffer" lineno="2309">
<summary>
Do not audit attempts to read the framebuffer.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_framebuffer" lineno="2327">
<summary>
Write the framebuffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_framebuffer" lineno="2345">
<summary>
Read and write the framebuffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_kmsg" lineno="2363">
<summary>
Read the kernel messages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_kmsg" lineno="2381">
<summary>
Do not audit attempts to read the kernel messages
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_kmsg" lineno="2399">
<summary>
Write to the kernel messages device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_kmsg" lineno="2417">
<summary>
Read and write to the kernel messages device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_mounton_kmsg" lineno="2435">
<summary>
Mount on the kernel messages device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_ksm_dev" lineno="2453">
<summary>
Get the attributes of the ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_ksm_dev" lineno="2471">
<summary>
Set the attributes of the ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_ksm" lineno="2489">
<summary>
Read the ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_ksm" lineno="2507">
<summary>
Read and write to ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_kvm_dev" lineno="2525">
<summary>
Get the attributes of the kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_kvm_dev" lineno="2543">
<summary>
Set the attributes of the kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_kvm" lineno="2561">
<summary>
Read the kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_kvm" lineno="2579">
<summary>
Read and write to kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_lirc" lineno="2597">
<summary>
Read the lirc device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_lirc" lineno="2615">
<summary>
Read and write the lirc device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_lirc" lineno="2639">
<summary>
Automatic type transition to the type
for lirc device nodes when created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_rw_loop_control" lineno="2657">
<summary>
Read and write the loop-control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_lvm_control" lineno="2675">
<summary>
Get the attributes of the lvm comtrol device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_lvm_control" lineno="2693">
<summary>
Read the lvm comtrol device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_lvm_control" lineno="2711">
<summary>
Read and write the lvm control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_lvm_control" lineno="2729">
<summary>
Do not audit attempts to read and write lvm control device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_delete_lvm_control_dev" lineno="2747">
<summary>
Delete the lvm control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_memory_dev" lineno="2765">
<summary>
dontaudit getattr raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_raw_memory" lineno="2786">
<summary>
Read raw memory devices (e.g. /dev/mem).
This is extremely dangerous as it can bypass the
SELinux protections, and should only be used by trusted
domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_raw_memory_cond" lineno="2816">
<summary>
Read raw memory devices (e.g. /dev/mem) if a tunable is set.
This is extremely dangerous as it can bypass the
SELinux protections, and should only be used by trusted
domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tunable">
<summary>
Tunable to depend on
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_raw_memory" lineno="2843">
<summary>
Do not audit attempts to read raw memory devices
(e.g. /dev/mem).
This is extremely dangerous as it can bypass the
SELinux protections, and should only be used by trusted
domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_raw_memory" lineno="2864">
<summary>
Write raw memory devices (e.g. /dev/mem).
This is extremely dangerous as it can bypass the
SELinux protections, and should only be used by trusted
domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_raw_memory_cond" lineno="2894">
<summary>
Write raw memory devices (e.g. /dev/mem) if a tunable is set.
This is extremely dangerous as it can bypass the
SELinux protections, and should only be used by trusted
domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tunable">
<summary>
Tunable to depend on
</summary>
</param>
</interface>
<interface name="dev_rx_raw_memory" lineno="2920">
<summary>
Read and execute raw memory devices (e.g. /dev/mem).
This is extremely dangerous as it can bypass the
SELinux protections, and should only be used by trusted
domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_wx_raw_memory" lineno="2942">
<summary>
Write and execute raw memory devices (e.g. /dev/mem).
This is extremely dangerous as it can bypass the
SELinux protections, and should only be used by trusted
domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_wx_raw_memory_cond" lineno="2969">
<summary>
Write and execute raw memory devices (e.g. /dev/mem) if a tunable is set.
This is extremely dangerous as it can bypass the
SELinux protections, and should only be used by trusted
domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tunable">
<summary>
Tunable to depend on
</summary>
</param>
</interface>
<interface name="dev_getattr_misc_dev" lineno="2992">
<summary>
Get the attributes of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_misc_dev" lineno="3011">
<summary>
Do not audit attempts to get the attributes
of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_misc_dev" lineno="3029">
<summary>
Set the attributes of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_misc_dev" lineno="3048">
<summary>
Do not audit attempts to set the attributes
of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_misc" lineno="3066">
<summary>
Read miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_misc" lineno="3084">
<summary>
Write miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_misc" lineno="3102">
<summary>
Do not audit attempts to read and write miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_modem_dev" lineno="3120">
<summary>
Get the attributes of the modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_modem_dev" lineno="3138">
<summary>
Set the attributes of the modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_modem" lineno="3156">
<summary>
Read the modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_modem" lineno="3174">
<summary>
Read and write to modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_mouse_dev" lineno="3192">
<summary>
Get the attributes of the mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_mouse_dev" lineno="3210">
<summary>
Set the attributes of the mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_mouse" lineno="3228">
<summary>
Read the mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_mouse" lineno="3246">
<summary>
Read and write to mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_mtrr_dev" lineno="3265">
<summary>
Get the attributes of the memory type range
registers (MTRR) device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_mtrr" lineno="3285">
<summary>
Do not audit attempts to write the memory type
range registers (MTRR).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_mtrr" lineno="3304">
<summary>
Read and write the memory type range registers (MTRR).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_netcontrol_dev" lineno="3323">
<summary>
Get the attributes of the network control device  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_netcontrol" lineno="3338">
<summary>
Read the network control identity.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_netcontrol" lineno="3353">
<summary>
Read and write the the network control device.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_null_dev" lineno="3368">
<summary>
Get the attributes of the null device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_null_dev" lineno="3386">
<summary>
Set the attributes of the null device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_null" lineno="3404">
<summary>
Delete the null device (/dev/null).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_null" lineno="3422">
<summary>
Read and write to the null device (/dev/null).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_null_dev" lineno="3440">
<summary>
Create the null device (/dev/null).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_null_service" lineno="3459">
<summary>
Manage services with script type null_device_t for when
/lib/systemd/system/something.service is a link to /dev/null
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_nvram_dev" lineno="3479">
<summary>
Do not audit attempts to get the attributes
of the BIOS non-volatile RAM device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_nvram" lineno="3497">
<summary>
Read and write BIOS non-volatile RAM.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_printer_dev" lineno="3515">
<summary>
Get the attributes of the printer device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_printer_dev" lineno="3533">
<summary>
Set the attributes of the printer device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_append_printer" lineno="3552">
<summary>
Append the printer device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_printer" lineno="3570">
<summary>
Read and write the printer device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_pmqos_dev" lineno="3588">
<summary>
Get the attributes of PM QoS devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_pmqos" lineno="3606">
<summary>
Read the PM QoS devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_pmqos" lineno="3624">
<summary>
Read and write the the PM QoS devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_qemu_dev" lineno="3643">
<summary>
Get the attributes of the QEMU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_qemu_dev" lineno="3662">
<summary>
Set the attributes of the QEMU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_qemu" lineno="3680">
<summary>
Read the QEMU device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_qemu" lineno="3698">
<summary>
Read and write the the QEMU device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_rand" lineno="3732">
<summary>
Read from random number generator
devices (e.g., /dev/random).
</summary>
<desc>
<p>
Allow the specified domain to read from random number
generator devices (e.g., /dev/random).  Typically this is
used in situations when a cryptographically secure random
number is needed.
</p>
<p>
Related interface:
</p>
<ul>
<li>dev_read_urand()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="dev_dontaudit_read_rand" lineno="3751">
<summary>
Do not audit attempts to read from random
number generator devices (e.g., /dev/random)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_append_rand" lineno="3770">
<summary>
Do not audit attempts to append to random
number generator devices (e.g., /dev/random)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_rand" lineno="3790">
<summary>
Write to the random device (e.g., /dev/random). This adds
entropy used to generate the random data read from the
random device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_rand_dev" lineno="3808">
<summary>
Create the random device (/dev/random).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_realtime_clock" lineno="3826">
<summary>
Read the realtime clock (/dev/rtc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_realtime_clock" lineno="3844">
<summary>
Set the realtime clock (/dev/rtc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_realtime_clock" lineno="3864">
<summary>
Read and set the realtime clock (/dev/rtc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_scanner_dev" lineno="3879">
<summary>
Get the attributes of the scanner device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_scanner_dev" lineno="3898">
<summary>
Do not audit attempts to get the attributes of
the scanner device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_scanner_dev" lineno="3916">
<summary>
Set the attributes of the scanner device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_scanner_dev" lineno="3935">
<summary>
Do not audit attempts to set the attributes of
the scanner device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_scanner" lineno="3953">
<summary>
Read and write the scanner device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_sound_dev" lineno="3971">
<summary>
Get the attributes of the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_sound_dev" lineno="3989">
<summary>
Set the attributes of the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_sound" lineno="4007">
<summary>
Read the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_sound" lineno="4026">
<summary>
Write the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_sound_mixer" lineno="4045">
<summary>
Read the sound mixer devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_sound_mixer" lineno="4064">
<summary>
Write the sound mixer devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_power_mgmt_dev" lineno="4083">
<summary>
Get the attributes of the the power management device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_power_mgmt_dev" lineno="4101">
<summary>
Set the attributes of the the power management device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_power_management" lineno="4119">
<summary>
Read and write the the power management device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_smartcard_dev" lineno="4137">
<summary>
Getattr on smartcard devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_smartcard_dev" lineno="4156">
<summary>
dontaudit getattr on smartcard devices
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_smartcard" lineno="4175">
<summary>
Read and write smartcard devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_smartcard" lineno="4193">
<summary>
Create, read, write, and delete smartcard devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_sysdig" lineno="4211">
<summary>
Read, write and map the sysdig device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_mounton_sysfs" lineno="4230">
<summary>
Mount a filesystem on sysfs.
</summary>
<param name="domain">
<summary>
Domain allow access.
</summary>
</param>
</interface>
<interface name="dev_associate_sysfs" lineno="4248">
<summary>
Associate a file to a sysfs filesystem.
</summary>
<param name="file_type">
<summary>
The type of the file to be associated to sysfs.
</summary>
</param>
</interface>
<interface name="dev_getattr_sysfs_dirs" lineno="4266">
<summary>
Get the attributes of sysfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_sysfs" lineno="4284">
<summary>
Get the attributes of sysfs filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_mount_sysfs" lineno="4302">
<summary>
mount a sysfs filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_remount_sysfs" lineno="4320">
<summary>
remount a sysfs filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_unmount_sysfs" lineno="4338">
<summary>
unmount a sysfs filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_sysfs" lineno="4356">
<summary>
Do not audit getting the attributes of sysfs filesystem
</summary>
<param name="domain">
<summary>
Domain to dontaudit access from
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_sysfs" lineno="4374">
<summary>
Dont audit attempts to read hardware state information
</summary>
<param name="domain">
<summary>
Domain for which the attempts do not need to be audited
</summary>
</param>
</interface>
<interface name="dev_mounton_sysfs_dirs" lineno="4394">
<summary>
mounton sysfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_search_sysfs" lineno="4412">
<summary>
Search the sysfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_search_sysfs" lineno="4430">
<summary>
Do not audit attempts to search sysfs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_list_sysfs" lineno="4448">
<summary>
List the contents of the sysfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_sysfs_dirs" lineno="4467">
<summary>
Write in a sysfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_sysfs_dirs" lineno="4485">
<summary>
Do not audit attempts to write in a sysfs directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_manage_sysfs_dirs" lineno="4504">
<summary>
Create, read, write, and delete sysfs
directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_sysfs" lineno="4531">
<summary>
Read hardware state information.
</summary>
<desc>
<p>
Allow the specified domain to read the contents of
the sysfs filesystem.  This filesystem contains
information, parameters, and other settings on the
hardware installed on the system.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="dev_write_sysfs" lineno="4559">
<summary>
Write to hardware state information.
</summary>
<desc>
<p>
Allow the specified domain to write to the sysfs
filesystem.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="dev_rw_sysfs" lineno="4578">
<summary>
Allow caller to modify hardware state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_sysfs_files" lineno="4599">
<summary>
Add a sysfs file
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_sysfs_dirs" lineno="4617">
<summary>
Relabel hardware state directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_all_sysfs" lineno="4635">
<summary>
Relabel from/to all sysfs types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_all_sysfs" lineno="4655">
<summary>
Set the attributes of sysfs files, directories and symlinks.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_tpm" lineno="4675">
<summary>
Read and write the TPM device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_urand" lineno="4716">
<summary>
Read from pseudo random number generator devices (e.g., /dev/urandom).
</summary>
<desc>
<p>
Allow the specified domain to read from pseudo random number
generator devices (e.g., /dev/urandom).  Typically this is
used in situations when a cryptographically secure random
number is not necessarily needed.  One example is the Stack
Smashing Protector (SSP, formerly known as ProPolice) support
that may be compiled into programs.
</p>
<p>
Related interface:
</p>
<ul>
<li>dev_read_rand()</li>
</ul>
<p>
Related tunable:
</p>
<ul>
<li>global_ssp</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="dev_dontaudit_read_urand" lineno="4735">
<summary>
Do not audit attempts to read from pseudo
random devices (e.g., /dev/urandom)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_urand" lineno="4754">
<summary>
Write to the pseudo random device (e.g., /dev/urandom). This
sets the random number generator seed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_urand_dev" lineno="4772">
<summary>
Create the urandom device (/dev/urandom).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_generic_usb_dev" lineno="4790">
<summary>
Getattr generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_generic_usb_dev" lineno="4808">
<summary>
Setattr generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_generic_usb_dev" lineno="4826">
<summary>
Read generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_generic_usb_dev" lineno="4844">
<summary>
Read and write generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_generic_usb_dev" lineno="4862">
<summary>
Relabel generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_usbmon_dev" lineno="4880">
<summary>
Read USB monitor devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_usbmon_dev" lineno="4898">
<summary>
Write USB monitor devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_mount_usbfs" lineno="4916">
<summary>
Mount a usbfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_associate_usbfs" lineno="4934">
<summary>
Associate a file to a usbfs filesystem.
</summary>
<param name="file_type">
<summary>
The type of the file to be associated to usbfs.
</summary>
</param>
</interface>
<interface name="dev_getattr_usbfs_dirs" lineno="4952">
<summary>
Get the attributes of a directory in the usb filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_usbfs_dirs" lineno="4971">
<summary>
Do not audit attempts to get the attributes
of a directory in the usb filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_search_usbfs" lineno="4989">
<summary>
Search the directory containing USB hardware information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_list_usbfs" lineno="5007">
<summary>
Allow caller to get a list of usb hardware.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_usbfs_files" lineno="5028">
<summary>
Set the attributes of usbfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_usbfs" lineno="5048">
<summary>
Read USB hardware information using
the usbfs filesystem interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_usbfs" lineno="5068">
<summary>
Allow caller to modify usb hardware configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_video_dev" lineno="5088">
<summary>
Get the attributes of video4linux devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_userio_dev" lineno="5106">
<summary>
Read and write userio device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_video_dev" lineno="5125">
<summary>
Do not audit attempts to get the attributes
of video4linux device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_video_dev" lineno="5143">
<summary>
Set the attributes of video4linux device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_video_dev" lineno="5162">
<summary>
Do not audit attempts to set the attributes
of video4linux device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_video_dev" lineno="5180">
<summary>
Read the video4linux devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_video_dev" lineno="5198">
<summary>
Write the video4linux devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_vfio_dev" lineno="5216">
<summary>
Read and write vfio devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabelfrom_vfio_dev" lineno="5234">
<summary>
Relabel vfio devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_vhost" lineno="5252">
<summary>
Allow read/write the vhost devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_vmware" lineno="5270">
<summary>
Read and write VMWare devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rwx_vmware" lineno="5288">
<summary>
Read, write, and mmap VMWare devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_watchdog" lineno="5307">
<summary>
Read from watchdog devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_watchdog" lineno="5325">
<summary>
Write to watchdog devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_wireless" lineno="5343">
<summary>
Read the wireless device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_wireless" lineno="5361">
<summary>
Read and write the the wireless device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_wireless" lineno="5379">
<summary>
manage the wireless device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_xen" lineno="5397">
<summary>
Read and write Xen devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_xen" lineno="5416">
<summary>
Create, read, write, and delete Xen devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_xen" lineno="5440">
<summary>
Automatic type transition to the type
for xen device nodes when created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dev_getattr_xserver_misc_dev" lineno="5458">
<summary>
Get the attributes of X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_xserver_misc_dev" lineno="5476">
<summary>
Set the attributes of X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_xserver_misc" lineno="5494">
<summary>
Read and write X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_map_xserver_misc" lineno="5512">
<summary>
Map X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_zero" lineno="5530">
<summary>
Read and write to the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rwx_zero" lineno="5548">
<summary>
Read, write, and execute the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_execmod_zero" lineno="5567">
<summary>
Execmod the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_zero_dev" lineno="5586">
<summary>
Create the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_cpu_online" lineno="5609">
<summary>
Read cpu online hardware state information
</summary>
<desc>
<p>
Allow the specified domain to read /sys/devices/system/cpu/online
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_unconfined" lineno="5629">
<summary>
Unconfined access to devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="domain" filename="policy/modules/kernel/domain.if">
<summary>Core policy for domains.</summary>
<required val="true">
Contains the concept of a domain.
</required>
<interface name="domain_base_type" lineno="26">
<summary>
Make the specified type usable as a basic domain.
</summary>
<desc>
<p>
Make the specified type usable as a basic domain.
</p>
<p>
This is primarily used for kernel threads;
generally the domain_type() interface is
more appropriate for userland processes.
</p>
</desc>
<param name="type">
<summary>
Type to be used as a basic domain type.
</summary>
</param>
</interface>
<interface name="domain_type" lineno="75">
<summary>
Make the specified type usable as a domain.
</summary>
<desc>
<p>
Make the specified type usable as a domain.  This,
or an interface that calls this interface, must be
used on all types that are used as domains.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>application_domain()</li>
<li>init_daemon_domain()</li>
<li>init_domaion()</li>
<li>init_ranged_daemon_domain()</li>
<li>init_ranged_domain()</li>
<li>init_ranged_system_domain()</li>
<li>init_script_domain()</li>
<li>init_system_domain()</li>
</ul>
<p>
Example:
</p>
<p>
type mydomain_t;
domain_type(mydomain_t)
type myfile_t;
files_type(myfile_t)
allow mydomain_t myfile_t:file read_file_perms;
</p>
</desc>
<param name="type">
<summary>
Type to be used as a domain type.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="domain_entry_file" lineno="125">
<summary>
Make the specified type usable as
an entry point for the domain.
</summary>
<param name="domain">
<summary>
Domain to be entered.
</summary>
</param>
<param name="type">
<summary>
Type of program used for entering
the domain.
</summary>
</param>
</interface>
<interface name="domain_interactive_fd" lineno="149">
<summary>
Make the file descriptors of the specified
domain for interactive use (widely inheritable)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dyntrans_type" lineno="178">
<summary>
Allow the specified domain to perform
dynamic transitions.
</summary>
<desc>
<p>
Allow the specified domain to perform
dynamic transitions.
</p>
<p>
This violates process tranquility, and it
is strongly suggested that this not be used.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_system_change_exemption" lineno="198">
<summary>
Makes caller and exception to the constraint
preventing changing to the system user
identity and system role.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_subj_id_change_exemption" lineno="217">
<summary>
Makes caller an exception to the constraint preventing
changing of user identity.
</summary>
<param name="domain">
<summary>
The process type to make an exception to the constraint.
</summary>
</param>
</interface>
<interface name="domain_role_change_exemption" lineno="236">
<summary>
Makes caller an exception to the constraint preventing
changing of role.
</summary>
<param name="domain">
<summary>
The process type to make an exception to the constraint.
</summary>
</param>
</interface>
<interface name="domain_obj_id_change_exemption" lineno="256">
<summary>
Makes caller an exception to the constraint preventing
changing the user identity in object contexts.
</summary>
<param name="domain">
<summary>
The process type to make an exception to the constraint.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_user_exemption_target" lineno="291">
<summary>
Make the specified domain the target of
the user domain exception of the
SELinux role and identity change
constraints.
</summary>
<desc>
<p>
Make the specified domain the target of
the user domain exception of the
SELinux role and identity change
constraints.
</p>
<p>
This interface is needed to decouple
the user domains from the base module.
It should not be used other than on
user domains.
</p>
</desc>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="domain_cron_exemption_source" lineno="326">
<summary>
Make the specified domain the source of
the cron domain exception of the
SELinux role and identity change
constraints.
</summary>
<desc>
<p>
Make the specified domain the source of
the cron domain exception of the
SELinux role and identity change
constraints.
</p>
<p>
This interface is needed to decouple
the cron domains from the base module.
It should not be used other than on
cron domains.
</p>
</desc>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="domain_cron_exemption_target" lineno="361">
<summary>
Make the specified domain the target of
the cron domain exception of the
SELinux role and identity change
constraints.
</summary>
<desc>
<p>
Make the specified domain the target of
the cron domain exception of the
SELinux role and identity change
constraints.
</p>
<p>
This interface is needed to decouple
the cron domains from the base module.
It should not be used other than on
user cron jobs.
</p>
</desc>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="domain_use_interactive_fds" lineno="389">
<summary>
Inherit and use file descriptors from
domains with interactive programs.
</summary>
<desc>
<p>
Allow the specified domain to inherit and use file
descriptors from domains with interactive programs.
This does not allow access to the objects being referenced
by the file descriptors.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="domain_dontaudit_use_interactive_fds" lineno="409">
<summary>
Do not audit attempts to inherit file
descriptors from domains with interactive
programs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_sigchld_interactive_fds" lineno="429">
<summary>
Send a SIGCHLD signal to domains whose file
discriptors are widely inheritable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_setpriority_all_domains" lineno="448">
<summary>
Set the nice level of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_signal_all_domains" lineno="467">
<summary>
Send general signals to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_signal_all_domains" lineno="487">
<summary>
Do not audit attempts to send general
signals to all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_signull_all_domains" lineno="506">
<summary>
Send a null signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_sigstop_all_domains" lineno="525">
<summary>
Send a stop signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_sigchld_all_domains" lineno="544">
<summary>
Send a child terminated signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_kill_all_domains" lineno="563">
<summary>
Send a kill signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_search_all_domains_state" lineno="582">
<summary>
Search the process state directory (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_search_all_domains_state" lineno="602">
<summary>
Do not audit attempts to search the process
state directory (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_read_all_domains_state" lineno="621">
<summary>
Read the process state (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_getattr_all_domains" lineno="643">
<summary>
Get the attributes of all domains
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_getattr_all_domains" lineno="662">
<summary>
Do not audit attempts to get the attributes
of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_read_confined_domains_state" lineno="681">
<summary>
Read the process state (/proc/pid) of all confined domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_getattr_confined_domains" lineno="707">
<summary>
Get the attributes of all confined domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_ptrace_all_domains" lineno="726">
<summary>
Ptrace all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_ptrace_all_domains" lineno="755">
<summary>
Do not audit attempts to ptrace all domains.
</summary>
<desc>
<p>
Do not audit attempts to ptrace all domains.
</p>
<p>
Generally this needs to be suppressed because procps tries to access
/proc/pid/environ and this now triggers a ptrace check in recent kernels
(2.4 and 2.6).
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_ptrace_confined_domains" lineno="783">
<summary>
Do not audit attempts to ptrace confined domains.
</summary>
<desc>
<p>
Do not audit attempts to ptrace confined domains.
</p>
<p>
Generally this needs to be suppressed because procps tries to access
/proc/pid/environ and this now triggers a ptrace check in recent kernels
(2.4 and 2.6).
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_read_all_domains_state" lineno="802">
<summary>
Do not audit attempts to read the process
state (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_list_all_domains_state" lineno="827">
<summary>
Do not audit attempts to read the process state
directories of all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_getsession_all_domains" lineno="845">
<summary>
Get the session ID of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getsession_all_domains" lineno="864">
<summary>
Do not audit attempts to get the
session ID of all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_getpgid_all_domains" lineno="882">
<summary>
Get the process group ID of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getsched_all_domains" lineno="900">
<summary>
Get the scheduler information of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getcap_all_domains" lineno="918">
<summary>
Get the capability information of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_sockets" lineno="947">
<summary>
Get the attributes of all domains
sockets, for all socket types.
</summary>
<desc>
<p>
Get the attributes of all domains
sockets, for all socket types.
</p>
<p>
This is commonly used for domains
that can use lsof on all domains.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_sockets" lineno="976">
<summary>
Do not audit attempts to get the attributes
of all domains sockets, for all socket types.
</summary>
<desc>
<p>
Do not audit attempts to get the attributes
of all domains sockets, for all socket types.
</p>
<p>
This interface was added for PCMCIA cardmgr
and is probably excessive.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_tcp_sockets" lineno="995">
<summary>
Do not audit attempts to get the attributes
of all domains TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_udp_sockets" lineno="1014">
<summary>
Do not audit attempts to get the attributes
of all domains UDP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_rw_all_udp_sockets" lineno="1033">
<summary>
Do not audit attempts to read or write
all domains UDP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_key_sockets" lineno="1052">
<summary>
Do not audit attempts to get attributes of
all domains IPSEC key management sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_packet_sockets" lineno="1071">
<summary>
Do not audit attempts to get attributes of
all domains packet sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_raw_sockets" lineno="1090">
<summary>
Do not audit attempts to get attributes of
all domains raw sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_rw_all_key_sockets" lineno="1109">
<summary>
Do not audit attempts to read or write
all domains key sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_dgram_sockets" lineno="1128">
<summary>
Do not audit attempts to get the attributes
of all domains unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_stream_sockets" lineno="1147">
<summary>
Get the attributes
of all domains unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_stream_sockets" lineno="1166">
<summary>
Do not audit attempts to get the attributes
of all domains unix stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_pipes" lineno="1195">
<summary>
Get the attributes of all domains
unnamed pipes.
</summary>
<desc>
<p>
Get the attributes of all domains
unnamed pipes.
</p>
<p>
This is commonly used for domains
that can use lsof on all domains.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_pipes" lineno="1214">
<summary>
Do not audit attempts to get the attributes
of all domains unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_ipsec_setcontext_all_domains" lineno="1233">
<summary>
Allow specified type to set context of all
domains IPSEC associations.
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_entry_files" lineno="1252">
<summary>
Get the attributes of entry point
files for all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_entry_files" lineno="1272">
<summary>
Do not audit attempts to get the attributes
of all entry point files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_read_all_entry_files" lineno="1290">
<summary>
Read the entry point files for all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_exec_all_entry_files" lineno="1311">
<summary>
Execute the entry point files for all
domains in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_exec_all_entry_files" lineno="1329">
<summary>
dontaudit checking for execute on all entry point files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_manage_all_entry_files" lineno="1349">
<summary>
Create, read, write, and delete all
entrypoint files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_relabel_all_entry_files" lineno="1369">
<summary>
Relabel to and from all entry point
file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_mmap_all_entry_files" lineno="1388">
<summary>
Mmap all entry point files as executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_entry_file_spec_domtrans" lineno="1412">
<summary>
Execute an entry_type in the specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="domain_mmap_low" lineno="1434">
<summary>
Ability to mmap a low area of the address
space conditionally, as configured by
/proc/sys/kernel/mmap_min_addr.
Preventing such mappings helps protect against
exploiting null deref bugs in the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_mmap_low_uncond" lineno="1460">
<summary>
Ability to mmap a low area of the address
space unconditionally, as configured
by /proc/sys/kernel/mmap_min_addr.
Preventing such mappings helps protect against
exploiting null deref bugs in the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_all_recvfrom_all_domains" lineno="1482">
<summary>
Allow specified type to receive labeled
networking packets from all domains, over
all protocols (TCP, UDP, etc)
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_public_key" lineno="1508">
<summary>
Allow all domains to search specified type keys.
</summary>
<desc>
<p>
When setting up IMA/EVM key(s) are added to the
kernel keyring but the type of the key is the domain
adding the key.  This interface will allow all domains
search the key so IMA/EVM validation can happen.
</p>
</desc>
<param name="type">
<summary>
Type of key to be searched.
</summary>
</param>
</interface>
<interface name="domain_unconfined_signal" lineno="1526">
<summary>
Send generic signals to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_unconfined" lineno="1544">
<summary>
Unconfined access to domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="mmap_low_allowed" dftval="false">
<desc>
<p>
Control the ability to mmap a low area of the address space,
as configured by /proc/sys/kernel/mmap_min_addr.
</p>
</desc>
</tunable>
</module>
<module name="files" filename="policy/modules/kernel/files.if">
<summary>
Basic filesystem types and interfaces.
</summary>
<desc>
<p>
This module contains basic filesystem types and interfaces. This
includes:
<ul>
<li>The concept of different file types including basic
files, mount points, tmp files, etc.</li>
<li>Access to groups of files and all files.</li>
<li>Types and interfaces for the basic filesystem layout
(/, /etc, /tmp, /usr, etc.).</li>
</ul>
</p>
</desc>
<required val="true">
Contains the concept of a file.
Comains the file initial SID.
</required>
<interface name="files_type" lineno="79">
<summary>
Make the specified type usable for files
in a filesystem.
</summary>
<desc>
<p>
Make the specified type usable for files
in a filesystem.  Types used for files that
do not use this interface, or an interface that
calls this one, will have unexpected behaviors
while the system is running. If the type is used
for device nodes (character or block files), then
the dev_node() interface is more appropriate.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>application_domain()</li>
<li>application_executable_file()</li>
<li>corecmd_executable_file()</li>
<li>init_daemon_domain()</li>
<li>init_domaion()</li>
<li>init_ranged_daemon_domain()</li>
<li>init_ranged_domain()</li>
<li>init_ranged_system_domain()</li>
<li>init_script_file()</li>
<li>init_script_domain()</li>
<li>init_system_domain()</li>
<li>files_config_files()</li>
<li>files_lock_file()</li>
<li>files_mountpoint()</li>
<li>files_runtime_file()</li>
<li>files_security_file()</li>
<li>files_security_mountpoint()</li>
<li>files_tmp_file()</li>
<li>files_tmpfs_file()</li>
<li>logging_log_file()</li>
<li>userdom_user_home_content()</li>
</ul>
<p>
Example:
</p>
<p>
type myfile_t;
files_type(myfile_t)
allow mydomain_t myfile_t:file read_file_perms;
</p>
</desc>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_auth_file" lineno="99">
<summary>
Mark the specified type as a file
that is related to authentication.
</summary>
<param name="file_type">
<summary>
Type of the authentication-related
file.
</summary>
</param>
</interface>
<interface name="files_security_file" lineno="120">
<summary>
Make the specified type a file that
should not be dontaudited from
browsing from user domains.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
member directory.
</summary>
</param>
</interface>
<interface name="files_lock_file" lineno="139">
<summary>
Make the specified type usable for
lock files.
</summary>
<param name="type">
<summary>
Type to be used for lock files.
</summary>
</param>
</interface>
<interface name="files_mountpoint" lineno="159">
<summary>
Make the specified type usable for
filesystem mount points.
</summary>
<param name="type">
<summary>
Type to be used for mount points.
</summary>
</param>
</interface>
<interface name="files_security_mountpoint" lineno="183">
<summary>
Make the specified type usable for
security file filesystem mount points.
</summary>
<param name="type">
<summary>
Type to be used for mount points.
</summary>
</param>
</interface>
<interface name="files_pid_file" lineno="231">
<summary>
Make the specified type usable for
runtime process ID files.  (Deprecated)
</summary>
<desc>
<p>
Make the specified type usable for runtime process ID files,
typically found in /var/run.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a PID file type may result in problems with starting
or stopping services.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_runtime_filetrans()</li>
</ul>
<p>
Example usage with a domain that can create and
write its PID file with a private PID file type in the
/var/run directory:
</p>
<p>
type mypidfile_t;
files_runtime_file(mypidfile_t)
allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
files_runtime_filetrans(mydomain_t, mypidfile_t, file)
</p>
</desc>
<param name="type">
<summary>
Type to be used for PID files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_runtime_file" lineno="275">
<summary>
Make the specified type usable for
runtime process ID files.
</summary>
<desc>
<p>
Make the specified type usable for runtime process ID files,
typically found in /var/run.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a PID file type may result in problems with starting
or stopping services.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_runtime_filetrans()</li>
</ul>
<p>
Example usage with a domain that can create and
write its PID file with a private PID file type in the
/var/run directory:
</p>
<p>
type mypidfile_t;
files_runtime_file(mypidfile_t)
allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
files_runtime_filetrans(mydomain_t, mypidfile_t, file)
</p>
</desc>
<param name="type">
<summary>
Type to be used for PID files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_config_file" lineno="315">
<summary>
Make the specified type a
configuration file.
</summary>
<desc>
<p>
Make the specified type usable for configuration files.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a temporary file may result in problems with
configuration management tools.
</p>
<p>
Example usage with a domain that can read
its configuration file /etc:
</p>
<p>
type myconffile_t;
files_config_file(myconffile_t)
allow mydomain_t myconffile_t:file read_file_perms;
files_search_etc(mydomain_t)
</p>
</desc>
<param name="file_type">
<summary>
Type to be used as a configuration file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_poly" lineno="335">
<summary>
Make the specified type a
polyinstantiated directory.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
polyinstantiated directory.
</summary>
</param>
</interface>
<interface name="files_poly_parent" lineno="356">
<summary>
Make the specified type a parent
of a polyinstantiated directory.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
parent directory.
</summary>
</param>
</interface>
<interface name="files_poly_member" lineno="377">
<summary>
Make the specified type a
polyinstantiation member directory.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
member directory.
</summary>
</param>
</interface>
<interface name="files_poly_member_tmp" lineno="404">
<summary>
Make the domain use the specified
type of polyinstantiated directory.
</summary>
<param name="domain">
<summary>
Domain using the polyinstantiated
directory.
</summary>
</param>
<param name="file_type">
<summary>
Type of the file to be used as a
member directory.
</summary>
</param>
</interface>
<interface name="files_tmp_file" lineno="451">
<summary>
Make the specified type a file
used for temporary files.
</summary>
<desc>
<p>
Make the specified type usable for temporary files.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a temporary file may result in problems with
purging temporary files.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_tmp_filetrans()</li>
</ul>
<p>
Example usage with a domain that can create and
write its temporary file in the system temporary file
directories (/tmp or /var/tmp):
</p>
<p>
type mytmpfile_t;
files_tmp_file(mytmpfile_t)
allow mydomain_t mytmpfile_t:file { create_file_perms write_file_perms };
files_tmp_filetrans(mydomain_t, mytmpfile_t, file)
</p>
</desc>
<param name="file_type">
<summary>
Type of the file to be used as a
temporary file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_tmpfs_file" lineno="472">
<summary>
Transform the type into a file, for use on a
virtual memory filesystem (tmpfs).
</summary>
<param name="type">
<summary>
The type to be transformed.
</summary>
</param>
</interface>
<interface name="files_dontaudit_tmpfs_file_getattr" lineno="491">
<summary>
dontaudit getattr on tmpfs files
</summary>
<param name="domain">
<summary>
Domain to not have stat on tmpfs files audited
</summary>
</param>
</interface>
<interface name="files_getattr_all_dirs" lineno="509">
<summary>
Get the attributes of all directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_dirs" lineno="528">
<summary>
Do not audit attempts to get the attributes
of all directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_non_security" lineno="546">
<summary>
List all non-security directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_non_security" lineno="565">
<summary>
Do not audit attempts to list all
non-security directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_mounton_non_security" lineno="584">
<summary>
Mount a filesystem on all non-security
directories and files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_non_security_dirs" lineno="603">
<summary>
Allow attempts to modify any directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_non_security_dirs" lineno="621">
<summary>
Allow attempts to manage non-security directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_non_security_dirs" lineno="639">
<summary>
Relabel from/to non-security directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_all_files" lineno="657">
<summary>
Get the attributes of all files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_files" lineno="677">
<summary>
Do not audit attempts to get the attributes
of all files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_files" lineno="696">
<summary>
Do not audit attempts to get the attributes
of non security files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_non_security_files" lineno="715">
<summary>
Create, read, write, and delete all non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabel_non_security_files" lineno="734">
<summary>
Relabel from/to all non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_all_files" lineno="752">
<summary>
Read all files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_execmod_all_files" lineno="783">
<summary>
Allow shared library text relocations in all files.
</summary>
<desc>
<p>
Allow shared library text relocations in all files.
</p>
<p>
This is added to support WINE policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_non_security_files" lineno="802">
<summary>
Read all non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_all_dirs_except" lineno="828">
<summary>
Read all directories on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="files_read_all_files_except" lineno="853">
<summary>
Read all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="files_read_all_symlinks_except" lineno="878">
<summary>
Read all symbolic links on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="files_getattr_all_symlinks" lineno="896">
<summary>
Get the attributes of all symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_symlinks" lineno="915">
<summary>
Do not audit attempts to get the attributes
of all symbolic links.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_all_symlinks" lineno="933">
<summary>
Do not audit attempts to read all symbolic links.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_symlinks" lineno="952">
<summary>
Do not audit attempts to get the attributes
of non security symbolic links.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_blk_files" lineno="971">
<summary>
Do not audit attempts to get the attributes
of non security block devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_chr_files" lineno="990">
<summary>
Do not audit attempts to get the attributes
of non security character devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_all_symlinks" lineno="1009">
<summary>
Read all symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_getattr_all_pipes" lineno="1028">
<summary>
Get the attributes of all named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_pipes" lineno="1048">
<summary>
Do not audit attempts to get the attributes
of all named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_pipes" lineno="1067">
<summary>
Do not audit attempts to get the attributes
of non security named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_getattr_all_sockets" lineno="1085">
<summary>
Get the attributes of all named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_sockets" lineno="1105">
<summary>
Do not audit attempts to get the attributes
of all named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_sockets" lineno="1124">
<summary>
Do not audit attempts to get the attributes
of non security named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_all_blk_files" lineno="1142">
<summary>
Read all block nodes with file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_all_chr_files" lineno="1160">
<summary>
Read all character nodes with file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_files" lineno="1186">
<summary>
Relabel all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_rw_all_files" lineno="1224">
<summary>
rw all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_all_files" lineno="1250">
<summary>
Manage all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_search_all" lineno="1277">
<summary>
Search the contents of all directories on
extended attribute filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_all" lineno="1296">
<summary>
List the contents of all directories on
extended attribute filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_all_files_as" lineno="1314">
<summary>
Create all files as is.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_all_dirs" lineno="1334">
<summary>
Do not audit attempts to search the
contents of any directories on extended
attribute filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_getattr_all_file_type_fs" lineno="1357">
<summary>
Get the attributes of all filesystems
with the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_all_file_type_fs" lineno="1375">
<summary>
Relabel a filesystem to the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_file_type_fs" lineno="1393">
<summary>
Relabel a filesystem to and from the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mount_all_file_type_fs" lineno="1411">
<summary>
Mount all filesystems with the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_unmount_all_file_type_fs" lineno="1429">
<summary>
Unmount all filesystems with the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_all_file_type_dir" lineno="1447">
<summary>
watch all directories of file_type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_non_auth_dirs" lineno="1467">
<summary>
Read all non-authentication related
directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_non_auth_files" lineno="1486">
<summary>
Read all non-authentication related
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_non_auth_symlinks" lineno="1505">
<summary>
Read all non-authentication related
symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_non_auth_files" lineno="1523">
<summary>
rw non-authentication related files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_non_auth_files" lineno="1543">
<summary>
Manage non-authentication related
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_map_non_auth_files" lineno="1571">
<summary>
Mmap non-authentication related
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabel_non_auth_files" lineno="1591">
<summary>
Relabel all non-authentication related
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_config_dirs" lineno="1622">
<summary>
Manage all configuration directories on filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="files_relabel_config_dirs" lineno="1641">
<summary>
Relabel configuration directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="files_dontaudit_relabel_config_dirs" lineno="1660">
<summary>
Do not audit attempts to relabel configuration directories
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>

</interface>
<interface name="files_read_config_files" lineno="1678">
<summary>
Read config files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_config_files" lineno="1699">
<summary>
Manage all configuration files on filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="files_relabel_config_files" lineno="1718">
<summary>
Relabel configuration files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="files_dontaudit_relabel_config_files" lineno="1737">
<summary>
Do not audit attempts to relabel configuration files
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>

</interface>
<interface name="files_mounton_all_mountpoints" lineno="1755">
<summary>
Mount a filesystem on all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_all_mountpoints" lineno="1776">
<summary>
Get the attributes of all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_all_mountpoints" lineno="1794">
<summary>
Set the attributes of all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_setattr_all_mountpoints" lineno="1812">
<summary>
Do not audit attempts to set the attributes on all mount points.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_all_mountpoints" lineno="1830">
<summary>
Search all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_all_mountpoints" lineno="1848">
<summary>
Do not audit searching of all mount points.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_all_mountpoints" lineno="1866">
<summary>
List all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_all_mountpoints" lineno="1884">
<summary>
Do not audit listing of all mount points.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_all_mountpoints" lineno="1902">
<summary>
Do not audit attempts to write to mount points.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_root" lineno="1920">
<summary>
List the contents of the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_root_symlinks" lineno="1940">
<summary>
Delete symbolic links in the
root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_root_dirs" lineno="1958">
<summary>
Do not audit attempts to write to / dirs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_root_dir" lineno="1977">
<summary>
Do not audit attempts to write
files in the root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_watch_root_dirs" lineno="1995">
<summary>
Watch the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_root_filetrans" lineno="2029">
<summary>
Create an object in the root directory, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_root_files" lineno="2048">
<summary>
Do not audit attempts to read files in
the root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_root_files" lineno="2067">
<summary>
Do not audit attempts to read or write
files in the root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_root_chr_files" lineno="2086">
<summary>
Do not audit attempts to read or write
character device nodes in the root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_delete_root_chr_files" lineno="2105">
<summary>
Delete character device nodes in
the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_root_files" lineno="2123">
<summary>
Delete files in the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_exec_root_files" lineno="2141">
<summary>
Execute files in the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_root_dir_entry" lineno="2159">
<summary>
Remove entries from the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_root_dir" lineno="2177">
<summary>
Manage the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_rootfs" lineno="2196">
<summary>
Get the attributes of a rootfs
file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_associate_rootfs" lineno="2214">
<summary>
Associate to root file system.
</summary>
<param name="file_type">
<summary>
Type of the file to associate.
</summary>
</param>
</interface>
<interface name="files_relabel_rootfs" lineno="2232">
<summary>
Relabel to and from rootfs file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_unmount_rootfs" lineno="2250">
<summary>
Unmount a rootfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_root" lineno="2268">
<summary>
Mount on the root directory (/)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_boot_dirs" lineno="2286">
<summary>
Get attributes of the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_boot_dirs" lineno="2305">
<summary>
Do not audit attempts to get attributes
of the /boot directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_boot" lineno="2323">
<summary>
Search the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_boot" lineno="2341">
<summary>
Do not audit attempts to search the /boot directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_boot" lineno="2359">
<summary>
List the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_boot" lineno="2377">
<summary>
Do not audit attempts to list the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_boot_dirs" lineno="2395">
<summary>
Create directories in /boot
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_boot_dirs" lineno="2414">
<summary>
Create, read, write, and delete
directories in /boot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_boot_filetrans" lineno="2448">
<summary>
Create a private type object in boot
with an automatic type transition
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object_class">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_read_boot_files" lineno="2467">
<summary>
read files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_boot_files" lineno="2487">
<summary>
Create, read, write, and delete files
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabelfrom_boot_files" lineno="2505">
<summary>
Relabel from files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_boot_symlinks" lineno="2523">
<summary>
Read symbolic links in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_boot_symlinks" lineno="2542">
<summary>
Read and write symbolic links
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_boot_symlinks" lineno="2562">
<summary>
Create, read, write, and delete symbolic links
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_kernel_img" lineno="2580">
<summary>
Read kernel files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_kernel_img" lineno="2601">
<summary>
Install a kernel into the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_delete_kernel" lineno="2621">
<summary>
Delete a kernel from /boot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_getattr_default_dirs" lineno="2639">
<summary>
Getattr of directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_default_dirs" lineno="2658">
<summary>
Do not audit attempts to get the attributes of
directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_default" lineno="2676">
<summary>
Search the contents of directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_default" lineno="2694">
<summary>
List contents of directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_default" lineno="2713">
<summary>
Do not audit attempts to list contents of
directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_default_dirs" lineno="2732">
<summary>
Create, read, write, and delete directories with
the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_default" lineno="2750">
<summary>
Mount a filesystem on a directory with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_default_files" lineno="2769">
<summary>
Do not audit attempts to get the attributes of
files with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_default_files" lineno="2787">
<summary>
Read files with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_default_files" lineno="2806">
<summary>
Do not audit attempts to read files
with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_default_files" lineno="2825">
<summary>
Create, read, write, and delete files with
the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_default_symlinks" lineno="2843">
<summary>
Read symbolic links with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_default_sockets" lineno="2861">
<summary>
Read sockets with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_default_pipes" lineno="2879">
<summary>
Read named pipes with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_etc" lineno="2897">
<summary>
Search the contents of /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_etc_dirs" lineno="2915">
<summary>
Set the attributes of the /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_etc" lineno="2933">
<summary>
List the contents of /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_etc_dirs" lineno="2951">
<summary>
Do not audit attempts to write to /etc dirs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_etc_dirs" lineno="2969">
<summary>
Add and remove entries from /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_etc_dirs" lineno="2988">
<summary>
Manage generic directories in /etc
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>

</interface>
<interface name="files_relabelto_etc_dirs" lineno="3006">
<summary>
Relabel directories to etc_t.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_etc_dirs" lineno="3025">
<summary>
Mount a filesystem on the
etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_etc_dirs" lineno="3043">
<summary>
Watch /etc directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_etc_files" lineno="3095">
<summary>
Read generic files in /etc.
</summary>
<desc>
<p>
Allow the specified domain to read generic
files in /etc. These files are typically
general system configuration files that do
not have more specific SELinux types.  Some
examples of these files are:
</p>
<ul>
<li>/etc/fstab</li>
<li>/etc/passwd</li>
<li>/etc/services</li>
<li>/etc/shells</li>
</ul>
<p>
This interface does not include access to /etc/shadow.
</p>
<p>
Generally, it is safe for many domains to have
this access.  However, since this interface provides
access to the /etc/passwd file, caution must be
exercised, as user account names can be leaked
through this access.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>auth_read_shadow()</li>
<li>files_read_etc_runtime_files()</li>
<li>seutil_read_config()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="files_map_etc_files" lineno="3127">
<summary>
Map generic files in /etc.
</summary>
<desc>
<p>
Allow the specified domain to map generic files in /etc.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_read_etc_files()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="files_dontaudit_write_etc_files" lineno="3145">
<summary>
Do not audit attempts to write generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_etc_files" lineno="3164">
<summary>
Read and write generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_etc_files" lineno="3186">
<summary>
Create, read, write, and delete generic
files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_manage_etc_files" lineno="3207">
<summary>
Do not audit attempts to create, read, write,
and delete generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_delete_etc_files" lineno="3225">
<summary>
Delete system configuration files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_exec_etc_files" lineno="3243">
<summary>
Execute generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_get_etc_unit_status" lineno="3263">
<summary>
Get etc_t service status.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_start_etc_service" lineno="3281">
<summary>
start etc_t service
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_stop_etc_service" lineno="3299">
<summary>
stop etc_t service
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_etc_files" lineno="3317">
<summary>
Relabel from and to generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_etc_symlinks" lineno="3336">
<summary>
Read symbolic links in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_etc_symlinks" lineno="3354">
<summary>
Watch /etc symlinks
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_etc_symlinks" lineno="3372">
<summary>
Create, read, write, and delete symbolic links in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_etc_filetrans" lineno="3406">
<summary>
Create objects in /etc with a private
type using a type_transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
Private file type.
</summary>
</param>
<param name="class">
<summary>
Object classes to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_etc_filetrans_etc" lineno="3435">
<summary>
Create objects in /etc with type etc_t with specified
name to overide default transition
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="class">
<summary>
Object classes to be created.
</summary>
</param>
<param name="name">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_create_boot_flag" lineno="3465">
<summary>
Create a boot flag.
</summary>
<desc>
<p>
Create a boot flag, such as
/.autorelabel and /.autofsck.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_delete_boot_flag" lineno="3491">
<summary>
Delete a boot flag.
</summary>
<desc>
<p>
Delete a boot flag, such as
/.autorelabel and /.autofsck.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_getattr_etc_runtime_dirs" lineno="3510">
<summary>
Get the attributes of the
etc_runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_etc_runtime_dirs" lineno="3529">
<summary>
Mount a filesystem on the
etc_runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_etc_runtime_dirs" lineno="3547">
<summary>
Relabel to etc_runtime_t dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="3565">
<summary>
Do not audit attempts to set the attributes of the etc_runtime files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_etc_runtime_files" lineno="3603">
<summary>
Read files in /etc that are dynamically
created on boot, such as mtab.
</summary>
<desc>
<p>
Allow the specified domain to read dynamically created
configuration files in /etc. These files are typically
general system configuration files that do
not have more specific SELinux types.  Some
examples of these files are:
</p>
<ul>
<li>/etc/motd</li>
<li>/etc/mtab</li>
<li>/etc/nologin</li>
</ul>
<p>
This interface does not include access to /etc/shadow.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10" />
<rolecap/>
</interface>
<interface name="files_dontaudit_read_etc_runtime_files" lineno="3625">
<summary>
Do not audit attempts to read files
in /etc that are dynamically
created on boot, such as mtab.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_etc_files" lineno="3644">
<summary>
Do not audit attempts to read files
in /etc
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_etc_runtime_files" lineno="3663">
<summary>
Do not audit attempts to write
etc runtime files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_etc_runtime_files" lineno="3683">
<summary>
Read and write files in /etc that are dynamically
created on boot, such as mtab.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_etc_runtime_files" lineno="3705">
<summary>
Create, read, write, and delete files in
/etc that are dynamically created on boot,
such as mtab.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabelto_etc_runtime_files" lineno="3723">
<summary>
Relabel to etc_runtime_t files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_etc_filetrans_etc_runtime" lineno="3752">
<summary>
Create, etc runtime objects with an automatic
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object">
<summary>
The class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_getattr_home_dir" lineno="3771">
<summary>
Get the attributes of the home directories root
(/home).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_home_dir" lineno="3792">
<summary>
Do not audit attempts to get the
attributes of the home directories root
(/home).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_home" lineno="3811">
<summary>
Search home directories root (/home).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_home" lineno="3831">
<summary>
Do not audit attempts to search
home directories root (/home).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_home" lineno="3851">
<summary>
Do not audit attempts to list
home directories root (/home).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_home" lineno="3870">
<summary>
Get listing of home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_home" lineno="3889">
<summary>
Relabel to user home root (/home).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelfrom_home" lineno="3907">
<summary>
Relabel from user home root (/home).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_home_filetrans" lineno="3940">
<summary>
Create objects in /home.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="home_type">
<summary>
The private type.
</summary>
</param>
<param name="object">
<summary>
The class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_watch_home" lineno="3958">
<summary>
watch /home.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_lost_found_dirs" lineno="3976">
<summary>
Get the attributes of lost+found directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="3995">
<summary>
Do not audit attempts to get the attributes of
lost+found directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_lost_found" lineno="4013">
<summary>
List the contents of lost+found directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_lost_found" lineno="4033">
<summary>
Create, read, write, and delete objects in
lost+found directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_search_mnt" lineno="4055">
<summary>
Search the contents of /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_mnt" lineno="4073">
<summary>
Do not audit attempts to search /mnt.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_mnt" lineno="4091">
<summary>
List the contents of /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_mnt" lineno="4109">
<summary>
Do not audit attempts to list the contents of /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_mnt" lineno="4127">
<summary>
Mount a filesystem on /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_mnt_dirs" lineno="4146">
<summary>
Create, read, write, and delete directories in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_mnt_files" lineno="4164">
<summary>
Create, read, write, and delete files in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_mnt_files" lineno="4182">
<summary>
read files in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_mnt_symlinks" lineno="4200">
<summary>
Read symbolic links in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_mnt_symlinks" lineno="4218">
<summary>
Create, read, write, and delete symbolic links in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_kernel_modules" lineno="4236">
<summary>
Search the contents of the kernel module directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_kernel_modules" lineno="4255">
<summary>
List the contents of the kernel module directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_kernel_modules" lineno="4274">
<summary>
Get the attributes of kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_kernel_modules" lineno="4292">
<summary>
Read kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mmap_read_kernel_modules" lineno="4312">
<summary>
Read and mmap kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_kernel_modules" lineno="4333">
<summary>
Write kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_kernel_modules" lineno="4352">
<summary>
Delete kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_kernel_modules" lineno="4372">
<summary>
Create, read, write, and delete
kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabel_kernel_modules" lineno="4392">
<summary>
Relabel from and to kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_kernel_modules_filetrans" lineno="4427">
<summary>
Create objects in the kernel module directories
with a private type via an automatic type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object_class">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_load_kernel_modules" lineno="4445">
<summary>
Load kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_world_readable" lineno="4465">
<summary>
List world-readable directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_world_readable_files" lineno="4484">
<summary>
Read world-readable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_world_readable_symlinks" lineno="4503">
<summary>
Read world-readable symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_world_readable_pipes" lineno="4521">
<summary>
Read world-readable named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_world_readable_sockets" lineno="4539">
<summary>
Read world-readable sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_associate_tmp" lineno="4559">
<summary>
Allow the specified type to associate
to a filesystem with the type of the
temporary directory (/tmp).
</summary>
<param name="file_type">
<summary>
Type of the file to associate.
</summary>
</param>
</interface>
<interface name="files_getattr_tmp_dirs" lineno="4577">
<summary>
Get the	attributes of the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_tmp_dirs" lineno="4596">
<summary>
Do not audit attempts to get the
attributes of the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_tmp" lineno="4614">
<summary>
Search the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_tmp" lineno="4632">
<summary>
Do not audit attempts to search the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_tmp" lineno="4650">
<summary>
Read the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_tmp" lineno="4668">
<summary>
Do not audit listing of the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="files_delete_tmp_dir_entry" lineno="4686">
<summary>
Remove entries from the tmp directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_generic_tmp_files" lineno="4704">
<summary>
Read files in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_tmp_dirs" lineno="4722">
<summary>
Manage temporary directories in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_tmp_files" lineno="4740">
<summary>
Manage temporary files and directories in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_generic_tmp_symlinks" lineno="4758">
<summary>
Read symbolic links in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_generic_tmp_sockets" lineno="4776">
<summary>
Read and write generic named sockets in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_tmp" lineno="4794">
<summary>
Mount filesystems in the tmp directory (/tmp)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_all_tmp_dirs" lineno="4812">
<summary>
Set the attributes of all tmp directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_all_tmp" lineno="4830">
<summary>
List all tmp directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_tmp_dirs" lineno="4850">
<summary>
Relabel to and from all temporary
directory types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_getattr_all_tmp_files" lineno="4871">
<summary>
Do not audit attempts to get the attributes
of all tmp files.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="files_getattr_all_tmp_files" lineno="4890">
<summary>
Allow attempts to get the attributes
of all tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_tmp_files" lineno="4910">
<summary>
Relabel to and from all temporary
file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="4931">
<summary>
Do not audit attempts to get the attributes
of all tmp sock_file.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="files_read_all_tmp_files" lineno="4949">
<summary>
Read all tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_tmp_filetrans" lineno="4983">
<summary>
Create an object in the tmp directories, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_purge_tmp" lineno="5001">
<summary>
Delete the contents of /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_usr_dirs" lineno="5024">
<summary>
Set the attributes of the /usr directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_usr" lineno="5042">
<summary>
Search the content of /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_usr" lineno="5061">
<summary>
List the contents of generic
directories in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_usr_dirs" lineno="5079">
<summary>
Do not audit write of /usr dirs
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_usr_dirs" lineno="5097">
<summary>
Add and remove entries from /usr directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_usr_dirs" lineno="5116">
<summary>
Do not audit attempts to add and remove
entries from /usr directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_delete_usr_dirs" lineno="5134">
<summary>
Delete generic directories in /usr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_usr_dirs" lineno="5152">
<summary>
Watch generic directories in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_usr_files" lineno="5170">
<summary>
Delete generic files in /usr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_usr_files" lineno="5188">
<summary>
Get the attributes of files in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_map_usr_files" lineno="5207">
<summary>
Map generic files in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="files_read_usr_files" lineno="5243">
<summary>
Read generic files in /usr.
</summary>
<desc>
<p>
Allow the specified domain to read generic
files in /usr. These files are various program
files that do not have more specific SELinux types.
Some examples of these files are:
</p>
<ul>
<li>/usr/include/*</li>
<li>/usr/share/doc/*</li>
<li>/usr/share/info/*</li>
</ul>
<p>
Generally, it is safe for many domains to have
this access.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="files_exec_usr_files" lineno="5263">
<summary>
Execute generic programs in /usr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_usr_files" lineno="5283">
<summary>
dontaudit write of /usr files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_usr_files" lineno="5301">
<summary>
Create, read, write, and delete files in the /usr directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_usr_files" lineno="5319">
<summary>
Relabel a file to the type used in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelfrom_usr_files" lineno="5337">
<summary>
Relabel a file from the type used in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_usr_symlinks" lineno="5355">
<summary>
Read symbolic links in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_usr_filetrans" lineno="5388">
<summary>
Create objects in the /usr directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_search_src" lineno="5406">
<summary>
Search directories in /usr/src.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_src" lineno="5424">
<summary>
Do not audit attempts to search /usr/src.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_getattr_usr_src_files" lineno="5442">
<summary>
Get the attributes of files in /usr/src.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_usr_src_files" lineno="5463">
<summary>
Read files in /usr/src.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_exec_usr_src_files" lineno="5484">
<summary>
Execute programs in /usr/src in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_kernel_symbol_table" lineno="5504">
<summary>
Install a system.map into the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_kernel_symbol_table" lineno="5523">
<summary>
Read system.map in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_kernel_symbol_table" lineno="5542">
<summary>
Delete a system.map in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_kernel_symbol_table" lineno="5561">
<summary>
Delete a system.map in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_var" lineno="5580">
<summary>
Search the contents of /var.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_var_dirs" lineno="5598">
<summary>
Do not audit attempts to write to /var.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_write_var_dirs" lineno="5616">
<summary>
Allow attempts to write to /var.dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_var" lineno="5635">
<summary>
Do not audit attempts to search
the contents of /var.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_var" lineno="5653">
<summary>
List the contents of /var.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_var" lineno="5672">
<summary>
Do not audit attempts to list
the contents of /var.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_var_dirs" lineno="5691">
<summary>
Create, read, write, and delete directories
in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_var_dirs" lineno="5709">
<summary>
relabelto/from var directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_var_files" lineno="5727">
<summary>
Read files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_append_var_files" lineno="5745">
<summary>
Append files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_var_files" lineno="5763">
<summary>
Read and write files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_var_files" lineno="5782">
<summary>
Do not audit attempts to read and write
files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_var_files" lineno="5800">
<summary>
Create, read, write, and delete files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_var_symlinks" lineno="5818">
<summary>
Read symbolic links in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_var_symlinks" lineno="5837">
<summary>
Create, read, write, and delete symbolic
links in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_var_filetrans" lineno="5870">
<summary>
Create objects in the /var directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_getattr_var_lib_dirs" lineno="5888">
<summary>
Get the attributes of the /var/lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_var_lib" lineno="5920">
<summary>
Search the /var/lib directory.
</summary>
<desc>
<p>
Search the /var/lib directory.  This is
necessary to access files or directories under
/var/lib that have a private type.  For example, a
domain accessing a private library file in the
/var/lib directory:
</p>
<p>
allow mydomain_t mylibfile_t:file read_file_perms;
files_search_var_lib(mydomain_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
</interface>
<interface name="files_dontaudit_search_var_lib" lineno="5940">
<summary>
Do not audit attempts to search the
contents of /var/lib.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="read" weight="5"/>
</interface>
<interface name="files_list_var_lib" lineno="5958">
<summary>
List the contents of the /var/lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_var_lib_dirs" lineno="5976">
<summary>
Read-write /var/lib directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_var_lib_dirs" lineno="5994">
<summary>
manage var_lib_t dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_var_lib_dirs" lineno="6013">
<summary>
relabel var_lib_t dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_var_lib_filetrans" lineno="6047">
<summary>
Create objects in the /var/lib directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_read_var_lib_files" lineno="6066">
<summary>
Read generic files in /var/lib.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_map_var_lib_files" lineno="6085">
<summary>
map generic files in /var/lib.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_var_lib_symlinks" lineno="6103">
<summary>
Read generic symbolic links in /var/lib
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_urandom_seed" lineno="6125">
<summary>
Create, read, write, and delete the
pseudorandom number generator seed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_mounttab" lineno="6145">
<summary>
Allow domain to manage mount tables
necessary for rpcd, nfsd, etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_lock_dirs" lineno="6164">
<summary>
Set the attributes of the generic lock directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_locks" lineno="6182">
<summary>
Search the locks directory (/var/lock).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_locks" lineno="6202">
<summary>
Do not audit attempts to search the
locks directory (/var/lock).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_locks" lineno="6221">
<summary>
List generic lock directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_check_write_lock_dirs" lineno="6240">
<summary>
Test write access on lock directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_add_entry_lock_dirs" lineno="6259">
<summary>
Add entries in the /var/lock directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_lock_dirs" lineno="6279">
<summary>
Add and remove entries in the /var/lock
directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_lock_dirs" lineno="6298">
<summary>
Create lock directories
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_relabel_all_lock_dirs" lineno="6319">
<summary>
Relabel to and from all lock directory types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_getattr_generic_locks" lineno="6340">
<summary>
Get the attributes of generic lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_generic_locks" lineno="6361">
<summary>
Delete generic lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_locks" lineno="6382">
<summary>
Create, read, write, and delete generic
lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_locks" lineno="6404">
<summary>
Delete all lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_all_locks" lineno="6425">
<summary>
Read all lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_all_locks" lineno="6448">
<summary>
manage all lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_locks" lineno="6471">
<summary>
Relabel from/to all lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_lock_filetrans" lineno="6510">
<summary>
Create an object in the locks directory, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_pid_dirs" lineno="6531">
<summary>
Do not audit attempts to get the attributes
of the /var/run directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_mounton_pid_dirs" lineno="6546">
<summary>
mounton a /var/run directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_pid_dirs" lineno="6561">
<summary>
Set the attributes of the /var/run directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_pids" lineno="6577">
<summary>
Search the contents of runtime process
ID directories (/var/run).  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_pids" lineno="6593">
<summary>
Do not audit attempts to search
the /var/run directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_pids" lineno="6609">
<summary>
List the contents of the runtime process
ID directories (/var/run).  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_check_write_pid_dirs" lineno="6624">
<summary>
Check write access on /var/run directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_pid_dirs" lineno="6639">
<summary>
Create a /var/run directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_runtime_dirs" lineno="6655">
<summary>
Do not audit attempts to get the attributes
of the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_mounton_runtime_dirs" lineno="6674">
<summary>
mounton a /var/run directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_runtime_dirs" lineno="6692">
<summary>
Set the attributes of the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_runtime" lineno="6712">
<summary>
Search the contents of runtime process
ID directories (/var/run).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_runtime" lineno="6732">
<summary>
Do not audit attempts to search
the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_runtime" lineno="6752">
<summary>
List the contents of the runtime process
ID directories (/var/run).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_check_write_runtime_dirs" lineno="6771">
<summary>
Check write access on /var/run directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_runtime_dirs" lineno="6789">
<summary>
Create a /var/run directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_watch_runtime_dirs" lineno="6807">
<summary>
Watch /var/run directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_generic_pids" lineno="6825">
<summary>
Read generic process ID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_generic_pid_pipes" lineno="6840">
<summary>
Write named generic process ID pipes.   (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_pid_filetrans" lineno="6897">
<summary>
Create an object in the process ID directory, with a private type.  (Deprecated)
</summary>
<desc>
<p>
Create an object in the process ID directory (e.g., /var/run)
with a private type.  Typically this is used for creating
private PID files in /var/run with the private type instead
of the general PID file type. To accomplish this goal,
either the program must be SELinux-aware, or use this interface.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_runtime_file()</li>
</ul>
<p>
Example usage with a domain that can create and
write its PID file with a private PID file type in the
/var/run directory:
</p>
<p>
type mypidfile_t;
files_runtime_file(mypidfile_t)
allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
files_runtime_filetrans(mydomain_t, mypidfile_t, file)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="files_pid_filetrans_lock_dir" lineno="6917">
<summary>
Create a generic lock directory within the run directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_rw_generic_pids" lineno="6932">
<summary>
Read and write generic process ID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_pids" lineno="6948">
<summary>
Do not audit attempts to get the attributes of
daemon runtime data files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_all_pids" lineno="6963">
<summary>
Do not audit attempts to write to daemon runtime data files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_ioctl_all_pids" lineno="6978">
<summary>
Do not audit attempts to ioctl daemon runtime data files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_all_pid_dirs" lineno="6994">
<summary>
manage all pidfile directories
in the /var/run directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_all_pids" lineno="7010">
<summary>
Read all process ID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_exec_generic_pid_files" lineno="7025">
<summary>
Execute generic programs in /var/run in the caller domain.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_pid_files" lineno="7040">
<summary>
Relabel all pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_pids" lineno="7056">
<summary>
Delete all process IDs.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_create_all_pid_sockets" lineno="7075">
<summary>
Create all pid sockets.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_all_pid_pipes" lineno="7090">
<summary>
Create all pid named pipes.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_runtime_files" lineno="7105">
<summary>
Read generic runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_exec_runtime" lineno="7125">
<summary>
Execute generic programs in /var/run in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_runtime_files" lineno="7143">
<summary>
Read and write generic runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_runtime_symlinks" lineno="7163">
<summary>
Delete generic runtime symlinks.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_runtime_pipes" lineno="7181">
<summary>
Write named generic runtime pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_runtime_dirs" lineno="7201">
<summary>
Delete all runtime dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_all_runtime_dirs" lineno="7219">
<summary>
Create, read, write, and delete all runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_runtime_dirs" lineno="7237">
<summary>
Relabel all runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_runtime_files" lineno="7256">
<summary>
Do not audit attempts to get the attributes of
all runtime data files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_all_runtime_files" lineno="7277">
<summary>
Read all runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_ioctl_all_runtime_files" lineno="7298">
<summary>
Do not audit attempts to ioctl all runtime files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_all_runtime_files" lineno="7318">
<summary>
Do not audit attempts to write to all runtime files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_delete_all_runtime_files" lineno="7339">
<summary>
Delete all runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_all_runtime_files" lineno="7358">
<summary>
Create, read, write and delete all
var_run (pid) files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_runtime_files" lineno="7376">
<summary>
Relabel all runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_runtime_symlinks" lineno="7395">
<summary>
Delete all runtime symlinks.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_all_runtime_symlinks" lineno="7414">
<summary>
Create, read, write and delete all
var_run (pid) symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_runtime_symlinks" lineno="7432">
<summary>
Relabel all runtime symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_all_runtime_pipes" lineno="7450">
<summary>
Create all runtime named pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_runtime_pipes" lineno="7469">
<summary>
Delete all runtime named pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_all_runtime_sockets" lineno="7488">
<summary>
Create all runtime sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_runtime_sockets" lineno="7506">
<summary>
Delete all runtime sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_runtime_sockets" lineno="7524">
<summary>
Relabel all runtime named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_runtime_filetrans" lineno="7584">
<summary>
Create an object in the /run directory, with a private type.
</summary>
<desc>
<p>
Create an object in the process ID directory (e.g., /var/run)
with a private type.  Typically this is used for creating
private PID files in /var/run with the private type instead
of the general PID file type. To accomplish this goal,
either the program must be SELinux-aware, or use this interface.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_runtime_file()</li>
</ul>
<p>
Example usage with a domain that can create and
write its PID file with a private PID file type in the
/var/run directory:
</p>
<p>
type mypidfile_t;
files_runtime_file(mypidfile_t)
allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
files_runtime_filetrans(mydomain_t, mypidfile_t, file)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="files_runtime_filetrans_lock_dir" lineno="7609">
<summary>
Create a generic lock directory within the run directories.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_create_all_spool_sockets" lineno="7627">
<summary>
Create all spool sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_spool_sockets" lineno="7645">
<summary>
Delete all spool sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_pid_dirs" lineno="7663">
<summary>
Delete all process ID directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_all_pids" lineno="7679">
<summary>
Create, read, write and delete all
var_run (pid) content  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_pid_dirs" lineno="7696">
<summary>
Relabel to/from all var_run (pid) directories  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_pid_sock_files" lineno="7711">
<summary>
Relabel to/from all var_run (pid) socket files  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_pids" lineno="7726">
<summary>
Relabel to/from all var_run (pid) files and directories  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_all_poly_members" lineno="7744">
<summary>
Mount filesystems on all polyinstantiation
member directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_spool" lineno="7763">
<summary>
Search the contents of generic spool
directories (/var/spool).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_spool" lineno="7782">
<summary>
Do not audit attempts to search generic
spool directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_spool" lineno="7801">
<summary>
List the contents of generic spool
(/var/spool) directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_spool_dirs" lineno="7820">
<summary>
Create, read, write, and delete generic
spool directories (/var/spool).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_generic_spool" lineno="7839">
<summary>
Read generic spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_spool" lineno="7859">
<summary>
Create, read, write, and delete generic
spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_spool_filetrans" lineno="7895">
<summary>
Create objects in the spool directory
with a private type with a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file">
<summary>
Type to which the created node will be transitioned.
</summary>
</param>
<param name="class">
<summary>
Object class(es) (single or set including {}) for which this
the transition will occur.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="files_polyinstantiate_all" lineno="7915">
<summary>
Allow access to manage all polyinstantiated
directories on the system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_unconfined" lineno="7969">
<summary>
Unconfined access to files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="filesystem" filename="policy/modules/kernel/filesystem.if">
<summary>Policy for filesystems.</summary>
<required val="true">
Contains the initial SID for the filesystems.
</required>
<interface name="fs_type" lineno="16">
<summary>
Transform specified type into a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_noxattr_type" lineno="36">
<summary>
Transform specified type into a filesystem
type which does not have extended attribute
support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_image_file" lineno="57">
<summary>
Transform specified type into a filesystem
image file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_associate" lineno="80">
<summary>
Associate the specified file type to persistent
filesystems with extended attributes.  This
allows a file of this type to be created on
a filesystem such as ext3, JFS, and XFS.
</summary>
<param name="file_type">
<summary>
The type of the to be associated.
</summary>
</param>
</interface>
<interface name="fs_associate_noxattr" lineno="102">
<summary>
Associate the specified file type to
filesystems which lack extended attributes
support.  This allows a file of this type
to be created on a filesystem such as
FAT32, and NFS.
</summary>
<param name="file_type">
<summary>
The type of the to be associated.
</summary>
</param>
</interface>
<interface name="fs_exec_noxattr" lineno="122">
<summary>
Execute files on a filesystem that does
not support extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_xattr_type" lineno="142">
<summary>
Transform specified type into a filesystem
type which has extended attribute
support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_xattr_fs" lineno="180">
<summary>
Get the attributes of all the
filesystems which have extended
attributes.
This includes pseudo filesystems.
</summary>
<desc>
<p>
Allow the specified domain to
get the attributes of a filesystems
which have extended attributes.
Example attributes:
</p>
<ul>
<li>Type of the file system (e.g., tmpfs)</li>
<li>Size of the file system</li>
<li>Available space on the file system</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
<rolecap/>
</interface>
<interface name="fs_mount_xattr_fs" lineno="200">
<summary>
Mount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_xattr_fs" lineno="221">
<summary>
Remount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS.  This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_xattr_fs" lineno="241">
<summary>
Unmount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_xattr_fs" lineno="277">
<summary>
Get the attributes of persistent
filesystems which have extended
attributes, such as ext3, JFS, or XFS.
</summary>
<desc>
<p>
Allow the specified domain to
get the attributes of a persistent
filesystems which have extended
attributes, such as ext3, JFS, or XFS.
Example attributes:
</p>
<ul>
<li>Type of the file system (e.g., ext3)</li>
<li>Size of the file system</li>
<li>Available space on the file system</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
<rolecap/>
</interface>
<interface name="fs_dontaudit_getattr_xattr_fs" lineno="298">
<summary>
Do not audit attempts to
get the attributes of a persistent
filesystem which has extended
attributes, such as ext3, JFS, or XFS.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_xattr_fs" lineno="318">
<summary>
Allow changing of the label of a
filesystem with extended attributes
using the context= mount option.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_get_xattr_fs_quotas" lineno="338">
<summary>
Get the filesystem quotas of a filesystem
with extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_set_xattr_fs_quotas" lineno="358">
<summary>
Set the filesystem quotas of a filesystem
with extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_read_anon_inodefs_files" lineno="376">
<summary>
Read files on anon_inodefs file systems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_anon_inodefs_files" lineno="396">
<summary>
Read and write files on anon_inodefs
file systems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_anon_inodefs_files" lineno="416">
<summary>
Do not audit attempts to read or write files on
anon_inodefs file systems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mount_autofs" lineno="435">
<summary>
Mount an automount pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_autofs" lineno="454">
<summary>
Remount an automount pseudo filesystem
This allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_autofs" lineno="472">
<summary>
Unmount an automount pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_autofs" lineno="491">
<summary>
Get the attributes of an automount
pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_auto_mountpoints" lineno="518">
<summary>
Search automount filesystem to use automatically
mounted filesystems.
</summary>
<desc>
Allow the specified domain to search mount points
that have filesystems that are mounted by
the automount service.  Generally this will
be required for any domain that accesses objects
on these filesystems.
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
</interface>
<interface name="fs_list_auto_mountpoints" lineno="538">
<summary>
Read directories of automatically
mounted filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_list_auto_mountpoints" lineno="557">
<summary>
Do not audit attempts to list directories of automatically
mounted filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_autofs_symlinks" lineno="576">
<summary>
Create, read, write, and delete symbolic links
on an autofs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_binfmt_misc_fs" lineno="594">
<summary>
Get the attributes of binfmt_misc filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_binfmt_misc_dirs" lineno="614">
<summary>
Get the attributes of directories on
binfmt_misc filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_register_binary_executable_type" lineno="650">
<summary>
Register an interpreter for new binary
file types, using the kernel binfmt_misc
support.
</summary>
<desc>
<p>
Register an interpreter for new binary
file types, using the kernel binfmt_misc
support.
</p>
<p>
A common use for this is to
register a JVM as an interpreter for
Java byte code.  Registered binaries
can be directly executed on a command line
without specifying the interpreter.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_mount_cgroup" lineno="670">
<summary>
Mount cgroup filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_cgroup" lineno="688">
<summary>
Remount cgroup filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_cgroup" lineno="706">
<summary>
Unmount cgroup filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_cgroup" lineno="724">
<summary>
Get attributes of cgroup filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_cgroup_dirs" lineno="742">
<summary>
Search cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_cgroup_dirs" lineno="762">
<summary>
list cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_delete_cgroup_dirs" lineno="781">
<summary>
Delete cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_cgroup_dirs" lineno="800">
<summary>
Manage cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_cgroup_dirs" lineno="820">
<summary>
Relabel cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_cgroup_files" lineno="838">
<summary>
Get attributes of cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cgroup_files" lineno="858">
<summary>
Read cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_cgroup_files" lineno="879">
<summary>
Watch cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_create_cgroup_links" lineno="898">
<summary>
Create cgroup lnk_files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_write_cgroup_files" lineno="918">
<summary>
Write cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_cgroup_files" lineno="937">
<summary>
Read and write cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_cgroup_files" lineno="959">
<summary>
Do not audit attempts to open,
get attributes, read and write
cgroup files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_cgroup_files" lineno="977">
<summary>
Manage cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_cgroup_symlinks" lineno="997">
<summary>
Relabel cgroup symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mounton_cgroup" lineno="1015">
<summary>
Mount on cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_cgroup_filetrans" lineno="1049">
<summary>
Create an object in a cgroup tmpfs filesystem, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_cifs_dirs" lineno="1070">
<summary>
Do not audit attempts to read
dirs on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mount_cifs" lineno="1088">
<summary>
Mount a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_cifs" lineno="1107">
<summary>
Remount a CIFS or SMB network filesystem.
This allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_cifs" lineno="1125">
<summary>
Unmount a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_cifs" lineno="1145">
<summary>
Get the attributes of a CIFS or
SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_search_cifs" lineno="1163">
<summary>
Search directories on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_cifs" lineno="1182">
<summary>
List the contents of directories on a
CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_cifs" lineno="1201">
<summary>
Do not audit attempts to list the contents
of directories on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mounton_cifs" lineno="1219">
<summary>
Mounton a CIFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_files" lineno="1238">
<summary>
Read files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_read_all_inherited_image_files" lineno="1258">
<summary>
Read all inherited filesystem image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_read_all_image_files" lineno="1277">
<summary>
Read all filesystem image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_mmap_read_all_image_files" lineno="1296">
<summary>
Mmap-read all filesystem image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_rw_all_image_files" lineno="1315">
<summary>
Read and write all filesystem image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_mmap_rw_all_image_files" lineno="1334">
<summary>
Mmap-Read-write all filesystem image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_write_all_image_files" lineno="1353">
<summary>
Do not audit attempts to write all filesystem image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_getattr_noxattr_fs" lineno="1373">
<summary>
Get the attributes of filesystems that
do not have extended attribute support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_list_noxattr_fs" lineno="1391">
<summary>
Read all noxattrfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_noxattr_fs" lineno="1410">
<summary>
Do not audit attempts to list all
noxattrfs directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_noxattr_fs_dirs" lineno="1428">
<summary>
Create, read, write, and delete all noxattrfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_noxattr_fs_files" lineno="1446">
<summary>
Read all noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_noxattr_fs_files" lineno="1466">
<summary>
Do not audit attempts to read all
noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1484">
<summary>
Dont audit attempts to write to noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_noxattr_fs_files" lineno="1502">
<summary>
Create, read, write, and delete all noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_noxattr_fs_symlinks" lineno="1521">
<summary>
Read all noxattrfs symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_noxattr_fs_symlinks" lineno="1540">
<summary>
Manage all noxattrfs symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_noxattr_fs" lineno="1560">
<summary>
Relabel all objects from filesystems that
do not support extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_cifs_files" lineno="1586">
<summary>
Do not audit attempts to read
files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_append_cifs_files" lineno="1606">
<summary>
Append files
on a CIFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_append_cifs_files" lineno="1626">
<summary>
dontaudit Append files
on a CIFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_rw_cifs_files" lineno="1645">
<summary>
Do not audit attempts to read or
write files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_symlinks" lineno="1663">
<summary>
Read symbolic links on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_named_pipes" lineno="1683">
<summary>
Read named pipes
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_named_sockets" lineno="1702">
<summary>
Read named sockets
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_exec_cifs_files" lineno="1723">
<summary>
Execute files on a CIFS or SMB
network filesystem, in the caller
domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_cifs_dirs" lineno="1744">
<summary>
Create, read, write, and delete directories
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1764">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_files" lineno="1784">
<summary>
Create, read, write, and delete files
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_cifs_files" lineno="1804">
<summary>
Do not audit attempts to create, read,
write, and delete files
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_symlinks" lineno="1823">
<summary>
Create, read, write, and delete symbolic links
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_named_pipes" lineno="1842">
<summary>
Create, read, write, and delete named pipes
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_named_sockets" lineno="1861">
<summary>
Create, read, write, and delete named sockets
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_cifs_domtrans" lineno="1904">
<summary>
Execute a file on a CIFS or SMB filesystem
in the specified domain.
</summary>
<desc>
<p>
Execute a file on a CIFS or SMB filesystem
in the specified domain.  This allows
the specified domain to execute any file
on these filesystems in the specified
domain.  This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
home directories on CIFS/SMB filesystems,
in particular used by the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="fs_manage_configfs_dirs" lineno="1924">
<summary>
Create, read, write, and delete dirs
on a configfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_configfs_files" lineno="1943">
<summary>
Create, read, write, and delete files
on a configfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_dos_fs" lineno="1962">
<summary>
Mount a DOS filesystem, such as
FAT32 or NTFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_dos_fs" lineno="1982">
<summary>
Remount a DOS filesystem, such as
FAT32 or NTFS.  This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_dos_fs" lineno="2001">
<summary>
Unmount a DOS filesystem, such as
FAT32 or NTFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_dos_fs" lineno="2021">
<summary>
Get the attributes of a DOS
filesystem, such as FAT32 or NTFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_relabelfrom_dos_fs" lineno="2040">
<summary>
Allow changing of the label of a
DOS filesystem using the context= mount option.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_dos_dirs" lineno="2058">
<summary>
Get attributes of directories on a dosfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_dos" lineno="2076">
<summary>
Search dosfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_dos" lineno="2094">
<summary>
List dirs DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_dos_dirs" lineno="2113">
<summary>
Create, read, write, and delete dirs
on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_dos_files" lineno="2131">
<summary>
Read files on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mmap_read_dos_files" lineno="2149">
<summary>
Read and map files on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_dos_files" lineno="2169">
<summary>
Create, read, write, and delete files
on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_efivars" lineno="2187">
<summary>
List dirs in efivarfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_efivarfs_files" lineno="2207">
<summary>
Read files in efivarfs
- contains Linux Kernel configuration options for UEFI systems
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_efivarfs_files" lineno="2227">
<summary>
Create, read, write, and delete files
on a efivarfs filesystem.
- contains Linux Kernel configuration options for UEFI systems
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_fusefs" lineno="2245">
<summary>
stat a FUSE filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_fusefs" lineno="2263">
<summary>
Mount a FUSE filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_fusefs" lineno="2281">
<summary>
Unmount a FUSE filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mounton_fusefs" lineno="2299">
<summary>
Mounton a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_fusefs" lineno="2319">
<summary>
Search directories
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_list_fusefs" lineno="2338">
<summary>
Do not audit attempts to list the contents
of directories on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_fusefs_dirs" lineno="2358">
<summary>
Create, read, write, and delete directories
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="2378">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_fusefs_files" lineno="2397">
<summary>
Read, a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_exec_fusefs_files" lineno="2416">
<summary>
Execute files on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_fusefs_files" lineno="2436">
<summary>
Create, read, write, and delete files
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_fusefs_files" lineno="2456">
<summary>
Do not audit attempts to create,
read, write, and delete files
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_fusefs_symlinks" lineno="2474">
<summary>
Read symbolic links on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_hugetlbfs" lineno="2494">
<summary>
Get the attributes of an hugetlbfs
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_hugetlbfs" lineno="2512">
<summary>
List hugetlbfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_hugetlbfs_dirs" lineno="2530">
<summary>
Manage hugetlbfs dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_inherited_hugetlbfs_files" lineno="2548">
<summary>
Read and write inherited hugetlbfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_hugetlbfs_files" lineno="2566">
<summary>
Read and write hugetlbfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mmap_rw_hugetlbfs_files" lineno="2584">
<summary>
Read, map and write hugetlbfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_associate_hugetlbfs" lineno="2603">
<summary>
Allow the type to associate to hugetlbfs filesystems.
</summary>
<param name="type">
<summary>
The type of the object to be associated.
</summary>
</param>
</interface>
<interface name="fs_search_inotifyfs" lineno="2621">
<summary>
Search inotifyfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_inotifyfs" lineno="2639">
<summary>
List inotifyfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_inotifyfs" lineno="2657">
<summary>
Dontaudit List inotifyfs filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_hugetlbfs_filetrans" lineno="2691">
<summary>
Create an object in a hugetlbfs filesystem, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="fs_mount_iso9660_fs" lineno="2711">
<summary>
Mount an iso9660 filesystem, which
is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_iso9660_fs" lineno="2731">
<summary>
Remount an iso9660 filesystem, which
is usually used on CDs.  This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_iso9660_fs" lineno="2750">
<summary>
Allow changing of the label of a
filesystem with iso9660 type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_iso9660_fs" lineno="2769">
<summary>
Unmount an iso9660 filesystem, which
is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_iso9660_fs" lineno="2789">
<summary>
Get the attributes of an iso9660
filesystem, which is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_getattr_iso9660_files" lineno="2808">
<summary>
Get the attributes of files on an iso9660
filesystem, which is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_iso9660_files" lineno="2828">
<summary>
Read files on an iso9660 filesystem, which
is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_nfs" lineno="2848">
<summary>
Mount a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_nfs" lineno="2867">
<summary>
Remount a NFS filesystem.  This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_nfs" lineno="2885">
<summary>
Unmount a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_nfs" lineno="2904">
<summary>
Get the attributes of a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_search_nfs" lineno="2922">
<summary>
Search directories on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_nfs" lineno="2940">
<summary>
List NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_nfs" lineno="2959">
<summary>
Do not audit attempts to list the contents
of directories on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mounton_nfs" lineno="2977">
<summary>
Mounton a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_files" lineno="2996">
<summary>
Read files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_read_nfs_files" lineno="3016">
<summary>
Do not audit attempts to read
files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_write_nfs_files" lineno="3034">
<summary>
Read files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_exec_nfs_files" lineno="3054">
<summary>
Execute files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_append_nfs_files" lineno="3075">
<summary>
Append files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_append_nfs_files" lineno="3095">
<summary>
dontaudit Append files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_rw_nfs_files" lineno="3114">
<summary>
Do not audit attempts to read or
write files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_symlinks" lineno="3132">
<summary>
Read symbolic links on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_nfs_symlinks" lineno="3151">
<summary>
Dontaudit read symbolic links on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_named_sockets" lineno="3169">
<summary>
Read named sockets on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_named_pipes" lineno="3188">
<summary>
Read named pipes on a NFS network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_getattr_rpc_dirs" lineno="3207">
<summary>
Get the attributes of directories of RPC
file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_rpc" lineno="3226">
<summary>
Search directories of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_removable" lineno="3244">
<summary>
Search removable storage directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_removable" lineno="3262">
<summary>
Do not audit attempts to list removable storage directories.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="fs_read_removable_files" lineno="3280">
<summary>
Read removable storage files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_removable_files" lineno="3298">
<summary>
Do not audit attempts to read removable storage files.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_removable_files" lineno="3316">
<summary>
Do not audit attempts to write removable storage files.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="fs_read_removable_symlinks" lineno="3334">
<summary>
Read removable storage symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_removable_blk_files" lineno="3352">
<summary>
Read block nodes on removable filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_removable_blk_files" lineno="3371">
<summary>
Read and write block nodes on removable filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_rpc" lineno="3390">
<summary>
Read directories of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_rpc_files" lineno="3408">
<summary>
Read files of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_rpc_symlinks" lineno="3426">
<summary>
Read symbolic links of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_rpc_sockets" lineno="3444">
<summary>
Read sockets of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_rpc_sockets" lineno="3462">
<summary>
Read and write sockets of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_nfs_dirs" lineno="3482">
<summary>
Create, read, write, and delete directories
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_nfs_dirs" lineno="3502">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_nfs_files" lineno="3522">
<summary>
Create, read, write, and delete files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_nfs_files" lineno="3542">
<summary>
Do not audit attempts to create,
read, write, and delete files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_nfs_symlinks" lineno="3562">
<summary>
Create, read, write, and delete symbolic links
on a NFS network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_nfs_named_pipes" lineno="3581">
<summary>
Create, read, write, and delete named pipes
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_nfs_named_sockets" lineno="3600">
<summary>
Create, read, write, and delete named sockets
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_nfs_domtrans" lineno="3643">
<summary>
Execute a file on a NFS filesystem
in the specified domain.
</summary>
<desc>
<p>
Execute a file on a NFS filesystem
in the specified domain.  This allows
the specified domain to execute any file
on a NFS filesystem in the specified
domain.  This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
home directories on NFS filesystems,
in particular used by the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="fs_mount_nfsd_fs" lineno="3662">
<summary>
Mount a NFS server pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_nfsd_fs" lineno="3681">
<summary>
Mount a NFS server pseudo filesystem.
This allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_nfsd_fs" lineno="3699">
<summary>
Unmount a NFS server pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_nfsd_fs" lineno="3718">
<summary>
Get the attributes of a NFS server
pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_nfsd_fs" lineno="3736">
<summary>
Search NFS server directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_nfsd_fs" lineno="3754">
<summary>
List NFS server directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_nfsd_files" lineno="3772">
<summary>
Getattr files on an nfsd filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_nfsd_fs" lineno="3790">
<summary>
Read and write NFS server files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nsfs_files" lineno="3808">
<summary>
Read nsfs inodes (e.g. /proc/pid/ns/uts)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_nsfs" lineno="3826">
<summary>
Unmount an nsfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_pstorefs" lineno="3844">
<summary>
Get the attributes of a pstore filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_pstore_dirs" lineno="3863">
<summary>
Get the attributes of directories
of a pstore filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_pstore_dirs" lineno="3882">
<summary>
Relabel to/from pstore_t directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_pstore_dirs" lineno="3901">
<summary>
List the directories
of a pstore filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_pstore_files" lineno="3920">
<summary>
Read pstore_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_delete_pstore_files" lineno="3939">
<summary>
Delete the files
of a pstore filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_associate_ramfs" lineno="3958">
<summary>
Allow the type to associate to ramfs filesystems.
</summary>
<param name="type">
<summary>
The type of the object to be associated.
</summary>
</param>
</interface>
<interface name="fs_mount_ramfs" lineno="3976">
<summary>
Mount a RAM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_ramfs" lineno="3995">
<summary>
Remount a RAM filesystem.  This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_ramfs" lineno="4013">
<summary>
Unmount a RAM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_ramfs" lineno="4031">
<summary>
Get the attributes of a RAM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_ramfs" lineno="4049">
<summary>
Search directories on a ramfs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_search_ramfs" lineno="4067">
<summary>
Dontaudit Search directories on a ramfs
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_dirs" lineno="4086">
<summary>
Create, read, write, and delete
directories on a ramfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_ramfs_files" lineno="4104">
<summary>
Dontaudit read on a ramfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_ramfs_pipes" lineno="4122">
<summary>
Dontaudit read on a ramfs fifo_files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_files" lineno="4141">
<summary>
Create, read, write, and delete
files on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_write_ramfs_pipes" lineno="4159">
<summary>
Write to named pipe on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_ramfs_pipes" lineno="4178">
<summary>
Do not audit attempts to write to named
pipes on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_rw_ramfs_pipes" lineno="4196">
<summary>
Read and write a named pipe on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_pipes" lineno="4215">
<summary>
Create, read, write, and delete
named pipes on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_write_ramfs_sockets" lineno="4233">
<summary>
Write to named socket on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_sockets" lineno="4252">
<summary>
Create, read, write, and delete
named sockets on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_romfs" lineno="4270">
<summary>
Mount a ROM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_romfs" lineno="4289">
<summary>
Remount a ROM filesystem.  This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_romfs" lineno="4307">
<summary>
Unmount a ROM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_romfs" lineno="4326">
<summary>
Get the attributes of a ROM
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_rpc_pipefs" lineno="4344">
<summary>
Mount a RPC pipe filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_rpc_pipefs" lineno="4363">
<summary>
Remount a RPC pipe filesystem.  This
allows some mount option to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_rpc_pipefs" lineno="4381">
<summary>
Unmount a RPC pipe filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_rpc_pipefs" lineno="4400">
<summary>
Get the attributes of a RPC pipe
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_watch_rpc_pipefs_dir" lineno="4418">
<summary>
Watch a rpc pipefs dir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_rpc_named_pipes" lineno="4436">
<summary>
Read and write RPC pipe filesystem named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_tmpfs" lineno="4454">
<summary>
Mount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_tmpfs" lineno="4472">
<summary>
Remount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_tmpfs" lineno="4490">
<summary>
Unmount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_tmpfs" lineno="4510">
<summary>
Get the attributes of a tmpfs
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_associate_tmpfs" lineno="4528">
<summary>
Allow the type to associate to tmpfs filesystems.
</summary>
<param name="type">
<summary>
The type of the object to be associated.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_tmpfs" lineno="4546">
<summary>
Relabel from tmpfs filesystem.
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_tmpfs_dirs" lineno="4564">
<summary>
Get the attributes of tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="4583">
<summary>
Do not audit attempts to get the attributes
of tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mounton_tmpfs" lineno="4601">
<summary>
Mount on tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mounton_tmpfs_files" lineno="4619">
<summary>
Mount on tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_setattr_tmpfs_dirs" lineno="4637">
<summary>
Set the attributes of tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_tmpfs" lineno="4655">
<summary>
Search tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_tmpfs" lineno="4673">
<summary>
List the contents of generic tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_tmpfs" lineno="4692">
<summary>
Do not audit attempts to list the
contents of generic tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_dirs" lineno="4711">
<summary>
Create, read, write, and delete
tmpfs directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_tmpfs_dirs" lineno="4730">
<summary>
Do not audit attempts to write
tmpfs directories
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_tmpfs_dirs" lineno="4748">
<summary>
Relabel from tmpfs_t dir
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_dirs" lineno="4766">
<summary>
Relabel directory on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_tmpfs_filetrans" lineno="4799">
<summary>
Create an object in a tmpfs filesystem, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="4819">
<summary>
Do not audit attempts to getattr
generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_tmpfs_files" lineno="4838">
<summary>
Do not audit attempts to read or write
generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_delete_tmpfs_symlinks" lineno="4856">
<summary>
Delete tmpfs symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_auto_mountpoints" lineno="4875">
<summary>
Create, read, write, and delete
auto moutpoints.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_tmpfs_files" lineno="4893">
<summary>
Read generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_tmpfs_files" lineno="4911">
<summary>
Read and write generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_files" lineno="4929">
<summary>
Relabel files on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_tmpfs_symlinks" lineno="4947">
<summary>
Read tmpfs link files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_tmpfs_sockets" lineno="4965">
<summary>
Relabelfrom socket files on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_tmpfs_symlinks" lineno="4983">
<summary>
Relabelfrom tmpfs link files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_tmpfs_chr_files" lineno="5001">
<summary>
Read and write character nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="5020">
<summary>
dontaudit Read and write character nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_chr_files" lineno="5039">
<summary>
Relabel character nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_chr_file" lineno="5058">
<summary>
Relabel character nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_tmpfs_blk_files" lineno="5073">
<summary>
Read and write block nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_blk_files" lineno="5092">
<summary>
Relabel block nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_blk_file" lineno="5111">
<summary>
Relabel block nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_fifo_files" lineno="5126">
<summary>
Relabel named pipes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_files" lineno="5146">
<summary>
Read and write, create and delete generic
files on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_symlinks" lineno="5165">
<summary>
Read and write, create and delete symbolic
links on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_sockets" lineno="5184">
<summary>
Read and write, create and delete socket
files on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_chr_files" lineno="5203">
<summary>
Read and write, create and delete character
nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_blk_files" lineno="5222">
<summary>
Read and write, create and delete block nodes
on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_tracefs" lineno="5240">
<summary>
Get the attributes of a trace filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_tracefs_dirs" lineno="5258">
<summary>
Get attributes of dirs on tracefs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_tracefs" lineno="5276">
<summary>
search directories on a tracefs filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_tracefs_files" lineno="5295">
<summary>
Get the attributes of files
on a trace filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_write_tracefs_files" lineno="5313">
<summary>
Read/write trace filesystem files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_xenfs" lineno="5332">
<summary>
Mount a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_xenfs" lineno="5350">
<summary>
Search the XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_xenfs_dirs" lineno="5370">
<summary>
Create, read, write, and delete directories
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="5390">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_xenfs_files" lineno="5410">
<summary>
Create, read, write, and delete files
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_mmap_xenfs_files" lineno="5428">
<summary>
Map files a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_manage_xenfs_files" lineno="5448">
<summary>
Do not audit attempts to create,
read, write, and delete files
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mount_all_fs" lineno="5466">
<summary>
Mount all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_all_fs" lineno="5485">
<summary>
Remount all filesystems.  This
allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_all_fs" lineno="5503">
<summary>
Unmount all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_fs" lineno="5535">
<summary>
Get the attributes of all filesystems.
</summary>
<desc>
<p>
Allow the specified domain to
get the attributes of all filesystems.
Example attributes:
</p>
<ul>
<li>Type of the file system (e.g., ext3)</li>
<li>Size of the file system</li>
<li>Available space on the file system</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
<rolecap/>
</interface>
<interface name="fs_dontaudit_getattr_all_fs" lineno="5555">
<summary>
Do not audit attempts to get the attributes
all filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_get_all_fs_quotas" lineno="5574">
<summary>
Get the quotas of all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_set_all_quotas" lineno="5593">
<summary>
Set the quotas of all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_relabelfrom_all_fs" lineno="5611">
<summary>
Relabelfrom all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_dirs" lineno="5630">
<summary>
Get the attributes of all directories
with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_all" lineno="5648">
<summary>
Search all directories with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_all" lineno="5666">
<summary>
List all directories with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_files" lineno="5685">
<summary>
Get the attributes of all files with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_files" lineno="5704">
<summary>
Do not audit attempts to get the attributes
of all files with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_symlinks" lineno="5723">
<summary>
Get the attributes of all symbolic links with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_symlinks" lineno="5742">
<summary>
Do not audit attempts to get the attributes
of all symbolic links with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_pipes" lineno="5761">
<summary>
Get the attributes of all named pipes with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_pipes" lineno="5780">
<summary>
Do not audit attempts to get the attributes
of all named pipes with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_sockets" lineno="5799">
<summary>
Get the attributes of all named sockets with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_sockets" lineno="5818">
<summary>
Do not audit attempts to get the attributes
of all named sockets with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_blk_files" lineno="5837">
<summary>
Get the attributes of all block device nodes with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_chr_files" lineno="5856">
<summary>
Get the attributes of all character device nodes with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unconfined" lineno="5874">
<summary>
Unconfined access to filesystems
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_bpf" lineno="5892">
<summary>
Search bpf dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="kernel" filename="policy/modules/kernel/kernel.if">
<summary>
Policy for kernel threads, proc filesystem,
and unlabeled processes and objects.
</summary>
<required val="true">
This module has initial SIDs.
</required>
<interface name="kernel_dyntrans_to" lineno="20">
<summary>
Allows the kernel to start userland processes
by dynamic transitions to the specified domain.
</summary>
<param name="domain">
<summary>
The process type entered by the kernel.
</summary>
</param>
</interface>
<interface name="kernel_domtrans_to" lineno="46">
<summary>
Allows to start userland processes
by transitioning to the specified domain.
</summary>
<param name="domain">
<summary>
The process type entered by kernel.
</summary>
</param>
<param name="entrypoint">
<summary>
The executable type for the entrypoint.
</summary>
</param>
</interface>
<interface name="kernel_ranged_domtrans_to" lineno="76">
<summary>
Allows to start userland processes
by transitioning to the specified domain,
with a range transition.
</summary>
<param name="domain">
<summary>
The process type entered by kernel.
</summary>
</param>
<param name="entrypoint">
<summary>
The executable type for the entrypoint.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
</interface>
<interface name="kernel_rootfs_mountpoint" lineno="104">
<summary>
Allows the kernel to mount filesystems on
the specified directory type.
</summary>
<param name="directory_type">
<summary>
The type of the directory to use as a mountpoint.
</summary>
</param>
</interface>
<interface name="kernel_setpgid" lineno="122">
<summary>
Set the process group of kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_setsched" lineno="140">
<summary>
Set the priority of kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sigchld" lineno="158">
<summary>
Send a SIGCHLD signal to kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_kill" lineno="176">
<summary>
Send a kill signal to kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_signal" lineno="194">
<summary>
Send a generic signal to kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_share_state" lineno="213">
<summary>
Allows the kernel to share state information with
the caller.
</summary>
<param name="domain">
<summary>
The type of the process with which to share state information.
</summary>
</param>
</interface>
<interface name="kernel_use_fds" lineno="231">
<summary>
Permits caller to use kernel file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_use_fds" lineno="250">
<summary>
Do not audit attempts to use
kernel file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_pipes" lineno="268">
<summary>
Read and write kernel unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_stream_sockets" lineno="287">
<summary>
Read/write to kernel using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_stream_connect" lineno="306">
<summary>
Connect to kernel using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_dgram_sockets" lineno="324">
<summary>
Getattr on kernel unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unix_dgram_sockets" lineno="342">
<summary>
Read and write kernel unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dgram_send" lineno="360">
<summary>
Send messages to kernel unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_netlink_audit_sockets" lineno="378">
<summary>
Send messages to kernel netlink audit sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_load_module" lineno="396">
<summary>
Allows caller to load kernel modules
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_search_key" lineno="414">
<summary>
Allow search the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_key" lineno="432">
<summary>
dontaudit search the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_link_key" lineno="450">
<summary>
Allow link to the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_link_key" lineno="468">
<summary>
dontaudit link to the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_view_key" lineno="486">
<summary>
Allow view the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_view_key" lineno="504">
<summary>
dontaudit view the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_write_key" lineno="522">
<summary>
allow write access to the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain to allow.
</summary>
</param>
</interface>
<interface name="kernel_read_ring_buffer" lineno="541">
<summary>
Allows caller to read the ring buffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_read_ring_buffer" lineno="560">
<summary>
Do not audit attempts to read the ring buffer.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_change_ring_buffer_level" lineno="579">
<summary>
Change the level of kernel messages logged to the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_clear_ring_buffer" lineno="599">
<summary>
Allows the caller to clear the ring buffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_request_load_module" lineno="631">
<summary>
Allows caller to request the kernel to load a module
</summary>
<desc>
<p>
Allow the specified domain to request that the kernel
load a kernel module.  An example of this is the
auto-loading of network drivers when doing an
ioctl() on a network interface.
</p>
<p>
In the specific case of a module loading request
on a network interface, the domain will also
need the net_admin capability.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_request_load_module" lineno="649">
<summary>
Do not audit requests to the kernel to load a module.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_get_sysvipc_info" lineno="667">
<summary>
Get information on all System V IPC objects.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_debugfs" lineno="685">
<summary>
Get the attributes of a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mount_debugfs" lineno="703">
<summary>
Mount a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_unmount_debugfs" lineno="721">
<summary>
Unmount a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_remount_debugfs" lineno="739">
<summary>
Remount a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_search_debugfs" lineno="757">
<summary>
Search the contents of a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_debugfs" lineno="775">
<summary>
Do not audit attempts to search the kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_debugfs" lineno="793">
<summary>
Read information from the debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_write_debugfs_dirs" lineno="813">
<summary>
Do not audit attempts to write kernel debugging filesystem dirs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_manage_debugfs" lineno="831">
<summary>
Manage information from the debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mount_kvmfs" lineno="851">
<summary>
Mount a kernel VM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mount_proc" lineno="869">
<summary>
mount the proc filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_remount_proc" lineno="887">
<summary>
remount the proc filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_unmount_proc" lineno="905">
<summary>
Unmount the proc filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_proc" lineno="923">
<summary>
Get the attributes of the proc filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_proc" lineno="941">
<summary>
Do not audit attempts to get the attributes of the proc filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_mounton_proc" lineno="960">
<summary>
Mount on proc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_setattr_proc_dirs" lineno="979">
<summary>
Do not audit attempts to set the
attributes of directories in /proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_search_proc" lineno="997">
<summary>
Search directories in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_list_proc" lineno="1015">
<summary>
List the contents of directories in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_list_proc" lineno="1034">
<summary>
Do not audit attempts to list the
contents of directories in /proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_write_proc_dirs" lineno="1053">
<summary>
Do not audit attempts to write the
directories in /proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_mounton_proc_dirs" lineno="1071">
<summary>
Mount the directories in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_proc_files" lineno="1089">
<summary>
Get the attributes of files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_proc_symlinks" lineno="1116">
<summary>
Read generic symbolic links in /proc.
</summary>
<desc>
<p>
Allow the specified domain to read (follow) generic
symbolic links (symlinks) in the proc filesystem (/proc).
This interface does not include access to the targets of
these links.  An example symlink is /proc/self.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="kernel_read_system_state" lineno="1155">
<summary>
Allows caller to read system state information in /proc.
</summary>
<desc>
<p>
Allow the specified domain to read general system
state information from the proc filesystem (/proc).
</p>
<p>
Generally it should be safe to allow this access.  Some
example files that can be read based on this interface:
</p>
<ul>
<li>/proc/cpuinfo</li>
<li>/proc/meminfo</li>
<li>/proc/uptime</li>
</ul>
<p>
This does not allow access to sysctl entries (/proc/sys/*)
nor process state information (/proc/pid).
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
<rolecap/>
</interface>
<interface name="kernel_write_proc_files" lineno="1181">
<summary>
Write to generic proc entries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_read_system_state" lineno="1200">
<summary>
Do not audit attempts by caller to
read system state information in proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_read_proc_symlinks" lineno="1219">
<summary>
Do not audit attempts by caller to
read symbolic links in proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_afs_state" lineno="1238">
<summary>
Allow caller to read and write state information for AFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_software_raid_state" lineno="1258">
<summary>
Allow caller to read the state information for software raid.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_software_raid_state" lineno="1278">
<summary>
Allow caller to read and set the state information for software raid.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_core_if" lineno="1298">
<summary>
Allows caller to get attributes of core kernel interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_core_if" lineno="1319">
<summary>
Do not audit attempts to get the attributes of
core kernel interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_core_if" lineno="1337">
<summary>
Allows caller to read the core kernel interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_messages" lineno="1361">
<summary>
Allow caller to read kernel messages
using the /proc/kmsg interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_message_if" lineno="1383">
<summary>
Allow caller to get the attributes of kernel message
interface (/proc/kmsg).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_message_if" lineno="1402">
<summary>
Do not audit attempts by caller to get the attributes of kernel
message interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_mounton_message_if" lineno="1421">
<summary>
Mount on kernel message interfaces files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_search_network_state" lineno="1442">
<summary>
Do not audit attempts to search the network
state directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>

</interface>
<interface name="kernel_search_network_state" lineno="1461">
<summary>
Allow searching of network state directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_read_network_state" lineno="1491">
<summary>
Read the network state information.
</summary>
<desc>
<p>
Allow the specified domain to read the networking
state information. This includes several pieces
of networking information, such as network interface
names, netfilter (iptables) statistics, protocol
information, routes, and remote procedure call (RPC)
information.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
<rolecap/>
</interface>
<interface name="kernel_read_network_state_symlinks" lineno="1512">
<summary>
Allow caller to read the network state symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_search_xen_state" lineno="1533">
<summary>
Allow searching of xen state directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_dontaudit_search_xen_state" lineno="1553">
<summary>
Do not audit attempts to search the xen
state directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>

</interface>
<interface name="kernel_read_xen_state" lineno="1572">
<summary>
Allow caller to read the xen state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_read_xen_state_symlinks" lineno="1594">
<summary>
Allow caller to read the xen state symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_write_xen_state" lineno="1615">
<summary>
Allow caller to write xen state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_list_all_proc" lineno="1633">
<summary>
Allow attempts to list all proc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_list_all_proc" lineno="1652">
<summary>
Do not audit attempts to list all proc directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_sysctl" lineno="1673">
<summary>
Do not audit attempts by caller to search
the base directory of sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>

</interface>
<interface name="kernel_mounton_sysctl_dirs" lineno="1692">
<summary>
Mount on sysctl_t dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_sysctl" lineno="1712">
<summary>
Allow access to read sysctl directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="kernel_mounton_sysctl_files" lineno="1732">
<summary>
Mount on sysctl files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_device_sysctls" lineno="1752">
<summary>
Allow caller to read the device sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_device_sysctls" lineno="1773">
<summary>
Read and write device sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_search_vm_sysctl" lineno="1793">
<summary>
Allow caller to search virtual memory sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_vm_sysctls" lineno="1812">
<summary>
Allow caller to read virtual memory sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_vm_sysctls" lineno="1833">
<summary>
Read and write virtual memory sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_search_network_sysctl" lineno="1855">
<summary>
Search network sysctl directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_network_sysctl" lineno="1873">
<summary>
Do not audit attempts by caller to search network sysctl directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_net_sysctls" lineno="1892">
<summary>
Allow caller to read network sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_net_sysctls" lineno="1913">
<summary>
Allow caller to modiry contents of sysctl network files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_unix_sysctls" lineno="1935">
<summary>
Allow caller to read unix domain
socket sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_unix_sysctls" lineno="1957">
<summary>
Read and write unix domain
socket sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_hotplug_sysctls" lineno="1978">
<summary>
Read the hotplug sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_hotplug_sysctls" lineno="1999">
<summary>
Read and write the hotplug sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_modprobe_sysctls" lineno="2020">
<summary>
Read the modprobe sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_modprobe_sysctls" lineno="2041">
<summary>
Read and write the modprobe sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_search_kernel_sysctl" lineno="2061">
<summary>
Do not audit attempts to search generic kernel sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_read_kernel_sysctl" lineno="2079">
<summary>
Do not audit attempted reading of kernel sysctls
</summary>
<param name="domain">
<summary>
Domain to not audit accesses from
</summary>
</param>
</interface>
<interface name="kernel_read_crypto_sysctls" lineno="2097">
<summary>
Read generic crypto sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_kernel_sysctls" lineno="2138">
<summary>
Read general kernel sysctls.
</summary>
<desc>
<p>
Allow the specified domain to read general
kernel sysctl settings. These settings are typically
read using the sysctl program.  The settings
that are included by this interface are prefixed
with "kernel.", for example, kernel.sysrq.
</p>
<p>
This does not include access to the hotplug
handler setting (kernel.hotplug)
nor the module installer handler setting
(kernel.modprobe).
</p>
<p>
Related interfaces:
</p>
<ul>
<li>kernel_rw_kernel_sysctl()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="kernel_dontaudit_write_kernel_sysctl" lineno="2158">
<summary>
Do not audit attempts to write generic kernel sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_kernel_sysctl" lineno="2177">
<summary>
Read and write generic kernel sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_mounton_kernel_sysctl_files" lineno="2198">
<summary>
Mount on kernel sysctl files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_kernel_ns_lastpid_sysctls" lineno="2218">
<summary>
Read kernel ns lastpid sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_write_kernel_ns_lastpid_sysctl" lineno="2238">
<summary>
Do not audit attempts to write kernel ns lastpid sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_kernel_ns_lastpid_sysctl" lineno="2257">
<summary>
Read and write kernel ns lastpid sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_search_fs_sysctls" lineno="2278">
<summary>
Search filesystem sysctl directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_fs_sysctls" lineno="2297">
<summary>
Read filesystem sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_fs_sysctls" lineno="2318">
<summary>
Read and write filesystem sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_irq_sysctls" lineno="2339">
<summary>
Read IRQ sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_irq_sysctls" lineno="2360">
<summary>
Read and write IRQ sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_rpc_sysctls" lineno="2381">
<summary>
Read RPC sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_rpc_sysctls" lineno="2402">
<summary>
Read and write RPC sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_list_all_sysctls" lineno="2422">
<summary>
Do not audit attempts to list all sysctl directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_all_sysctls" lineno="2442">
<summary>
Allow caller to read all sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_all_sysctls" lineno="2465">
<summary>
Read and write all sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_associate_proc" lineno="2490">
<summary>
Associate a file to proc_t (/proc)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_kill_unlabeled" lineno="2507">
<summary>
Send a kill signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mount_unlabeled" lineno="2525">
<summary>
Mount a kernel unlabeled filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_unmount_unlabeled" lineno="2543">
<summary>
Unmount a kernel unlabeled filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_signal_unlabeled" lineno="2561">
<summary>
Send general signals to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_signull_unlabeled" lineno="2579">
<summary>
Send a null signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sigstop_unlabeled" lineno="2597">
<summary>
Send a stop signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sigchld_unlabeled" lineno="2615">
<summary>
Send a child terminated signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_unlabeled_dirs" lineno="2633">
<summary>
Get the attributes of unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_unlabeled" lineno="2651">
<summary>
Do not audit attempts to search unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_list_unlabeled" lineno="2669">
<summary>
List unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_unlabeled_state" lineno="2687">
<summary>
Read the process state (/proc/pid) of all unlabeled_t.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_list_unlabeled" lineno="2707">
<summary>
Do not audit attempts to list unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_dirs" lineno="2725">
<summary>
Read and write unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_delete_unlabeled_dirs" lineno="2743">
<summary>
Delete unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_manage_unlabeled_dirs" lineno="2761">
<summary>
Create, read, write, and delete unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mounton_unlabeled_dirs" lineno="2779">
<summary>
Mount a filesystem on an unlabeled directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_unlabeled_files" lineno="2797">
<summary>
Read unlabeled files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_files" lineno="2815">
<summary>
Read and write unlabeled files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_delete_unlabeled_files" lineno="2833">
<summary>
Delete unlabeled files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_manage_unlabeled_files" lineno="2851">
<summary>
Create, read, write, and delete unlabeled files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_files" lineno="2870">
<summary>
Do not audit attempts by caller to get the
attributes of an unlabeled file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_read_unlabeled_files" lineno="2889">
<summary>
Do not audit attempts by caller to
read an unlabeled file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_delete_unlabeled_symlinks" lineno="2907">
<summary>
Delete unlabeled symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_manage_unlabeled_symlinks" lineno="2925">
<summary>
Create, read, write, and delete unlabeled symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_symlinks" lineno="2944">
<summary>
Do not audit attempts by caller to get the
attributes of unlabeled symbolic links.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_pipes" lineno="2963">
<summary>
Do not audit attempts by caller to get the
attributes of unlabeled named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_sockets" lineno="2982">
<summary>
Do not audit attempts by caller to get the
attributes of unlabeled named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_blk_files" lineno="3001">
<summary>
Do not audit attempts by caller to get attributes for
unlabeled block devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_blk_files" lineno="3019">
<summary>
Read and write unlabeled block device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_delete_unlabeled_blk_files" lineno="3037">
<summary>
Delete unlabeled block device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_manage_unlabeled_blk_files" lineno="3055">
<summary>
Create, read, write, and delete unlabeled block device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_chr_files" lineno="3074">
<summary>
Do not audit attempts by caller to get attributes for
unlabeled character devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_write_unlabeled_chr_files" lineno="3093">
<summary>
Do not audit attempts to
write unlabeled character devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_delete_unlabeled_chr_files" lineno="3111">
<summary>
Delete unlabeled character device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_manage_unlabeled_chr_files" lineno="3130">
<summary>
Create, read, write, and delete unlabeled character device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_dirs" lineno="3148">
<summary>
Allow caller to relabel unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_files" lineno="3166">
<summary>
Allow caller to relabel unlabeled files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_symlinks" lineno="3185">
<summary>
Allow caller to relabel unlabeled symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_pipes" lineno="3204">
<summary>
Allow caller to relabel unlabeled named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_delete_unlabeled_pipes" lineno="3223">
<summary>
Delete unlabeled named pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_sockets" lineno="3241">
<summary>
Allow caller to relabel unlabeled named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_delete_unlabeled_sockets" lineno="3260">
<summary>
Delete unlabeled named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_blk_devs" lineno="3278">
<summary>
Allow caller to relabel from unlabeled block devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_chr_devs" lineno="3296">
<summary>
Allow caller to relabel from unlabeled character devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sendrecv_unlabeled_association" lineno="3329">
<summary>
Send and receive messages from an
unlabeled IPSEC association.
</summary>
<desc>
<p>
Send and receive messages from an
unlabeled IPSEC association.  Network
connections that are not protected
by IPSEC have use an unlabeled
association.
</p>
<p>
The corenetwork interface
corenet_non_ipsec_sendrecv() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_sendrecv_unlabeled_association" lineno="3362">
<summary>
Do not audit attempts to send and receive messages
from an	unlabeled IPSEC association.
</summary>
<desc>
<p>
Do not audit attempts to send and receive messages
from an	unlabeled IPSEC association.  Network
connections that are not protected
by IPSEC have use an unlabeled
association.
</p>
<p>
The corenetwork interface
corenet_dontaudit_non_ipsec_sendrecv() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_tcp_recvfrom_unlabeled" lineno="3389">
<summary>
Receive TCP packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive TCP packets from an unlabeled connection.
</p>
<p>
The corenetwork interface corenet_tcp_recv_unlabeled() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_tcp_recvfrom_unlabeled" lineno="3418">
<summary>
Do not audit attempts to receive TCP packets from an unlabeled
connection.
</summary>
<desc>
<p>
Do not audit attempts to receive TCP packets from an unlabeled
connection.
</p>
<p>
The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_udp_recvfrom_unlabeled" lineno="3445">
<summary>
Receive UDP packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive UDP packets from an unlabeled connection.
</p>
<p>
The corenetwork interface corenet_udp_recv_unlabeled() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_udp_recvfrom_unlabeled" lineno="3474">
<summary>
Do not audit attempts to receive UDP packets from an unlabeled
connection.
</summary>
<desc>
<p>
Do not audit attempts to receive UDP packets from an unlabeled
connection.
</p>
<p>
The corenetwork interface corenet_dontaudit_udp_recv_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_raw_recvfrom_unlabeled" lineno="3501">
<summary>
Receive Raw IP packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive Raw IP packets from an unlabeled connection.
</p>
<p>
The corenetwork interface corenet_raw_recv_unlabeled() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_raw_recvfrom_unlabeled" lineno="3530">
<summary>
Do not audit attempts to receive Raw IP packets from an unlabeled
connection.
</summary>
<desc>
<p>
Do not audit attempts to receive Raw IP packets from an unlabeled
connection.
</p>
<p>
The corenetwork interface corenet_dontaudit_raw_recv_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_sendrecv_unlabeled_packets" lineno="3560">
<summary>
Send and receive unlabeled packets.
</summary>
<desc>
<p>
Send and receive unlabeled packets.
These packets do not match any netfilter
SECMARK rules.
</p>
<p>
The corenetwork interface
corenet_sendrecv_unlabeled_packets() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_recvfrom_unlabeled_peer" lineno="3588">
<summary>
Receive packets from an unlabeled peer.
</summary>
<desc>
<p>
Receive packets from an unlabeled peer, these packets do not have any
peer labeling information present.
</p>
<p>
The corenetwork interface corenet_recvfrom_unlabeled_peer() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_recvfrom_unlabeled_peer" lineno="3616">
<summary>
Do not audit attempts to receive packets from an unlabeled peer.
</summary>
<desc>
<p>
Do not audit attempts to receive packets from an unlabeled peer,
these packets do not have any peer labeling information present.
</p>
<p>
The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_database" lineno="3634">
<summary>
Relabel from unlabeled database objects.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_unconfined" lineno="3671">
<summary>
Unconfined access to kernel module resources.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_vm_overcommit_sysctl" lineno="3691">
<summary>
Read virtual memory overcommit sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_vm_overcommit_sysctl" lineno="3711">
<summary>
Read and write virtual memory overcommit sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_ib_access_unlabeled_pkeys" lineno="3730">
<summary>
Access unlabeled infiniband pkeys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_ib_manage_subnet_unlabeled_endports" lineno="3748">
<summary>
Manage subnet on unlabeled Infiniband endports.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<bool name="secure_mode_insmod" dftval="false">
<desc>
<p>
Disable kernel module loading.
</p>
</desc>
</bool>
</module>
<module name="mcs" filename="policy/modules/kernel/mcs.if">
<summary>Multicategory security policy</summary>
<required val="true">
Contains attributes used in MCS policy.
</required>
<interface name="mcs_constrained" lineno="26">
<summary>
Constrain by category access control (MCS).
</summary>
<desc>
<p>
Constrain the specified type by category based
access control (MCS) This prevents this domain from
interacting with subjects and operating on objects
that it otherwise would be able to interact
with or operate on respectively.
</p>
</desc>
<param name="domain">
<summary>
Type to be constrained by MCS.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="mcs_file_read_all" lineno="46">
<summary>
This domain is allowed to read files and directories
regardless of their MCS category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mcs_file_write_all" lineno="66">
<summary>
This domain is allowed to write files and directories
regardless of their MCS category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mcs_killall" lineno="86">
<summary>
This domain is allowed to sigkill and sigstop
all domains regardless of their MCS category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mcs_ptrace_all" lineno="106">
<summary>
This domain is allowed to ptrace
all domains regardless of their MCS
category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="mcs_process_set_categories" lineno="126">
<summary>
Make specified domain MCS trusted
for setting any category set for
the processes it executes.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
</module>
<module name="mls" filename="policy/modules/kernel/mls.if">
<summary>Multilevel security policy</summary>
<desc>
<p>
This module contains interfaces for handling multilevel
security.  The interfaces allow the specified subjects
and objects to be allowed certain privileges in the
MLS rules.
</p>
</desc>
<required val="true">
Contains attributes used in MLS policy.
</required>
<interface name="mls_file_read_to_clearance" lineno="26">
<summary>
Make specified domain MLS trusted
for reading from files up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_read_all_levels" lineno="46">
<summary>
Make specified domain MLS trusted
for reading from files at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_write_to_clearance" lineno="66">
<summary>
Make specified domain MLS trusted
for write to files up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_write_all_levels" lineno="86">
<summary>
Make specified domain MLS trusted
for writing to files at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_relabel_to_clearance" lineno="106">
<summary>
Make specified domain MLS trusted
for relabelto to files up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_relabel" lineno="126">
<summary>
Make specified domain MLS trusted
for relabelto to files at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_upgrade" lineno="146">
<summary>
Make specified domain MLS trusted
for raising the level of files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_downgrade" lineno="166">
<summary>
Make specified domain MLS trusted
for lowering the level of files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_write_within_range" lineno="188">
<summary>
Make specified domain trusted to
be written to within its MLS range.
The subject's MLS range must be a
proper subset of the object's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_read_all_levels" lineno="208">
<summary>
Make specified domain MLS trusted
for reading from sockets at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_read_to_clearance" lineno="229">
<summary>
Make specified domain MLS trusted
for reading from sockets at any level
that is dominated by the process clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_write_to_clearance" lineno="250">
<summary>
Make specified domain MLS trusted
for writing to sockets up to
its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_write_all_levels" lineno="270">
<summary>
Make specified domain MLS trusted
for writing to sockets at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_receive_all_levels" lineno="291">
<summary>
Make specified domain MLS trusted
for receiving network data from
network interfaces or hosts at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_write_within_range" lineno="313">
<summary>
Make specified domain trusted to
write to network objects within its MLS range.
The subject's MLS range must be a
proper subset of the object's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_inbound_all_levels" lineno="334">
<summary>
Make specified domain trusted to
write inbound packets regardless of the
network's or node's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_outbound_all_levels" lineno="355">
<summary>
Make specified domain trusted to
write outbound packets regardless of the
network's or node's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_read_to_clearance" lineno="376">
<summary>
Make specified domain MLS trusted
for reading from System V IPC objects
up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_read_all_levels" lineno="397">
<summary>
Make specified domain MLS trusted
for reading from System V IPC objects
at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_write_to_clearance" lineno="418">
<summary>
Make specified domain MLS trusted
for writing to System V IPC objects
up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_write_all_levels" lineno="439">
<summary>
Make specified domain MLS trusted
for writing to System V IPC objects
at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_key_write_to_clearance" lineno="460">
<summary>
Make specified domain MLS trusted
for writing to keys up to
its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_key_write_all_levels" lineno="480">
<summary>
Make specified domain MLS trusted
for writing to keys at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_rangetrans_source" lineno="500">
<summary>
Allow the specified domain to do a MLS
range transition that changes
the current level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_rangetrans_target" lineno="520">
<summary>
Make specified domain a target domain
for MLS range transitions that change
the current level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_process_read_to_clearance" lineno="541">
<summary>
Make specified domain MLS trusted
for reading from processes up to
its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_read_all_levels" lineno="561">
<summary>
Make specified domain MLS trusted
for reading from processes at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_write_to_clearance" lineno="582">
<summary>
Make specified domain MLS trusted
for writing to processes up to
its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_write_all_levels" lineno="602">
<summary>
Make specified domain MLS trusted
for writing to processes at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_set_level" lineno="623">
<summary>
Make specified domain MLS trusted
for setting the level of processes
it executes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_read_to_clearance" lineno="643">
<summary>
Make specified domain MLS trusted
for reading from X objects up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_read_all_levels" lineno="663">
<summary>
Make specified domain MLS trusted
for reading from X objects at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_write_to_clearance" lineno="683">
<summary>
Make specified domain MLS trusted
for write to X objects up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_write_all_levels" lineno="703">
<summary>
Make specified domain MLS trusted
for writing to X objects at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_colormap_read_all_levels" lineno="723">
<summary>
Make specified domain MLS trusted
for reading from X colormaps at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_colormap_write_all_levels" lineno="743">
<summary>
Make specified domain MLS trusted
for writing to X colormaps at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_trusted_object" lineno="772">
<summary>
Make specified object MLS trusted.
</summary>
<desc>
<p>
Make specified object MLS trusted.  This
allows all levels to read and write the
object.
</p>
<p>
This currently only applies to filesystem
objects, for example, files and directories.
</p>
</desc>
<param name="domain">
<summary>
The type of the object.
</summary>
</param>
</interface>
<interface name="mls_trusted_socket" lineno="799">
<summary>
Make specified socket MLS trusted.
</summary>
<desc>
<p>
Make specified socket MLS trusted. For sockets
marked as such, this allows all levels to:
* sendto to unix_dgram_sockets
* connectto to unix_stream_sockets
respectively.
</p>
</desc>
<param name="domain">
<summary>
The type of the object.
</summary>
</param>
</interface>
<interface name="mls_fd_use_all_levels" lineno="820">
<summary>
Make the specified domain trusted
to inherit and use file descriptors
from all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_fd_share_all_levels" lineno="841">
<summary>
Make the file descriptors from the
specified domain inheritable by
all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_read_all_levels" lineno="861">
<summary>
Make specified domain MLS trusted
for reading from databases at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_write_all_levels" lineno="881">
<summary>
Make specified domain MLS trusted
for writing to databases at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_upgrade" lineno="901">
<summary>
Make specified domain MLS trusted
for raising the level of databases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_downgrade" lineno="921">
<summary>
Make specified domain MLS trusted
for lowering the level of databases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_dbus_send_all_levels" lineno="941">
<summary>
Make specified domain MLS trusted
for sending dbus messages to
all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_dbus_recv_all_levels" lineno="962">
<summary>
Make specified domain MLS trusted
for receiving dbus messages from
all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="selinux" filename="policy/modules/kernel/selinux.if">
<summary>
Policy for kernel security interface, in particular, selinuxfs.
</summary>
<required val="true">
Contains the policy for the kernel SELinux security interface.
</required>
<interface name="selinux_labeled_boolean" lineno="34">
<summary>
Make the specified type used for labeling SELinux Booleans.
This interface is only usable in the base module.
</summary>
<desc>
<p>
Make the specified type used for labeling SELinux Booleans.
</p>
<p>
This makes use of genfscon statements, which are only
available in the base module.  Thus any module which calls this
interface must be included in the base module.
</p>
</desc>
<param name="type">
<summary>
Type used for labeling a Boolean.
</summary>
</param>
<param name="boolean">
<summary>
Name of the Boolean.
</summary>
</param>
</interface>
<interface name="selinux_get_fs_mount" lineno="56">
<summary>
Get the mountpoint of the selinuxfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_get_fs_mount" lineno="86">
<summary>
Do not audit attempts to get the mountpoint
of the selinuxfs filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_mount_fs" lineno="115">
<summary>
Mount the selinuxfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_remount_fs" lineno="134">
<summary>
Remount the selinuxfs filesystem.
This allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_unmount_fs" lineno="152">
<summary>
Unmount the selinuxfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_mounton_fs" lineno="170">
<summary>
Mount on the selinuxfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_getattr_fs" lineno="188">
<summary>
Get the attributes of the selinuxfs filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_getattr_fs" lineno="210">
<summary>
Do not audit attempts to get the
attributes of the selinuxfs filesystem
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_getattr_dir" lineno="232">
<summary>
Do not audit attempts to get the
attributes of the selinuxfs directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_search_fs" lineno="250">
<summary>
Search selinuxfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_search_fs" lineno="269">
<summary>
Do not audit attempts to search selinuxfs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_read_fs" lineno="288">
<summary>
Do not audit attempts to read
generic selinuxfs entries
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_get_enforce_mode" lineno="309">
<summary>
Allows the caller to get the mode of policy enforcement
(enforcing or permissive mode).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_set_enforce_mode" lineno="341">
<summary>
Allow caller to set the mode of policy enforcement
(enforcing or permissive mode).
</summary>
<desc>
<p>
Allow caller to set the mode of policy enforcement
(enforcing or permissive mode).
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_load_policy" lineno="359">
<summary>
Allow caller to load the policy into the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_read_policy" lineno="377">
<summary>
Allow caller to read the policy from the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_set_generic_booleans" lineno="410">
<summary>
Allow caller to set the state of generic Booleans to
enable or disable conditional portions of the policy.
</summary>
<desc>
<p>
Allow caller to set the state of generic Booleans to
enable or disable conditional portions of the policy.
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_set_all_booleans" lineno="445">
<summary>
Allow caller to set the state of all Booleans to
enable or disable conditional portions of the policy.
</summary>
<desc>
<p>
Allow caller to set the state of all Booleans to
enable or disable conditional portions of the policy.
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_get_all_booleans" lineno="477">
<summary>
Allow caller to get the state of all Booleans to
view conditional portions of the policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_set_parameters" lineno="511">
<summary>
Allow caller to set SELinux access vector cache parameters.
</summary>
<desc>
<p>
Allow caller to set SELinux access vector cache parameters.
The allows the domain to set performance related parameters
of the AVC, such as cache threshold.
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_validate_context" lineno="530">
<summary>
Allows caller to validate security contexts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_dontaudit_validate_context" lineno="552">
<summary>
Do not audit attempts to validate security contexts.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_compute_access_vector" lineno="573">
<summary>
Allows caller to compute an access vector.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_compute_create_context" lineno="596">
<summary>
Calculate the default type for object creation.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_compute_member" lineno="618">
<summary>
Allows caller to compute polyinstatntiated
directory members.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_compute_relabel_context" lineno="648">
<summary>
Calculate the context for relabeling objects.
</summary>
<desc>
<p>
Calculate the context for relabeling objects.
This is determined by using the type_change
rules in the policy, and is generally used
for determining the context for relabeling
a terminal when a user logs in.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_compute_user_contexts" lineno="669">
<summary>
Allows caller to compute possible contexts for a user.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_use_status_page" lineno="691">
<summary>
Allows the caller to use the SELinux status page.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_map_security_files" lineno="712">
<summary>
Allows caller to map secuirty_t files. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_unconfined" lineno="733">
<summary>
Unconfined access to the SELinux kernel security server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<bool name="secure_mode_policyload" dftval="false">
<desc>
<p>
Boolean to determine whether the system permits loading policy, setting
enforcing mode, and changing boolean values.  Set this to true and you
have to reboot to set it back.
</p>
</desc>
</bool>
</module>
<module name="storage" filename="policy/modules/kernel/storage.if">
<summary>Policy controlling access to storage devices</summary>
<interface name="storage_getattr_fixed_disk_dev" lineno="14">
<summary>
Allow the caller to get the attributes of fixed disk
device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_getattr_fixed_disk_dev" lineno="34">
<summary>
Do not audit attempts made by the caller to get
the attributes of fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_setattr_fixed_disk_dev" lineno="54">
<summary>
Allow the caller to set the attributes of fixed disk
device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_setattr_fixed_disk_dev" lineno="74">
<summary>
Do not audit attempts made by the caller to set
the attributes of fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_read_fixed_disk" lineno="95">
<summary>
Allow the caller to directly read from a fixed disk.
This is extremely dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_raw_read_fixed_disk_cond" lineno="126">
<summary>
Allow the caller to directly read from a fixed disk
if a tunable is set.
This is extremely dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tunable">
<summary>
Tunable to depend on
</summary>
</param>
</interface>
<interface name="storage_dontaudit_read_fixed_disk" lineno="151">
<summary>
Do not audit attempts made by the caller to read
fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_write_fixed_disk" lineno="174">
<summary>
Allow the caller to directly write to a fixed disk.
This is extremely dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_write_fixed_disk" lineno="197">
<summary>
Do not audit attempts made by the caller to write
fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_rw_fixed_disk" lineno="219">
<summary>
Allow the caller to directly read and write to a fixed disk.
This is extremely dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_create_fixed_disk_dev" lineno="234">
<summary>
Allow the caller to create fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_delete_fixed_disk_dev" lineno="254">
<summary>
Allow the caller to delete fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_manage_fixed_disk" lineno="273">
<summary>
Create, read, write, and delete fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dev_filetrans_fixed_disk" lineno="302">
<summary>
Create block devices in /dev with the fixed disk type
via an automatic type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Optional filename of the block device to be created
</summary>
</param>
</interface>
<interface name="storage_dev_filetrans_fixed_disk_control" lineno="326">
<summary>
Create char devices in /dev with the fixed disk type
via an automatic type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Optional filename of the char device to be created
</summary>
</param>
</interface>
<interface name="storage_tmpfs_filetrans_fixed_disk" lineno="345">
<summary>
Create block devices in on a tmpfs filesystem with the
fixed disk type via an automatic type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_relabel_fixed_disk" lineno="363">
<summary>
Relabel fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_swapon_fixed_disk" lineno="382">
<summary>
Enable a fixed disk device as swap space
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_watch_fixed_disk" lineno="401">
<summary>
Watch fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_getattr_fuse_dev" lineno="422">
<summary>
Allow the caller to get the attributes
of device nodes of fuse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_rw_fuse" lineno="441">
<summary>
read or write fuse device interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_rw_fuse" lineno="460">
<summary>
Do not audit attempts to read or write
fuse device interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_getattr_scsi_generic_dev" lineno="479">
<summary>
Allow the caller to get the attributes of
the generic SCSI interface device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_setattr_scsi_generic_dev" lineno="499">
<summary>
Allow the caller to set the attributes of
the generic SCSI interface device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_read_scsi_generic" lineno="522">
<summary>
Allow the caller to directly read, in a
generic fashion, from any SCSI device.
This is extremely dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_write_scsi_generic" lineno="547">
<summary>
Allow the caller to directly write, in a
generic fashion, from any SCSI device.
This is extremely dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_setattr_scsi_generic_dev_dev" lineno="569">
<summary>
Set attributes of the device nodes
for the SCSI generic interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_rw_scsi_generic" lineno="589">
<summary>
Do not audit attempts to read or write
SCSI generic device interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_getattr_removable_dev" lineno="608">
<summary>
Allow the caller to get the attributes of removable
devices device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_getattr_removable_dev" lineno="628">
<summary>
Do not audit attempts made by the caller to get
the attributes of removable devices device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_read_removable_device" lineno="647">
<summary>
Do not audit attempts made by the caller to read
removable devices device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_write_removable_device" lineno="667">
<summary>
Do not audit attempts made by the caller to write
removable devices device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_setattr_removable_dev" lineno="686">
<summary>
Allow the caller to set the attributes of removable
devices device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_setattr_removable_dev" lineno="706">
<summary>
Do not audit attempts made by the caller to set
the attributes of removable devices device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_read_removable_device" lineno="728">
<summary>
Allow the caller to directly read from
a removable device.
This is extremely dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_raw_read_removable_device" lineno="747">
<summary>
Do not audit attempts to directly read removable devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_write_removable_device" lineno="769">
<summary>
Allow the caller to directly write to
a removable device.
This is extremely dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_raw_write_removable_device" lineno="788">
<summary>
Do not audit attempts to directly write removable devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_read_tape" lineno="807">
<summary>
Allow the caller to directly read
a tape device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_write_tape" lineno="827">
<summary>
Allow the caller to directly write
a tape device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_getattr_tape_dev" lineno="847">
<summary>
Allow the caller to get the attributes
of device nodes of tape devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_setattr_tape_dev" lineno="867">
<summary>
Allow the caller to set the attributes
of device nodes of tape devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_unconfined" lineno="886">
<summary>
Unconfined access to storage devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="terminal" filename="policy/modules/kernel/terminal.if">
<summary>Policy for terminals.</summary>
<required val="true">
Depended on by other required modules.
</required>
<interface name="term_pty" lineno="16">
<summary>
Transform specified type into a pty type.
</summary>
<param name="pty_type">
<summary>
An object type that will applied to a pty.
</summary>
</param>
</interface>
<interface name="term_user_pty" lineno="45">
<summary>
Transform specified type into an user
pty type. This allows it to be relabeled via
type change by login programs such as ssh.
</summary>
<param name="userdomain">
<summary>
The type of the user domain associated with
this pty.
</summary>
</param>
<param name="object_type">
<summary>
An object type that will applied to a pty.
</summary>
</param>
</interface>
<interface name="term_login_pty" lineno="65">
<summary>
Transform specified type into a pty type
used by login programs, such as sshd.
</summary>
<param name="pty_type">
<summary>
An object type that will applied to a pty.
</summary>
</param>
</interface>
<interface name="term_tty" lineno="84">
<summary>
Transform specified type into a tty type.
</summary>
<param name="tty_type">
<summary>
An object type that will applied to a tty.
</summary>
</param>
</interface>
<interface name="term_user_tty" lineno="109">
<summary>
Transform specified type into a user tty type.
</summary>
<param name="domain">
<summary>
User domain that is related to this tty.
</summary>
</param>
<param name="tty_type">
<summary>
An object type that will applied to a tty.
</summary>
</param>
</interface>
<interface name="term_mount_devpts" lineno="143">
<summary>
mount a devpts_t filesystem
</summary>
<param name="domain">
<summary>
The type of the process to mount it
</summary>
</param>
</interface>
<interface name="term_create_devpts_dirs" lineno="161">
<summary>
Create directory /dev/pts.
</summary>
<param name="domain">
<summary>
The type of the process creating the directory.
</summary>
</param>
</interface>
<interface name="term_create_pty" lineno="185">
<summary>
Create a pty in the /dev/pts directory.
</summary>
<param name="domain">
<summary>
The type of the process creating the pty.
</summary>
</param>
<param name="pty_type">
<summary>
The type of the pty.
</summary>
</param>
</interface>
<interface name="term_write_all_terms" lineno="211">
<summary>
Write the console, all
ttys and all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_use_all_terms" lineno="234">
<summary>
Read and write the console, all
ttys and all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_write_console" lineno="256">
<summary>
Write to the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_read_console" lineno="276">
<summary>
Read from the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_read_console" lineno="296">
<summary>
Do not audit attempts to read from the console.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_use_console" lineno="315">
<summary>
Read from and write to the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_console" lineno="335">
<summary>
Do not audit attempts to read from
or write to the console.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_console" lineno="355">
<summary>
Set the attributes of the console
device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabel_console" lineno="374">
<summary>
Relabel from and to the console type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_create_console_dev" lineno="393">
<summary>
Create the console device (/dev/console).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_pty_fs" lineno="413">
<summary>
Get the attributes of a pty filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_relabel_pty_fs" lineno="431">
<summary>
Relabel from and to pty filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_pty_dirs" lineno="451">
<summary>
Get the attributes of the
/dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_getattr_pty_dirs" lineno="470">
<summary>
Do not audit attempts to get the
attributes of the /dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_search_ptys" lineno="488">
<summary>
Search the contents of the /dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_search_ptys" lineno="508">
<summary>
Do not audit attempts to search the
contents of the /dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_list_ptys" lineno="528">
<summary>
Read the /dev/pts directory to
list all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_list_ptys" lineno="548">
<summary>
Do not audit attempts to read the
/dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_dontaudit_manage_pty_dirs" lineno="567">
<summary>
Do not audit attempts to create, read,
write, or delete the /dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_relabel_pty_dirs" lineno="585">
<summary>
Relabel from and to pty directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_generic_ptys" lineno="604">
<summary>
Get the attributes of generic pty devices.
</summary>
<param name="domain">
<summary>
Domain to allow
</summary>
</param>
</interface>
<interface name="term_dontaudit_getattr_generic_ptys" lineno="623">
<summary>
Do not audit attempts to get the attributes
of generic pty devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_ioctl_generic_ptys" lineno="641">
<summary>
ioctl of generic pty devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_setattr_generic_ptys" lineno="662">
<summary>
Allow setting the attributes of
generic pty devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_setattr_generic_ptys" lineno="681">
<summary>
Dontaudit setting the attributes of
generic pty devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_use_generic_ptys" lineno="701">
<summary>
Read and write the generic pty
type.  This is generally only used in
the targeted policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_use_generic_ptys" lineno="723">
<summary>
Dot not audit attempts to read and
write the generic pty type.  This is
generally only used in the targeted policy.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_create_controlling_term" lineno="741">
<summary>
Create the tty device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_setattr_controlling_term" lineno="762">
<summary>
Set the attributes of the tty device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_controlling_term" lineno="782">
<summary>
Read and write the controlling
terminal (/dev/tty).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_create_ptmx" lineno="801">
<summary>
Create the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_getattr_ptmx" lineno="821">
<summary>
Get the attributes of the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_dontaudit_getattr_ptmx" lineno="840">
<summary>
Do not audit attempts to get attributes
on the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_use_ptmx" lineno="858">
<summary>
Read and write the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_use_ptmx" lineno="878">
<summary>
Do not audit attempts to read and
write the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_getattr_all_ptys" lineno="898">
<summary>
Get the attributes of all
pty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_all_ptys" lineno="921">
<summary>
Do not audit attempts to get the
attributes of any pty
device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_all_ptys" lineno="941">
<summary>
Set the attributes of all
pty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabelto_all_ptys" lineno="962">
<summary>
Relabel to all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_all_ptys" lineno="980">
<summary>
Write to all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_all_ptys" lineno="1000">
<summary>
Read and write all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_all_ptys" lineno="1021">
<summary>
Do not audit attempts to read or write any ptys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_relabel_all_ptys" lineno="1039">
<summary>
Relabel from and to all pty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_unallocated_ttys" lineno="1061">
<summary>
Get the attributes of all unallocated
tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_setattr_unlink_unallocated_ttys" lineno="1081">
<summary>
Setattr and unlink unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_unallocated_ttys" lineno="1101">
<summary>
Do not audit attempts to get the attributes
of all unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_unallocated_ttys" lineno="1121">
<summary>
Set the attributes of all unallocated
tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_setattr_unallocated_ttys" lineno="1141">
<summary>
Do not audit attempts to set the attributes
of unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_dontaudit_ioctl_unallocated_ttys" lineno="1160">
<summary>
Do not audit attempts to ioctl
unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_relabel_unallocated_ttys" lineno="1179">
<summary>
Relabel from and to the unallocated
tty type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_reset_tty_labels" lineno="1199">
<summary>
Relabel from all user tty types to
the unallocated tty type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_append_unallocated_ttys" lineno="1220">
<summary>
Append to unallocated ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_unallocated_ttys" lineno="1239">
<summary>
Write to unallocated ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_unallocated_ttys" lineno="1259">
<summary>
Read and write unallocated ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_unallocated_ttys" lineno="1279">
<summary>
Do not audit attempts to read or
write unallocated ttys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_getattr_all_ttys" lineno="1298">
<summary>
Get the attributes of all tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_all_ttys" lineno="1318">
<summary>
Do not audit attempts to get the
attributes of any tty device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_all_ttys" lineno="1338">
<summary>
Set the attributes of all tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabel_all_ttys" lineno="1357">
<summary>
Relabel from and to all tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_all_ttys" lineno="1376">
<summary>
Write to all ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_all_ttys" lineno="1396">
<summary>
Read and write all ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_all_ttys" lineno="1416">
<summary>
Do not audit attempts to read or write
any ttys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_use_virtio_console" lineno="1434">
<summary>
Read from and write virtio console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ubac" filename="policy/modules/kernel/ubac.if">
<summary>User-based access control policy</summary>
<required val="true">
Contains attributes used in UBAC policy.
</required>
<interface name="ubac_constrained" lineno="29">
<summary>
Constrain by user-based access control (UBAC).
</summary>
<desc>
<p>
Constrain the specified type by user-based
access control (UBAC).  Typically, these are
user processes or user files that need to be
differentiated by SELinux user.  Normally this
does not include administrative or privileged
programs. For the UBAC rules to be enforced,
both the subject (source) type and the object
(target) types must be UBAC constrained.
</p>
</desc>
<param name="type">
<summary>
Type to be constrained by UBAC.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="ubac_file_exempt" lineno="47">
<summary>
Exempt user-based access control for files.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_process_exempt" lineno="65">
<summary>
Exempt user-based access control for processes.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_fd_exempt" lineno="83">
<summary>
Exempt user-based access control for file descriptors.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_socket_exempt" lineno="101">
<summary>
Exempt user-based access control for sockets.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_sysvipc_exempt" lineno="119">
<summary>
Exempt user-based access control for SysV IPC.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_xwin_exempt" lineno="137">
<summary>
Exempt user-based access control for X Windows.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_dbus_exempt" lineno="155">
<summary>
Exempt user-based access control for dbus.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_key_exempt" lineno="173">
<summary>
Exempt user-based access control for keys.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_db_exempt" lineno="191">
<summary>
Exempt user-based access control for databases.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
</module>
</layer>
<layer name="roles">
<summary>Policy modules for user roles.</summary>
<module name="auditadm" filename="policy/modules/roles/auditadm.if">
<summary>Audit administrator role</summary>
<interface name="auditadm_role_change" lineno="14">
<summary>
Change to the audit administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auditadm_role_change_to" lineno="44">
<summary>
Change from the audit administrator role.
</summary>
<desc>
<p>
Change from the audit administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dbadm" filename="policy/modules/roles/dbadm.if">
<summary>Database administrator role.</summary>
<interface name="dbadm_role_change" lineno="14">
<summary>
Change to the database administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dbadm_role_change_to" lineno="44">
<summary>
Change from the database administrator role.
</summary>
<desc>
<p>
Change from the database administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="dbadm_manage_user_files" dftval="false">
<desc>
<p>
Determine whether dbadm can manage
generic user files.
</p>
</desc>
</tunable>
<tunable name="dbadm_read_user_files" dftval="false">
<desc>
<p>
Determine whether dbadm can read
generic user files.
</p>
</desc>
</tunable>
</module>
<module name="guest" filename="policy/modules/roles/guest.if">
<summary>Least privilege terminal user role.</summary>
<interface name="guest_role_change" lineno="14">
<summary>
Change to the guest role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="guest_role_change_to" lineno="44">
<summary>
Change from the guest role.
</summary>
<desc>
<p>
Change from the guest role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="logadm" filename="policy/modules/roles/logadm.if">
<summary>Log administrator role</summary>
<interface name="logadm_role_change" lineno="14">
<summary>
Change to the log administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logadm_role_change_to" lineno="44">
<summary>
Change from the log administrator role.
</summary>
<desc>
<p>
Change from the log administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="secadm" filename="policy/modules/roles/secadm.if">
<summary>Security administrator role</summary>
<interface name="secadm_role_change" lineno="14">
<summary>
Change to the security administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="secadm_role_change_to_template" lineno="44">
<summary>
Change from the security administrator role.
</summary>
<desc>
<p>
Change from the security administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="staff" filename="policy/modules/roles/staff.if">
<summary>Administrator's unprivileged user role</summary>
<interface name="staff_role_change" lineno="14">
<summary>
Change to the staff role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="staff_role_change_to" lineno="44">
<summary>
Change from the staff role.
</summary>
<desc>
<p>
Change from the staff role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sysadm" filename="policy/modules/roles/sysadm.if">
<summary>General system administration role</summary>
<interface name="sysadm_role_change" lineno="19">
<summary>
Change to the system administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysadm_role_change_to" lineno="54">
<summary>
Change from the system administrator role.
</summary>
<desc>
<p>
Change from the system administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysadm_shell_domtrans" lineno="72">
<summary>
Execute a shell in the sysadm domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_bin_spec_domtrans" lineno="93">
<summary>
Execute a generic bin program in the sysadm domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_entry_spec_domtrans" lineno="116">
<summary>
Execute all entrypoint files in the sysadm domain. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_entry_spec_domtrans_to" lineno="151">
<summary>
Allow sysadm to execute all entrypoint files in
a specified domain.  This is an explicit transition,
requiring the caller to use setexeccon().
</summary>
<desc>
<p>
Allow sysadm to execute all entrypoint files in
a specified domain.  This is an explicit transition,
requiring the caller to use setexeccon().
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_bin_spec_domtrans_to" lineno="185">
<summary>
Allow sysadm to execute a generic bin program in
a specified domain.  This is an explicit transition,
requiring the caller to use setexeccon().
</summary>
<desc>
<p>
Allow sysadm to execute a generic bin program in
a specified domain.
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain to execute in.
</summary>
</param>
</interface>
<interface name="sysadm_sigchld" lineno="206">
<summary>
Send a SIGCHLD signal to sysadm users.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_use_fds" lineno="224">
<summary>
Inherit and use sysadm file descriptors
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_rw_pipes" lineno="242">
<summary>
Read and write sysadm user unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_ptrace" dftval="false">
<desc>
<p>
Allow sysadm to debug or ptrace all processes.
</p>
</desc>
</tunable>
<tunable name="sysadm_allow_rw_inherited_fifo" dftval="false">
<desc>
<p>
Allow sysadm to read/write to fifo files inherited from
a domain allowed to change role.
</p>
</desc>
</tunable>
</module>
<module name="unprivuser" filename="policy/modules/roles/unprivuser.if">
<summary>Generic unprivileged user role</summary>
<interface name="unprivuser_role_change" lineno="14">
<summary>
Change to the generic user role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="unprivuser_role_change_to" lineno="44">
<summary>
Change from the generic user role.
</summary>
<desc>
<p>
Change from the generic user role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="webadm" filename="policy/modules/roles/webadm.if">
<summary>Web administrator role.</summary>
<interface name="webadm_role_change" lineno="14">
<summary>
Change to the web administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="webadm_role_change_to" lineno="44">
<summary>
Change from the web administrator role.
</summary>
<desc>
<p>
Change from the web administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="webadm_manage_user_files" dftval="false">
<desc>
<p>
Determine whether webadm can
manage generic user files.
</p>
</desc>
</tunable>
<tunable name="webadm_read_user_files" dftval="false">
<desc>
<p>
Determine whether webadm can
read generic user files.
</p>
</desc>
</tunable>
</module>
<module name="xguest" filename="policy/modules/roles/xguest.if">
<summary>Least privilege xwindows user role.</summary>
<interface name="xguest_role_change" lineno="14">
<summary>
Change to the xguest role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="xguest_role_change_to" lineno="44">
<summary>
Change from the xguest role.
</summary>
<desc>
<p>
Change from the xguest role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="xguest_mount_media" dftval="false">
<desc>
<p>
Determine whether xguest can
mount removable media.
</p>
</desc>
</tunable>
<tunable name="xguest_connect_network" dftval="false">
<desc>
<p>
Determine whether xguest can
configure network manager.
</p>
</desc>
</tunable>
<tunable name="xguest_use_bluetooth" dftval="false">
<desc>
<p>
Determine whether xguest can
use blue tooth devices.
</p>
</desc>
</tunable>
</module>
</layer>
<layer name="services">
<summary>
	Policy modules for system services, like cron, and network services,
	like sshd.
</summary>
<module name="abrt" filename="policy/modules/services/abrt.if">
<summary>Automated bug-reporting tool.</summary>
<interface name="abrt_domtrans" lineno="13">
<summary>
Execute abrt in the abrt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="abrt_exec" lineno="32">
<summary>
Execute abrt in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_signull" lineno="51">
<summary>
Send null signals to abrt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_state" lineno="69">
<summary>
Read process state of abrt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_stream_connect" lineno="87">
<summary>
Connect to abrt over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_dbus_chat" lineno="107">
<summary>
Send and receive messages from
abrt over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_domtrans_helper" lineno="128">
<summary>
Execute abrt-helper in the abrt
helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="abrt_run_helper" lineno="155">
<summary>
Execute abrt helper in the abrt
helper domain, and allow the
specified role the abrt helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="abrt_manage_cache" lineno="175">
<summary>
Create, read, write, and delete
abrt cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_config" lineno="196">
<summary>
Read abrt configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_log" lineno="215">
<summary>
Read abrt log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_pid_files" lineno="234">
<summary>
Read abrt PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_manage_pid_files" lineno="249">
<summary>
Create, read, write, and delete
abrt PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_manage_runtime_files" lineno="265">
<summary>
Create, read, write, and delete
abrt runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_admin" lineno="291">
<summary>
All of the rules required to
administrate an abrt environment,
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="abrt_anon_write" dftval="false">
<desc>
<p>
Determine whether ABRT can modify
public files used for public file
transfer services.
</p>
</desc>
</tunable>
<tunable name="abrt_upload_watch_anon_write" dftval="true">
<desc>
<p>
Determine whether abrt-handle-upload
can modify public files used for public file
transfer services in /var/spool/abrt-upload/.
</p>
</desc>
</tunable>
<tunable name="abrt_handle_event" dftval="false">
<desc>
<p>
Determine whether ABRT can run in
the abrt_handle_event_t domain to
handle ABRT event scripts.
</p>
</desc>
</tunable>
</module>
<module name="accountsd" filename="policy/modules/services/accountsd.if">
<summary>AccountsService and daemon for manipulating user account information via D-Bus.</summary>
<interface name="accountsd_domtrans" lineno="14">
<summary>
Execute a domain transition to
run accountsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="accountsd_dontaudit_rw_fifo_file" lineno="34">
<summary>
Do not audit attempts to read and
write Accounts Daemon fifo files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="accountsd_dbus_chat" lineno="53">
<summary>
Send and receive messages from
accountsd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_search_lib" lineno="73">
<summary>
Search accountsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_read_lib_files" lineno="92">
<summary>
Read accountsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_manage_lib_files" lineno="113">
<summary>
Create, read, write, and delete
accountsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_admin" lineno="139">
<summary>
All of the rules required to
administrate an accountsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role" unused="true">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="acpi" filename="policy/modules/services/acpi.if">
<summary>Advanced power management.</summary>
<interface name="acpi_domtrans_client" lineno="13">
<summary>
Execute apm in the apm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="acpi_run_client" lineno="39">
<summary>
Execute apm in the apm domain
and allow the specified role
the apm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="acpi_use_fds" lineno="58">
<summary>
Use apmd file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acpi_write_pipes" lineno="76">
<summary>
Write apmd unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acpi_rw_stream_sockets" lineno="95">
<summary>
Read and write to apmd unix
stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acpi_append_log" lineno="113">
<summary>
Append apmd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acpi_stream_connect" lineno="133">
<summary>
Connect to apmd over an unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acpi_admin" lineno="159">
<summary>
All of the rules required to
administrate an apm environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="afs" filename="policy/modules/services/afs.if">
<summary>Andrew Filesystem server.</summary>
<interface name="afs_domtrans" lineno="14">
<summary>
Execute a domain transition to run the
afs client.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="afs_rw_udp_sockets" lineno="33">
<summary>
Read and write afs client UDP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="afs_rw_cache" lineno="51">
<summary>
Read and write afs cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="afs_initrc_domtrans" lineno="70">
<summary>
Execute afs server in the afs domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="afs_admin" lineno="95">
<summary>
All of the rules required to
administrate an afs environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="aiccu" filename="policy/modules/services/aiccu.if">
<summary>Automatic IPv6 Connectivity Client Utility.</summary>
<interface name="aiccu_domtrans" lineno="13">
<summary>
Execute a domain transition to run aiccu.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aiccu_initrc_domtrans" lineno="32">
<summary>
Execute aiccu server in the aiccu domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aiccu_read_pid_files" lineno="50">
<summary>
Read aiccu PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aiccu_admin" lineno="71">
<summary>
All of the rules required to
administrate an aiccu environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="aisexec" filename="policy/modules/services/aisexec.if">
<summary>Aisexec Cluster Engine.</summary>
<interface name="aisexec_domtrans" lineno="13">
<summary>
Execute a domain transition to run aisexec.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aisexec_stream_connect" lineno="33">
<summary>
Connect to aisexec over a unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aisexec_read_log" lineno="52">
<summary>
Read aisexec log files content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aisexecd_admin" lineno="79">
<summary>
All of the rules required to
administrate an aisexec environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="amavis" filename="policy/modules/services/amavis.if">
<summary>High-performance interface between an email server and content checkers.</summary>
<interface name="amavis_domtrans" lineno="13">
<summary>
Execute a domain transition to run amavis.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="amavis_initrc_domtrans" lineno="32">
<summary>
Execute amavis server in the amavis domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="amavis_read_spool_files" lineno="50">
<summary>
Read amavis spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_manage_spool_files" lineno="70">
<summary>
Create, read, write, and delete
amavis spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_spool_filetrans" lineno="106">
<summary>
Create objects in the amavis spool directories
with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
Private file type.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="amavis_search_lib" lineno="125">
<summary>
Search amavis lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_read_lib_files" lineno="144">
<summary>
Read amavis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_manage_lib_files" lineno="165">
<summary>
Create, read, write, and delete
amavis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_setattr_pid_files" lineno="184">
<summary>
Set attributes of amavis pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_create_pid_files" lineno="199">
<summary>
Create amavis pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_setattr_runtime_files" lineno="214">
<summary>
Set attributes of amavis runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_create_runtime_files" lineno="233">
<summary>
Create amavis runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_admin" lineno="259">
<summary>
All of the rules required to
administrate an amavis environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="amavis_use_jit" dftval="false">
<desc>
<p>
Determine whether amavis can
use JIT compiler.
</p>
</desc>
</tunable>
</module>
<module name="apache" filename="policy/modules/services/apache.if">
<summary>Various web servers.</summary>
<template name="apache_content_template" lineno="14">
<summary>
Create a set of derived types for
httpd web content.
</summary>
<param name="prefix">
<summary>
The prefix to be used for deriving type names.
</summary>
</param>
</template>
<interface name="apache_role" lineno="120">
<summary>
Role access for apache.
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="apache_read_user_scripts" lineno="175">
<summary>
Read user httpd script executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_user_content" lineno="195">
<summary>
Read user httpd content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_domtrans" lineno="215">
<summary>
Execute httpd with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_exec" lineno="234">
<summary>
Execute httpd
</summary>
<param name="domain">
<summary>
Domain allowed to execute it.
</summary>
</param>
</interface>
<interface name="apache_initrc_domtrans" lineno="252">
<summary>
Execute httpd server in the httpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_signal" lineno="270">
<summary>
Send generic signals to httpd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_signull" lineno="288">
<summary>
Send null signals to httpd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_sigchld" lineno="306">
<summary>
Send child terminated signals to httpd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_use_fds" lineno="325">
<summary>
Inherit and use file descriptors
from httpd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_fifo_file" lineno="344">
<summary>
Do not audit attempts to read and
write httpd unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_stream_sockets" lineno="363">
<summary>
Do not audit attempts to read and
write httpd unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_rw_stream_sockets" lineno="382">
<summary>
Read and write httpd unix domain
stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_tcp_sockets" lineno="401">
<summary>
Do not audit attempts to read and
write httpd TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_reload" lineno="419">
<summary>
Reload the httpd service (systemd).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_all_ra_content" lineno="438">
<summary>
Read all appendable content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_append_all_ra_content" lineno="457">
<summary>
Append to all appendable web content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_all_rw_content" lineno="475">
<summary>
Read all read/write content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_all_rw_content" lineno="494">
<summary>
Manage all read/write content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_all_content" lineno="513">
<summary>
Read all web content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_search_all_content" lineno="535">
<summary>
Search all apache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_list_all_content" lineno="553">
<summary>
List all apache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_all_content" lineno="573">
<summary>
Create, read, write, and delete
all httpd content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_setattr_cache_dirs" lineno="597">
<summary>
Set attributes httpd cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_list_cache" lineno="615">
<summary>
List httpd cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_rw_cache_files" lineno="633">
<summary>
Read and write httpd cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_delete_cache_dirs" lineno="651">
<summary>
Delete httpd cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_delete_cache_files" lineno="669">
<summary>
Delete httpd cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_config" lineno="688">
<summary>
Read httpd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_search_config" lineno="709">
<summary>
Search httpd configuration directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_config" lineno="729">
<summary>
Create, read, write, and delete
httpd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_domtrans_helper" lineno="751">
<summary>
Execute the Apache helper program
with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_run_helper" lineno="778">
<summary>
Execute the Apache helper program with
a domain transition, and allow the
specified role the Apache helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_read_log" lineno="798">
<summary>
Read httpd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_append_log" lineno="819">
<summary>
Append httpd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_append_log" lineno="840">
<summary>
Do not audit attempts to append
httpd log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_manage_log" lineno="859">
<summary>
Create, read, write, and delete
httpd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_write_log" lineno="880">
<summary>
Write apache log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_search_modules" lineno="900">
<summary>
Do not audit attempts to search
httpd module directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_list_modules" lineno="918">
<summary>
List httpd module directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_exec_modules" lineno="936">
<summary>
Execute httpd module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_module_files" lineno="956">
<summary>
Read httpd module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_domtrans_rotatelogs" lineno="976">
<summary>
Execute a domain transition to
run httpd_rotatelogs.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_list_sys_content" lineno="995">
<summary>
List httpd system content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_sys_content" lineno="1016">
<summary>
Create, read, write, and delete
httpd system content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_manage_sys_rw_content" lineno="1038">
<summary>
Create, read, write, and delete
httpd system rw content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_domtrans_sys_script" lineno="1060">
<summary>
Execute all httpd scripts in the
system script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_sys_script_stream_sockets" lineno="1083">
<summary>
Do not audit attempts to read and
write httpd system script unix
domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_domtrans_all_scripts" lineno="1102">
<summary>
Execute all user scripts in the user
script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_run_all_scripts" lineno="1127">
<summary>
Execute all user scripts in the user
script domain. Add user script domains
to the specified role.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_squirrelmail_data" lineno="1146">
<summary>
Read httpd squirrelmail data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_append_squirrelmail_data" lineno="1164">
<summary>
Append httpd squirrelmail data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_delete_squirrelmail_spool" lineno="1182">
<summary>
delete httpd squirrelmail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_search_sys_content" lineno="1200">
<summary>
Search httpd system content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_sys_content" lineno="1219">
<summary>
Read httpd system content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_search_sys_scripts" lineno="1239">
<summary>
Search httpd system CGI directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_all_user_content" lineno="1259">
<summary>
Create, read, write, and delete all
user httpd content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_search_sys_script_state" lineno="1280">
<summary>
Search system script state directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_tmp_files" lineno="1298">
<summary>
Read httpd tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_write_tmp_files" lineno="1318">
<summary>
Do not audit attempts to write
httpd tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_delete_lib_files" lineno="1336">
<summary>
Delete httpd_var_lib_t files
</summary>
<param name="domain">
<summary>
Domain that can delete the files
</summary>
</param>
</interface>
<interface name="apache_cgi_domain" lineno="1367">
<summary>
Execute CGI in the specified domain.
</summary>
<desc>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain run the cgi script in.
</summary>
</param>
<param name="entrypoint">
<summary>
Type of the executable to enter the cgi domain.
</summary>
</param>
</interface>
<interface name="apache_admin" lineno="1395">
<summary>
All of the rules required to
administrate an apache environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_rw_runtime_files" lineno="1447">
<summary>
rw httpd_runtime_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_httpd_anon_write" dftval="false">
<desc>
<p>
Determine whether httpd can modify
public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="allow_httpd_mod_auth_pam" dftval="false">
<desc>
<p>
Determine whether httpd can use mod_auth_pam.
</p>
</desc>
</tunable>
<tunable name="httpd_builtin_scripting" dftval="false">
<desc>
<p>
Determine whether httpd can use built in scripting.
</p>
</desc>
</tunable>
<tunable name="httpd_can_check_spam" dftval="false">
<desc>
<p>
Determine whether httpd can check spam.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect" dftval="false">
<desc>
<p>
Determine whether httpd scripts and modules
can connect to the network using TCP.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect_cobbler" dftval="false">
<desc>
<p>
Determine whether httpd scripts and modules
can connect to cobbler over the network.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect_db" dftval="false">
<desc>
<p>
Determine whether scripts and modules can
connect to databases over the network.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect_ldap" dftval="false">
<desc>
<p>
Determine whether httpd can connect to
ldap over the network.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect_memcache" dftval="false">
<desc>
<p>
Determine whether httpd can connect
to memcache server over the network.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_relay" dftval="false">
<desc>
<p>
Determine whether httpd can act as a relay.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect_zabbix" dftval="false">
<desc>
<p>
Determine whether httpd daemon can
connect to zabbix over the network.
</p>
</desc>
</tunable>
<tunable name="httpd_can_sendmail" dftval="false">
<desc>
<p>
Determine whether httpd can send mail.
</p>
</desc>
</tunable>
<tunable name="httpd_dbus_avahi" dftval="false">
<desc>
<p>
Determine whether httpd can communicate
with avahi service via dbus.
</p>
</desc>
</tunable>
<tunable name="httpd_enable_cgi" dftval="false">
<desc>
<p>
Determine whether httpd can use support.
</p>
</desc>
</tunable>
<tunable name="httpd_enable_ftp_server" dftval="false">
<desc>
<p>
Determine whether httpd can act as a
FTP server by listening on the ftp port.
</p>
</desc>
</tunable>
<tunable name="httpd_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether httpd can traverse
user home directories.
</p>
</desc>
</tunable>
<tunable name="httpd_gpg_anon_write" dftval="false">
<desc>
<p>
Determine whether httpd gpg can modify
public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="httpd_tmp_exec" dftval="false">
<desc>
<p>
Determine whether httpd can execute
its temporary content.
</p>
</desc>
</tunable>
<tunable name="httpd_execmem" dftval="false">
<desc>
<p>
Determine whether httpd scripts and
modules can use execmem and execstack.
</p>
</desc>
</tunable>
<tunable name="httpd_graceful_shutdown" dftval="false">
<desc>
<p>
Determine whether httpd can connect
to port 80 for graceful shutdown.
</p>
</desc>
</tunable>
<tunable name="httpd_manage_ipa" dftval="false">
<desc>
<p>
Determine whether httpd can
manage IPA content files.
</p>
</desc>
</tunable>
<tunable name="httpd_mod_auth_ntlm_winbind" dftval="false">
<desc>
<p>
Determine whether httpd can use mod_auth_ntlm_winbind.
</p>
</desc>
</tunable>
<tunable name="httpd_read_user_content" dftval="false">
<desc>
<p>
Determine whether httpd can read
generic user home content files.
</p>
</desc>
</tunable>
<tunable name="httpd_setrlimit" dftval="false">
<desc>
<p>
Determine whether httpd can change
its resource limits.
</p>
</desc>
</tunable>
<tunable name="httpd_ssi_exec" dftval="false">
<desc>
<p>
Determine whether httpd can run
SSI executables in the same domain
as system CGI scripts.
</p>
</desc>
</tunable>
<tunable name="httpd_tty_comm" dftval="false">
<desc>
<p>
Determine whether httpd can communicate
with the terminal. Needed for entering the
passphrase for certificates at the terminal.
</p>
</desc>
</tunable>
<tunable name="httpd_unified" dftval="false">
<desc>
<p>
Determine whether httpd can have full access
to its content types.
</p>
</desc>
</tunable>
<tunable name="httpd_use_cifs" dftval="false">
<desc>
<p>
Determine whether httpd can use
cifs file systems.
</p>
</desc>
</tunable>
<tunable name="httpd_use_fusefs" dftval="false">
<desc>
<p>
Determine whether httpd can
use fuse file systems.
</p>
</desc>
</tunable>
<tunable name="httpd_use_gpg" dftval="false">
<desc>
<p>
Determine whether httpd can use gpg.
</p>
</desc>
</tunable>
<tunable name="httpd_use_nfs" dftval="false">
<desc>
<p>
Determine whether httpd can use
nfs file systems.
</p>
</desc>
</tunable>
<tunable name="allow_httpd_sys_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="allow_httpd_user_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="allow_httpd_unconfined_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="apcupsd" filename="policy/modules/services/apcupsd.if">
<summary>APC UPS monitoring daemon.</summary>
<interface name="apcupsd_domtrans" lineno="14">
<summary>
Execute a domain transition to
run apcupsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apcupsd_initrc_domtrans" lineno="34">
<summary>
Execute apcupsd server in the
apcupsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apcupsd_read_pid_files" lineno="52">
<summary>
Read apcupsd PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apcupsd_read_log" lineno="67">
<summary>
Read apcupsd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apcupsd_append_log" lineno="87">
<summary>
Append apcupsd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apcupsd_cgi_script_domtrans" lineno="108">
<summary>
Execute a domain transition to
run httpd_apcupsd_cgi_script.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apcupsd_admin" lineno="138">
<summary>
All of the rules required to
administrate an apcupsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_httpd_apcupsd_cgi_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="aptcacher" filename="policy/modules/services/aptcacher.if">
<summary>apt-cacher, cache for Debian APT repositories.</summary>
<interface name="aptcacher_domtrans_acngtool" lineno="13">
<summary>
Execute acngtool in the acngtool domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aptcacher_run_acngtool" lineno="38">
<summary>
Execute acngtool in the acngtool domain, and
allow the specified role the acngtool domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="aptcacher_stream_connect" lineno="58">
<summary>
Connect to aptcacher using a unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aptcacher_filetrans_log_dir" lineno="77">
<summary>
create /var/log/apt-cacher-ng
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aptcacher_filetrans_cache_dir" lineno="95">
<summary>
create /var/cache/apt-cacher-ng
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aptcacher_etc_filetrans_conf_dir" lineno="113">
<summary>
create /etc/apt-cacher-ng
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="arpwatch" filename="policy/modules/services/arpwatch.if">
<summary>Ethernet activity monitor.</summary>
<interface name="arpwatch_initrc_domtrans" lineno="14">
<summary>
Execute arpwatch server in the
arpwatch domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="arpwatch_search_data" lineno="32">
<summary>
Search arpwatch data file directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_manage_data_files" lineno="52">
<summary>
Create, read, write, and delete
arpwatch data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_rw_tmp_files" lineno="72">
<summary>
Read and write arpwatch temporary
files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_manage_tmp_files" lineno="92">
<summary>
Create, read, write, and delete
arpwatch temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_dontaudit_rw_packet_sockets" lineno="112">
<summary>
Do not audit attempts to read and
write arpwatch packet sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="arpwatch_admin" lineno="137">
<summary>
All of the rules required to
administrate an arpwatch environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="asterisk" filename="policy/modules/services/asterisk.if">
<summary>Asterisk IP telephony server.</summary>
<interface name="asterisk_domtrans" lineno="13">
<summary>
Execute asterisk in the asterisk domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="asterisk_exec" lineno="32">
<summary>
Execute asterisk in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="asterisk_stream_connect" lineno="52">
<summary>
Connect to asterisk over a unix domain.
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="asterisk_setattr_logs" lineno="72">
<summary>
Set attributes of asterisk log
files and directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="asterisk_setattr_pid_files" lineno="93">
<summary>
Set attributes of the asterisk
PID content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="asterisk_admin" lineno="114">
<summary>
All of the rules required to
administrate an asterisk environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="automount" filename="policy/modules/services/automount.if">
<summary>Filesystem automounter service.</summary>
<interface name="automount_domtrans" lineno="13">
<summary>
Execute automount in the automount domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="automount_signal" lineno="33">
<summary>
Send generic signals to automount.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="automount_read_state" lineno="51">
<summary>
Read automount process state.
</summary>
<param name="domain">
<summary>
Domain to allow access.
</summary>
</param>
</interface>
<interface name="automount_dontaudit_use_fds" lineno="73">
<summary>
Do not audit attempts to use
automount file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="automount_dontaudit_write_pipes" lineno="92">
<summary>
Do not audit attempts to write
automount unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="automount_dontaudit_getattr_tmp_dirs" lineno="112">
<summary>
Do not audit attempts to get
attributes of automount temporary
directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="automount_admin" lineno="137">
<summary>
All of the rules required to
administrate an automount environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="avahi" filename="policy/modules/services/avahi.if">
<summary>mDNS/DNS-SD daemon implementing Apple ZeroConf architecture.</summary>
<interface name="avahi_domtrans" lineno="13">
<summary>
Execute avahi server in the avahi domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="avahi_initrc_domtrans" lineno="33">
<summary>
Execute avahi init scripts in the
init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="avahi_signal" lineno="51">
<summary>
Send generic signals to avahi.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_kill" lineno="69">
<summary>
Send kill signals to avahi.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_signull" lineno="87">
<summary>
Send null signals to avahi.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_dbus_chat" lineno="106">
<summary>
Send and receive messages from
avahi over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_stream_connect" lineno="127">
<summary>
Connect to avahi using a unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_create_pid_dirs" lineno="146">
<summary>
Create avahi pid directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_setattr_pid_dirs" lineno="161">
<summary>
Set attributes of avahi pid directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_setattr_runtime_dirs" lineno="176">
<summary>
Set attributes of avahi runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_create_runtime_dirs" lineno="195">
<summary>
Create avahi runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_manage_pid_files" lineno="214">
<summary>
Create, read, and write avahi pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_dontaudit_search_pid" lineno="230">
<summary>
Do not audit attempts to search
avahi pid directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="avahi_filetrans_pid" lineno="256">
<summary>
Create specified objects in generic
pid directories with the avahi pid file type.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="avahi_manage_runtime_files" lineno="271">
<summary>
Create, read, and write avahi runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_dontaudit_search_runtime" lineno="291">
<summary>
Do not audit attempts to search
avahi runtime directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="avahi_filetrans_runtime" lineno="320">
<summary>
Create specified objects in generic
runtime directories with the avahi runtime file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="avahi_admin" lineno="345">
<summary>
All of the rules required to
administrate an avahi environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bind" filename="policy/modules/services/bind.if">
<summary>Berkeley Internet name domain DNS server.</summary>
<interface name="bind_initrc_domtrans" lineno="14">
<summary>
Execute bind init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bind_domtrans_ndc" lineno="32">
<summary>
Execute ndc in the ndc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bind_signal" lineno="51">
<summary>
Send generic signals to bind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_signull" lineno="69">
<summary>
Send null signals to bind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_kill" lineno="87">
<summary>
Send kill signals to bind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_run_ndc" lineno="112">
<summary>
Execute ndc in the ndc domain, and
allow the specified role the ndc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bind_domtrans" lineno="131">
<summary>
Execute bind in the named domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bind_read_dnssec_keys" lineno="150">
<summary>
Read dnssec key files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_config" lineno="168">
<summary>
Read bind named configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_write_config" lineno="186">
<summary>
Write bind named configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_manage_config_dirs" lineno="206">
<summary>
Create, read, write, and delete
bind configuration directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_search_cache" lineno="224">
<summary>
Search bind cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_manage_cache" lineno="246">
<summary>
Create, read, write, and delete
bind cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_setattr_pid_dirs" lineno="267">
<summary>
Set attributes of bind pid directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_setattr_zone_dirs" lineno="281">
<summary>
Set attributes of bind zone directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_zone" lineno="299">
<summary>
Read bind zone files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_manage_zone" lineno="319">
<summary>
Create, read, write, and delete
bind zone files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_admin" lineno="345">
<summary>
All of the rules required to
administrate an bind environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="named_tcp_bind_http_port" dftval="false">
<desc>
<p>
Determine whether Bind can bind tcp socket to http ports.
</p>
</desc>
</tunable>
<tunable name="named_write_master_zones" dftval="false">
<desc>
<p>
Determine whether Bind can write to master zone files.
Generally this is used for dynamic DNS or zone transfers.
</p>
</desc>
</tunable>
</module>
<module name="bird" filename="policy/modules/services/bird.if">
<summary>BIRD Internet Routing Daemon.</summary>
<interface name="bird_admin" lineno="20">
<summary>
All of the rules required to
administrate an bird environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bitlbee" filename="policy/modules/services/bitlbee.if">
<summary>Tunnels instant messaging traffic to a virtual IRC channel.</summary>
<interface name="bitlbee_read_config" lineno="13">
<summary>
Read bitlbee configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bitlbee_admin" lineno="40">
<summary>
All of the rules required to
administrate an bitlbee environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bluetooth" filename="policy/modules/services/bluetooth.if">
<summary>Bluetooth tools and system services.</summary>
<interface name="bluetooth_role" lineno="18">
<summary>
Role access for bluetooth.
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="bluetooth_stream_connect" lineno="63">
<summary>
Connect to bluetooth over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bluetooth_domtrans" lineno="83">
<summary>
Execute bluetooth in the bluetooth domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bluetooth_read_config" lineno="102">
<summary>
Read bluetooth configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bluetooth_dbus_chat" lineno="121">
<summary>
Send and receive messages from
bluetooth over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bluetooth_dontaudit_read_helper_state" lineno="142">
<summary>
Do not audit attempts to read
bluetooth process state files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="bluetooth_admin" lineno="168">
<summary>
All of the rules required to
administrate an bluetooth environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="boinc" filename="policy/modules/services/boinc.if">
<summary>Platform for computing using volunteered resources.</summary>
<interface name="boinc_admin" lineno="20">
<summary>
All of the rules required to
administrate an boinc environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="boinc_execmem" dftval="true">
<desc>
<p>
Determine whether boinc can execmem/execstack.
</p>
</desc>
</tunable>
</module>
<module name="bugzilla" filename="policy/modules/services/bugzilla.if">
<summary>Bugtracker.</summary>
<interface name="bugzilla_search_content" lineno="13">
<summary>
Search bugzilla directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bugzilla_dontaudit_rw_stream_sockets" lineno="33">
<summary>
Do not audit attempts to read and
write bugzilla script unix domain
stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="bugzilla_admin" lineno="58">
<summary>
All of the rules required to
administrate an bugzilla environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role" unused="true">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_httpd_bugzilla_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="cachefilesd" filename="policy/modules/services/cachefilesd.if">
<summary>CacheFiles user-space management daemon.</summary>
<interface name="cachefilesd_admin" lineno="20">
<summary>
All of the rules required to
administrate an cachefilesd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="callweaver" filename="policy/modules/services/callweaver.if">
<summary>PBX software.</summary>
<interface name="callweaver_exec" lineno="13">
<summary>
Execute callweaver in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="callweaver_stream_connect" lineno="33">
<summary>
Connect to callweaver over a
unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="callweaver_admin" lineno="59">
<summary>
All of the rules required to
administrate an callweaver environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="canna" filename="policy/modules/services/canna.if">
<summary>Kana-kanji conversion server.</summary>
<interface name="canna_stream_connect" lineno="14">
<summary>
Connect to Canna using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="canna_admin" lineno="40">
<summary>
All of the rules required to
administrate an canna environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ccs" filename="policy/modules/services/ccs.if">
<summary>Cluster Configuration System.</summary>
<interface name="ccs_domtrans" lineno="13">
<summary>
Execute a domain transition to run ccs.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ccs_stream_connect" lineno="32">
<summary>
Connect to ccs over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ccs_read_config" lineno="51">
<summary>
Read cluster configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ccs_manage_config" lineno="71">
<summary>
Create, read, write, and delete
cluster configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ccs_admin" lineno="98">
<summary>
All of the rules required to
administrate an ccs environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="certbot" filename="policy/modules/services/certbot.if">
<summary>SSL certificate requesting tool certbot AKA letsencrypt.</summary>
<interface name="certbot_domtrans" lineno="14">
<summary>
Execute certbot/letsencrypt in the certbot
domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="certbot_run" lineno="39">
<summary>
Execute certbot/letsencrypt in the certbot
domain, and allow the specified role
the firstboot domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<tunable name="certbot_acmesh" dftval="false">
<desc>
<p>
Determine whether additional rules
should be enabled to support acme.sh
</p>
</desc>
</tunable>
</module>
<module name="certmaster" filename="policy/modules/services/certmaster.if">
<summary>Remote certificate distribution framework.</summary>
<interface name="certmaster_domtrans" lineno="13">
<summary>
Execute a domain transition to run certmaster.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="certmaster_exec" lineno="32">
<summary>
Execute certmaster in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_read_log" lineno="51">
<summary>
read certmaster logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_append_log" lineno="70">
<summary>
Append certmaster log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_manage_log" lineno="90">
<summary>
Create, read, write, and delete
certmaster log content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_admin" lineno="117">
<summary>
All of the rules required to
administrate an certmaster environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="certmonger" filename="policy/modules/services/certmonger.if">
<summary>Certificate status monitor and PKI enrollment client.</summary>
<interface name="certmonger_domtrans" lineno="13">
<summary>
Execute a domain transition to run certmonger.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="certmonger_dbus_chat" lineno="33">
<summary>
Send and receive messages from
certmonger over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_initrc_domtrans" lineno="54">
<summary>
Execute certmonger server in
the certmonger domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="certmonger_read_pid_files" lineno="72">
<summary>
Read certmonger PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_search_lib" lineno="86">
<summary>
Search certmonger lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_read_lib_files" lineno="105">
<summary>
Read certmonger lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_manage_lib_files" lineno="125">
<summary>
Create, read, write, and delete
certmonger lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_admin" lineno="151">
<summary>
All of the rules required to
administrate an certmonger environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cgmanager" filename="policy/modules/services/cgmanager.if">
<summary>Control Group manager daemon.</summary>
<interface name="cgmanager_stream_connect" lineno="14">
<summary>
Connect to cgmanager with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cgroup" filename="policy/modules/services/cgroup.if">
<summary>libcg is a library that abstracts the control group file system in Linux.</summary>
<interface name="cgroup_domtrans_cgclear" lineno="14">
<summary>
Execute a domain transition to run
CG Clear.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_domtrans_cgconfig" lineno="34">
<summary>
Execute a domain transition to run
CG config parser.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_initrc_domtrans_cgconfig" lineno="54">
<summary>
Execute CG config init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_domtrans_cgred" lineno="73">
<summary>
Execute a domain transition to run
CG rules engine daemon.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_initrc_domtrans_cgred" lineno="94">
<summary>
Execute a domain transition to run
CG rules engine daemon.
domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_run_cgclear" lineno="121">
<summary>
Execute a domain transition to
run CG Clear and allow the
specified role the CG Clear
domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cgroup_stream_connect_cgred" lineno="141">
<summary>
Connect to CG rules engine daemon
over unix stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cgroup_admin" lineno="167">
<summary>
All of the rules required to administrate
an cgroup environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="chronyd" filename="policy/modules/services/chronyd.if">
<summary>Chrony NTP background daemon.</summary>
<interface name="chronyd_domtrans" lineno="13">
<summary>
Execute chronyd in the chronyd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="chronyd_domtrans_cli" lineno="32">
<summary>
Execute chronyc in the chronyc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="chronyd_initrc_domtrans" lineno="52">
<summary>
Execute chronyd server in the
chronyd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="chronyd_exec" lineno="70">
<summary>
Execute chronyd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_run_cli" lineno="97">
<summary>
Execute chronyc in the chronyc domain,
and allow the specified roles the
chronyc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="chronyd_read_log" lineno="116">
<summary>
Read chronyd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_read_config" lineno="135">
<summary>
Read chronyd config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_rw_config" lineno="154">
<summary>
Read and write chronyd config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_rw_shm" lineno="173">
<summary>
Read and write chronyd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_stream_connect" lineno="196">
<summary>
Connect to chronyd using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_dgram_send" lineno="216">
<summary>
Send to chronyd using a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_read_key_files" lineno="235">
<summary>
Read chronyd key files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_enabledisable" lineno="254">
<summary>
Allow specified domain to enable and disable chronyd unit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_startstop" lineno="273">
<summary>
Allow specified domain to start and stop chronyd unit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_status" lineno="292">
<summary>
Allow specified domain to get status of chronyd unit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_dgram_send_cli" lineno="312">
<summary>
Send to chronyd command line interface using a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_admin" lineno="338">
<summary>
All of the rules required to
administrate an chronyd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cipe" filename="policy/modules/services/cipe.if">
<summary>Encrypted tunnel daemon.</summary>
<interface name="cipe_admin" lineno="20">
<summary>
All of the rules required to
administrate an cipe environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="clamav" filename="policy/modules/services/clamav.if">
<summary>ClamAV Virus Scanner.</summary>
<interface name="clamav_domtrans" lineno="13">
<summary>
Execute a domain transition to run clamd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clamav_run" lineno="39">
<summary>
Execute clamd programs in the clamd
domain and allow the specified role
the clamd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="clamav_stream_connect" lineno="59">
<summary>
Connect to clamd using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_append_log" lineno="80">
<summary>
Append clamav log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_manage_pid_content" lineno="101">
<summary>
Create, read, write, and delete
clamav pid content.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_read_config" lineno="115">
<summary>
Read clamav configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_search_lib" lineno="134">
<summary>
Search clamav library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_domtrans_clamscan" lineno="153">
<summary>
Execute a domain transition to run clamscan.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clamav_exec_clamscan" lineno="172">
<summary>
Execute clamscan in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_read_state_clamd" lineno="191">
<summary>
Read clamd process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_read_signatures" lineno="219">
<summary>
Read clam virus signature files
</summary>
<desc>
<p>
Useful for when using things like 'sigtool'
which provides useful information about
ClamAV signature files.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_scannable_files" lineno="240">
<summary>
Denote a particular type to be scanned by ClamAV
</summary>
<param name="domain">
<summary>
Type that clamd_t and clamscan_t can read.
</summary>
</param>
</interface>
<interface name="clamav_domtrans_freshclam" lineno="258">
<summary>
Execute a domain transition to run freshclam.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clamav_run_freshclam" lineno="284">
<summary>
Execute freshclam in the freshclam domain, and
allow the specified role the freshclam domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="clamav_exec_freshclam" lineno="303">
<summary>
Execute freshclam in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_enabledisable_clamd" lineno="322">
<summary>
Allow specified domain to enable clamd units
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_startstop_clamd" lineno="341">
<summary>
Allow specified domain to start clamd units
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_status_clamd" lineno="360">
<summary>
Allow specified domain to get status of clamd
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_reload_clamd" lineno="379">
<summary>
Allow specified domain reload of clamd
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_admin" lineno="405">
<summary>
All of the rules required to
administrate an clamav environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="clamav_filetrans_log" lineno="444">
<summary>
specified domain creates /var/log/clamav/freshclam.log with correct type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_filetrans_runtime_dir" lineno="462">
<summary>
specified domain creates /run/clamav with correct type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="clamav_read_user_content_files_clamscan" dftval="false">
<desc>
<p>
Determine whether clamscan can
read user content files.
</p>
</desc>
</tunable>
<tunable name="clamav_read_all_non_security_files_clamscan" dftval="false">
<desc>
<p>
Determine whether clamscan can read
all non-security files.
</p>
</desc>
</tunable>
<tunable name="clamd_use_jit" dftval="false">
<desc>
<p>
Determine whether can clamd use JIT compiler.
</p>
</desc>
</tunable>
</module>
<module name="clockspeed" filename="policy/modules/services/clockspeed.if">
<summary>Clock speed measurement and manipulation.</summary>
<interface name="clockspeed_domtrans_cli" lineno="14">
<summary>
Execute clockspeed utilities in
the clockspeed_cli domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clockspeed_run_cli" lineno="41">
<summary>
Execute clockspeed utilities in the
clockspeed cli domain, and allow the
specified role the clockspeed cli domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="clogd" filename="policy/modules/services/clogd.if">
<summary>Clustered Mirror Log Server.</summary>
<interface name="clogd_domtrans" lineno="13">
<summary>
Execute a domain transition to run clogd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clogd_rw_semaphores" lineno="32">
<summary>
Read and write clogd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clogd_rw_shm" lineno="50">
<summary>
Read and write clogd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cmirrord" filename="policy/modules/services/cmirrord.if">
<summary>Cluster mirror log daemon.</summary>
<interface name="cmirrord_domtrans" lineno="14">
<summary>
Execute a domain transition to
run cmirrord.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cmirrord_initrc_domtrans" lineno="34">
<summary>
Execute cmirrord server in the
cmirrord domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cmirrord_read_pid_files" lineno="52">
<summary>
Read cmirrord PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cmirrord_rw_shm" lineno="66">
<summary>
Read and write cmirrord shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cmirrord_admin" lineno="96">
<summary>
All of the rules required to
administrate an cmirrord environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cobbler" filename="policy/modules/services/cobbler.if">
<summary>Cobbler installation server.</summary>
<interface name="cobblerd_domtrans" lineno="13">
<summary>
Execute a domain transition to run cobblerd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cobblerd_initrc_domtrans" lineno="33">
<summary>
Execute cobblerd init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cobbler_read_config" lineno="51">
<summary>
Read cobbler configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_dontaudit_rw_log" lineno="71">
<summary>
Do not audit attempts to read and write
cobbler log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cobbler_search_lib" lineno="89">
<summary>
Search cobbler lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_read_lib_files" lineno="108">
<summary>
Read cobbler lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_manage_lib_files" lineno="128">
<summary>
Create, read, write, and delete
cobbler lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_admin" lineno="154">
<summary>
All of the rules required to
administrate an cobbler environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="cobbler_anon_write" dftval="false">
<desc>
<p>
Determine whether Cobbler can modify
public files used for public file
transfer services.
</p>
</desc>
</tunable>
<tunable name="cobbler_can_network_connect" dftval="false">
<desc>
<p>
Determine whether Cobbler can connect
to the network using TCP.
</p>
</desc>
</tunable>
<tunable name="cobbler_use_cifs" dftval="false">
<desc>
<p>
Determine whether Cobbler can access
cifs file systems.
</p>
</desc>
</tunable>
<tunable name="cobbler_use_nfs" dftval="false">
<desc>
<p>
Determine whether Cobbler can access
nfs file systems.
</p>
</desc>
</tunable>
</module>
<module name="cockpit" filename="policy/modules/services/cockpit.if">
<summary>policy for cockpit</summary>
<interface name="cockpit_ws_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the cockpit domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cockpit_session_domtrans" lineno="32">
<summary>
Execute TEMPLATE in the cockpit domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cockpit_rw_pipes" lineno="51">
<summary>
Read and write cockpit_session_t unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cockpit_manage_unix_stream_sockets" lineno="69">
<summary>
Create cockpit unix_stream_sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cockpit_search_lib" lineno="87">
<summary>
Search cockpit lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cockpit_read_lib_files" lineno="106">
<summary>
Read cockpit lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cockpit_manage_lib_files" lineno="125">
<summary>
Manage cockpit lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cockpit_manage_lib_dirs" lineno="144">
<summary>
Manage cockpit lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cockpit_read_pid_files" lineno="163">
<summary>
Read cockpit pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cockpit_manage_pid_dirs" lineno="182">
<summary>
Manage cockpit pid dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cockpit_manage_pid_files" lineno="200">
<summary>
Manage cockpit pid dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cockpit_systemctl" lineno="218">
<summary>
Execute cockpit server in the cockpit domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cockpit_admin" lineno="246">
<summary>
All of the rules required to administrate
an cockpit environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="collectd" filename="policy/modules/services/collectd.if">
<summary>Statistics collection daemon for filling RRD files.</summary>
<interface name="collectd_admin" lineno="20">
<summary>
All of the rules required to
administrate an collectd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="collectd_tcp_network_connect" dftval="false">
<desc>
<p>
Determine whether collectd can connect
to the network using TCP.
</p>
</desc>
</tunable>
<tunable name="allow_httpd_collectd_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="colord" filename="policy/modules/services/colord.if">
<summary>GNOME color manager.</summary>
<interface name="colord_domtrans" lineno="13">
<summary>
Execute a domain transition to run colord.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="colord_dbus_chat" lineno="33">
<summary>
Send and receive messages from
colord over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="colord_read_lib_files" lineno="53">
<summary>
Read colord lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="colord_relabel_lib" lineno="72">
<summary>
relabel colord lib files and dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="comsat" filename="policy/modules/services/comsat.if">
<summary>Comsat, a biff server.</summary>
</module>
<module name="condor" filename="policy/modules/services/condor.if">
<summary>High-Throughput Computing System.</summary>
<template name="condor_domain_template" lineno="13">
<summary>
The template to define a condor domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="condor_admin" lineno="58">
<summary>
All of the rules required to
administrate an condor environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="condor_tcp_network_connect" dftval="false">
<desc>
<p>
Determine whether Condor can connect
to the network using TCP.
</p>
</desc>
</tunable>
</module>
<module name="consolesetup" filename="policy/modules/services/consolesetup.if">
<summary>console font and keymap setup program for debian</summary>
<interface name="consolesetup_domtrans" lineno="13">
<summary>
Execute console-setup in the consolesetup domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="consolesetup_read_conf" lineno="33">
<summary>
Read console-setup configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="consolesetup_exec_conf" lineno="55">
<summary>
Execute console-setup configuration files
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="consolesetup_manage_runtime" lineno="76">
<summary>
Allow the caller to manage
consolesetup_runtime_t files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="consolesetup_pid_filetrans_runtime" lineno="98">
<summary>
Create a console-setup directory in
the runtime directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="consolesetup_runtime_filetrans_runtime_dir" lineno="115">
<summary>
Create a console-setup directory in
the runtime directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="corosync" filename="policy/modules/services/corosync.if">
<summary>Corosync Cluster Engine.</summary>
<interface name="corosync_domtrans" lineno="13">
<summary>
Execute a domain transition to run corosync.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="corosync_initrc_domtrans" lineno="33">
<summary>
Execute corosync init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="corosync_exec" lineno="51">
<summary>
Execute corosync in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_read_log" lineno="70">
<summary>
Read corosync log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_stream_connect" lineno="91">
<summary>
Connect to corosync over a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_mmap_rw_tmpfs" lineno="110">
<summary>
Memmap, read and write corosync tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_rw_tmpfs" lineno="129">
<summary>
Read and write corosync tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_read_state" lineno="148">
<summary>
Read process state of corosync.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_admin" lineno="173">
<summary>
All of the rules required to
administrate an corosync environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="couchdb" filename="policy/modules/services/couchdb.if">
<summary>Document database server.</summary>
<interface name="couchdb_read_log_files" lineno="13">
<summary>
Read couchdb log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_manage_lib_files" lineno="32">
<summary>
Read, write, and create couchdb lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_read_conf_files" lineno="51">
<summary>
Read couchdb config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_read_pid_files" lineno="70">
<summary>
Read couchdb pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_read_runtime_files" lineno="85">
<summary>
Read couchdb runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="couchdb_admin" lineno="111">
<summary>
All of the rules required to
administrate an couchdb environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="courier" filename="policy/modules/services/courier.if">
<summary>Courier IMAP and POP3 email servers.</summary>
<template name="courier_domain_template" lineno="13">
<summary>
The template to define a courier domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="courier_domtrans_authdaemon" lineno="46">
<summary>
Execute the courier authentication
daemon with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="courier_stream_connect_authdaemon" lineno="66">
<summary>
Connect to courier-authdaemon over
a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_domtrans_pop" lineno="86">
<summary>
Execute the courier POP3 and IMAP
server with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="courier_read_config" lineno="105">
<summary>
Read courier config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_manage_spool_dirs" lineno="125">
<summary>
Create, read, write, and delete courier
spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_manage_spool_files" lineno="145">
<summary>
Create, read, write, and delete courier
spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_read_spool" lineno="164">
<summary>
Read courier spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_rw_spool_pipes" lineno="183">
<summary>
Read and write courier spool pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cpucontrol" filename="policy/modules/services/cpucontrol.if">
<summary>Services for loading CPU microcode and CPU frequency scaling.</summary>
<interface name="cpucontrol_stub" lineno="13">
<summary>
CPUcontrol stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cron" filename="policy/modules/services/cron.if">
<summary>Periodic execution of scheduled commands.</summary>
<template name="cron_common_crontab_template" lineno="13">
<summary>
The template to define a crontab domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="cron_role" lineno="69">
<summary>
Role access for cron.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
stem of domain for the role.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cron_unconfined_role" lineno="150">
<summary>
Role access for unconfined cron.
Only used if cronjob_domain is set
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="cron_admin_role" lineno="231">
<summary>
Role access for admin cron.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="cron_system_entry" lineno="322">
<summary>
Make the specified program domain
accessible from the system cron jobs.
</summary>
<param name="domain">
<summary>
The type of the process to transition to.
</summary>
</param>
<param name="entrypoint">
<summary>
The type of the file used as an entrypoint to this domain.
</summary>
</param>
</interface>
<interface name="cron_domtrans" lineno="343">
<summary>
Execute cron in the cron system domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cron_exec" lineno="362">
<summary>
Execute crond in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_initrc_domtrans" lineno="381">
<summary>
Execute crond server in the crond domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cron_use_fds" lineno="399">
<summary>
Use crond file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_sigchld" lineno="417">
<summary>
Send child terminated signals to crond.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_setattr_log_files" lineno="435">
<summary>
Set the attributes of cron log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_create_log_files" lineno="453">
<summary>
Create cron log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_write_log_files" lineno="471">
<summary>
Write to cron log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_manage_log_files" lineno="490">
<summary>
Create, read, write and delete
cron log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_generic_log_filetrans_log" lineno="521">
<summary>
Create specified objects in generic
log directories with the cron log file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="cron_read_pipes" lineno="539">
<summary>
Read cron daemon unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_write_pipes" lineno="558">
<summary>
Do not audit attempts to write
cron daemon unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cron_rw_pipes" lineno="576">
<summary>
Read and write crond unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_tcp_sockets" lineno="594">
<summary>
Read and write crond TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_rw_tcp_sockets" lineno="613">
<summary>
Do not audit attempts to read and
write cron daemon TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cron_search_spool" lineno="631">
<summary>
Search cron spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_manage_pid_files" lineno="651">
<summary>
Create, read, write, and delete
crond pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_anacron_domtrans_system_job" lineno="666">
<summary>
Execute anacron in the cron
system domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cron_use_system_job_fds" lineno="685">
<summary>
Use system cron job file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_manage_system_spool" lineno="703">
<summary>
Create, read, write, and delete the system spool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_read_system_spool" lineno="722">
<summary>
Read the system spool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_tmp_files" lineno="742">
<summary>
Read and write crond temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_inherited_tmp_files" lineno="760">
<summary>
Read and write inherited crond temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_read_system_job_lib_files" lineno="778">
<summary>
Read system cron job lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_manage_system_job_lib_files" lineno="798">
<summary>
Create, read, write, and delete
system cron job lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_write_system_job_pipes" lineno="817">
<summary>
Write system cron job unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_system_job_pipes" lineno="836">
<summary>
Read and write system cron job
unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_system_job_stream_sockets" lineno="855">
<summary>
Read and write inherited system cron
job unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_read_system_job_tmp_files" lineno="873">
<summary>
Read system cron job temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_system_job_tmp_files" lineno="893">
<summary>
Read/write system cron job temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_append_system_job_tmp_files" lineno="914">
<summary>
Do not audit attempts to append temporary
system cron job files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cron_append_system_job_tmp_files" lineno="932">
<summary>
allow appending temporary system cron job files.
</summary>
<param name="domain">
<summary>
Domain to allow.
</summary>
</param>
</interface>
<interface name="cron_rw_inherited_system_job_tmp_files" lineno="950">
<summary>
Read and write to inherited system cron job temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_write_system_job_tmp_files" lineno="969">
<summary>
Do not audit attempts to write temporary
system cron job files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cron_exec_crontab" lineno="988">
<summary>
Execute crontab in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cron_admin" lineno="1014">
<summary>
All of the rules required to
administrate a cron environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="cron_can_relabel" dftval="false">
<desc>
<p>
Determine whether system cron jobs
can relabel filesystem for
restoring file contexts.
</p>
</desc>
</tunable>
<tunable name="cron_userdomain_transition" dftval="true">
<desc>
<p>
Determine whether crond can execute jobs
in the user domain as opposed to the
the generic cronjob domain.
</p>
</desc>
</tunable>
<tunable name="fcron_crond" dftval="false">
<desc>
<p>
Determine whether extra rules
should be enabled to support fcron.
</p>
</desc>
</tunable>
<tunable name="cron_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the cron domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="cron_read_all_user_content" dftval="false">
<desc>
<p>
Grant the cron domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="cron_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the cron domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="cron_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the cron domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="ctdb" filename="policy/modules/services/ctdb.if">
<summary>Clustered Database based on Samba Trivial Database.</summary>
<interface name="ctdbd_manage_lib_files" lineno="14">
<summary>
Create, read, write, and delete
ctdbd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_stream_connect" lineno="34">
<summary>
Connect to ctdbd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdb_admin" lineno="60">
<summary>
All of the rules required to
administrate an ctdb environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cups" filename="policy/modules/services/cups.if">
<summary>Common UNIX printing system.</summary>
<interface name="cups_backend" lineno="19">
<summary>
Create a domain which can be
started by cupsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="cups_domtrans" lineno="46">
<summary>
Execute cups in the cups domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cups_stream_connect" lineno="66">
<summary>
Connect to cupsd over an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_dbus_chat" lineno="87">
<summary>
Send and receive messages from
cups over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_read_pid_files" lineno="107">
<summary>
Read cups PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_read_runtime_files" lineno="122">
<summary>
Read cups runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_domtrans_config" lineno="142">
<summary>
Execute cups_config in the
cups config domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cups_signal_config" lineno="162">
<summary>
Send generic signals to the cups
configuration daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_dbus_chat_config" lineno="181">
<summary>
Send and receive messages from
cupsd_config over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_read_config" lineno="202">
<summary>
Read cups configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cups_read_rw_config" lineno="222">
<summary>
Read cups-writable configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cups_read_log" lineno="242">
<summary>
Read cups log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cups_append_log" lineno="261">
<summary>
Append cups log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_write_log" lineno="280">
<summary>
Write cups log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_stream_connect_ptal" lineno="300">
<summary>
Connect to ptal over an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_read_state" lineno="319">
<summary>
Read the process state (/proc/pid) of cupsd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_domtrans_hplip" lineno="341">
<summary>
Execute HP Linux Imaging and
Printing applications in their
own domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cups_admin" lineno="367">
<summary>
All of the rules required to
administrate an cups environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="cups_legacy_ldso" dftval="false">
<desc>
<p>
Allows legacy ld_so for old printer filters
</p>
</desc>
</tunable>
</module>
<module name="cvs" filename="policy/modules/services/cvs.if">
<summary>Concurrent versions system.</summary>
<interface name="cvs_read_data" lineno="13">
<summary>
Read CVS data and metadata content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cvs_exec" lineno="33">
<summary>
Execute cvs in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cvs_admin" lineno="59">
<summary>
All of the rules required to
administrate an cvs environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_cvs_read_shadow" dftval="false">
<desc>
<p>
Determine whether cvs can read shadow
password files.
</p>
</desc>
</tunable>
<tunable name="allow_httpd_cvs_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="cyphesis" filename="policy/modules/services/cyphesis.if">
<summary>Cyphesis WorldForge game server.</summary>
<interface name="cyphesis_domtrans" lineno="13">
<summary>
Execute a domain transition to run cyphesis.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cyphesis_admin" lineno="39">
<summary>
All of the rules required to
administrate an cyphesis environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cyrus" filename="policy/modules/services/cyrus.if">
<summary>Cyrus is an IMAP service intended to be run on sealed servers.</summary>
<interface name="cyrus_manage_data" lineno="14">
<summary>
Create, read, write, and delete
cyrus data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cyrus_stream_connect" lineno="34">
<summary>
Connect to Cyrus using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cyrus_admin" lineno="60">
<summary>
All of the rules required to
administrate an cyrus environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dante" filename="policy/modules/services/dante.if">
<summary>Dante msproxy and socks4/5 proxy server.</summary>
<interface name="dante_admin" lineno="20">
<summary>
All of the rules required to
administrate an dante environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dbskk" filename="policy/modules/services/dbskk.if">
<summary>Dictionary server for the SKK Japanese input method system.</summary>
</module>
<module name="dbus" filename="policy/modules/services/dbus.if">
<summary>Desktop messaging bus.</summary>
<interface name="dbus_stub" lineno="13">
<summary>
DBUS stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="dbus_exec" lineno="30">
<summary>
Execute dbus in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="dbus_role_template" lineno="60">
<summary>
Role access for dbus.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</template>
<interface name="dbus_system_bus_client" lineno="150">
<summary>
Template for creating connections to
the system bus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_connect_all_session_bus" lineno="184">
<summary>
Acquire service on all DBUS
session busses.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_connect_spec_session_bus" lineno="210">
<summary>
Acquire service on specified
DBUS session bus.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_all_session_bus_client" lineno="230">
<summary>
Creating connections to all
DBUS session busses.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_spec_session_bus_client" lineno="262">
<summary>
Creating connections to specified
DBUS session bus.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_send_all_session_bus" lineno="289">
<summary>
Send messages to all DBUS
session busses.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_send_spec_session_bus" lineno="315">
<summary>
Send messages to specified
DBUS session busses.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_read_config" lineno="334">
<summary>
Read dbus configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_read_lib_files" lineno="353">
<summary>
Read system dbus lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_relabel_lib_dirs" lineno="373">
<summary>
Relabel system dbus lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_manage_lib_files" lineno="393">
<summary>
Create, read, write, and delete
system dbus lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_all_session_domain" lineno="419">
<summary>
Allow a application domain to be
started by the specified session bus.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an
entry point to this domain.
</summary>
</param>
</interface>
<interface name="dbus_spec_session_domain" lineno="453">
<summary>
Allow a application domain to be
started by the specified session bus.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an
entry point to this domain.
</summary>
</param>
</interface>
<interface name="dbus_connect_system_bus" lineno="474">
<summary>
Acquire service on the DBUS system bus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_send_system_bus" lineno="493">
<summary>
Send messages to the DBUS system bus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_system_bus_unconfined" lineno="512">
<summary>
Unconfined access to DBUS system bus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_system_domain" lineno="537">
<summary>
Create a domain for processes which
can be started by the DBUS system bus.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="dbus_use_system_bus_fds" lineno="577">
<summary>
Use and inherit DBUS system bus
file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_dontaudit_system_bus_rw_tcp_sockets" lineno="596">
<summary>
Do not audit attempts to read and
write DBUS system bus TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dbus_watch_system_bus_runtime_dirs" lineno="614">
<summary>
Watch system bus runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_list_system_bus_runtime" lineno="632">
<summary>
List system bus runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_watch_system_bus_runtime_named_sockets" lineno="650">
<summary>
Watch system bus runtime named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_read_system_bus_runtime_named_sockets" lineno="668">
<summary>
Read system bus runtime named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_unconfined" lineno="686">
<summary>
Unconfined access to DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="dbus_pass_tuntap_fd" dftval="false">
<desc>
<p>
Allow dbus-daemon system bus to access /dev/net/tun
which is needed to pass tun/tap device file descriptors
over D-Bus.  This is needed by openvpn3-linux.
</p>
</desc>
</tunable>
</module>
<module name="dcc" filename="policy/modules/services/dcc.if">
<summary>Distributed checksum clearinghouse spam filtering.</summary>
<interface name="dcc_domtrans_cdcc" lineno="13">
<summary>
Execute cdcc in the cdcc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dcc_run_cdcc" lineno="40">
<summary>
Execute cdcc in the cdcc domain, and
allow the specified role the
cdcc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dcc_domtrans_client" lineno="60">
<summary>
Execute dcc client in the dcc
client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dcc_signal_client" lineno="79">
<summary>
Send generic signals to dcc client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dcc_run_client" lineno="105">
<summary>
Execute dcc client in the dcc
client domain, and allow the
specified role the dcc client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dcc_domtrans_dbclean" lineno="124">
<summary>
Execute dbclean in the dcc dbclean domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dcc_run_dbclean" lineno="151">
<summary>
Execute dbclean in the dcc dbclean
domain, and allow the specified
role the dcc dbclean domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dcc_stream_connect_dccifd" lineno="171">
<summary>
Connect to dccifd over a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ddclient" filename="policy/modules/services/ddclient.if">
<summary>Update dynamic IP address at DynDNS.org.</summary>
<interface name="ddclient_domtrans" lineno="13">
<summary>
Execute ddclient in the ddclient domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ddclient_run" lineno="40">
<summary>
Execute ddclient in the ddclient
domain, and allow the specified
role the ddclient domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ddclient_admin" lineno="66">
<summary>
All of the rules required to
administrate an ddclient environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="denyhosts" filename="policy/modules/services/denyhosts.if">
<summary>SSH dictionary attack mitigation.</summary>
<interface name="denyhosts_domtrans" lineno="13">
<summary>
Execute a domain transition to run denyhosts.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="denyhosts_initrc_domtrans" lineno="33">
<summary>
Execute denyhost server in the
denyhost domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="denyhosts_admin" lineno="57">
<summary>
All of the rules required to
administrate an denyhosts environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="devicekit" filename="policy/modules/services/devicekit.if">
<summary>Devicekit modular hardware abstraction layer.</summary>
<interface name="devicekit_domtrans" lineno="13">
<summary>
Execute a domain transition to run devicekit.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="devicekit_dgram_send" lineno="33">
<summary>
Send to devicekit over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dbus_chat" lineno="53">
<summary>
Send and receive messages from
devicekit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dbus_chat_disk" lineno="74">
<summary>
Send and receive messages from
devicekit disk over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_signal_power" lineno="94">
<summary>
Send generic signals to devicekit power.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dbus_chat_power" lineno="113">
<summary>
Send and receive messages from
devicekit power over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_use_fds_power" lineno="134">
<summary>
Use and inherit devicekit power
file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_append_inherited_log_files" lineno="152">
<summary>
Append inherited devicekit log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_manage_log_files" lineno="174">
<summary>
Create, read, write, and delete
devicekit log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_relabel_log_files" lineno="193">
<summary>
Relabel devicekit log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_read_pid_files" lineno="212">
<summary>
Read devicekit PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_manage_pid_files" lineno="228">
<summary>
Create, read, write, and delete
devicekit PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_read_runtime_files" lineno="243">
<summary>
Read devicekit runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_manage_runtime_files" lineno="263">
<summary>
Create, read, write, and delete
devicekit runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_admin" lineno="289">
<summary>
All of the rules required to
administrate an devicekit environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role" unused="true">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dhcp" filename="policy/modules/services/dhcp.if">
<summary>Dynamic host configuration protocol server.</summary>
<interface name="dhcpd_domtrans" lineno="13">
<summary>
Execute a domain transition to run dhcpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dhcpd_setattr_state_files" lineno="33">
<summary>
Set attributes of dhcpd server
state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dhcpd_initrc_domtrans" lineno="53">
<summary>
Execute dhcp server in the dhcp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dhcpd_admin" lineno="78">
<summary>
All of the rules required to
administrate an dhcpd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="dhcpd_use_ldap" dftval="false">
<desc>
<p>
Determine whether DHCP daemon
can use LDAP backends.
</p>
</desc>
</tunable>
</module>
<module name="dictd" filename="policy/modules/services/dictd.if">
<summary>Dictionary daemon.</summary>
<interface name="dictd_admin" lineno="20">
<summary>
All of the rules required to
administrate an dictd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dirmngr" filename="policy/modules/services/dirmngr.if">
<summary>Server for managing and downloading certificate revocation lists.</summary>
<interface name="dirmngr_role" lineno="18">
<summary>
Role access for dirmngr.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="dirmngr_unlink_tmp_sock" lineno="47">
<summary>
unlink dirmngr_tmp_t sock_file
</summary>
<param name="domain">
<summary>
domain allowed access
</summary>
</param>
</interface>
<interface name="dirmngr_domtrans" lineno="65">
<summary>
Execute dirmngr in the dirmngr domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dirmngr_exec" lineno="84">
<summary>
Execute the dirmngr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirmngr_stream_connect" lineno="103">
<summary>
Connect to dirmngr socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirmngr_tmp_dir_search" lineno="125">
<summary>
Search dirmngr_tmp_t dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirmngr_admin" lineno="150">
<summary>
All of the rules required to
administrate an dirmngr environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="distcc" filename="policy/modules/services/distcc.if">
<summary>Distributed compiler daemon.</summary>
<interface name="distcc_admin" lineno="20">
<summary>
All of the rules required to
administrate an distcc environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="djbdns" filename="policy/modules/services/djbdns.if">
<summary>Small and secure DNS daemon.</summary>
<template name="djbdns_daemontools_domain_template" lineno="13">
<summary>
The template to define a djbdns domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="djbdns_search_tinydns_keys" lineno="54">
<summary>
Search djbdns-tinydns key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="djbdns_link_tinydns_keys" lineno="72">
<summary>
Link djbdns-tinydns key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dkim" filename="policy/modules/services/dkim.if">
<summary>DomainKeys Identified Mail milter.</summary>
<interface name="dkim_stream_connect" lineno="13">
<summary>
Allow a domain to talk to dkim via Unix domain socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dkim_admin" lineno="38">
<summary>
All of the rules required to
administrate an dkim environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dnsmasq" filename="policy/modules/services/dnsmasq.if">
<summary>DNS forwarder and DHCP server.</summary>
<interface name="dnsmasq_domtrans" lineno="14">
<summary>
Execute dnsmasq server in the dnsmasq domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dnsmasq_initrc_domtrans" lineno="35">
<summary>
Execute the dnsmasq init script in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dnsmasq_signal" lineno="54">
<summary>
Send generic signals to dnsmasq.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_signull" lineno="73">
<summary>
Send null signals to dnsmasq.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_kill" lineno="92">
<summary>
Send kill signals to dnsmasq.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_read_config" lineno="110">
<summary>
Read dnsmasq config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_write_config" lineno="129">
<summary>
Write dnsmasq config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_delete_pid_files" lineno="149">
<summary>
Delete dnsmasq pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_manage_pid_files" lineno="165">
<summary>
Create, read, write, and delete
dnsmasq pid files  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_read_pid_files" lineno="181">
<summary>
Read dnsmasq pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_create_pid_dirs" lineno="196">
<summary>
Create dnsmasq pid directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_spec_filetrans_pid" lineno="228">
<summary>
Create specified objects in specified
directories with a type transition to
the dnsmasq pid file type.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
Directory to transition on.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dnsmasq_create_runtime_dirs" lineno="243">
<summary>
Create dnsmasq runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_virt_runtime_filetrans_runtime" lineno="274">
<summary>
Create specified objects in specified
directories with a type transition to
the dnsmasq runtime file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="dnsmasq_read_runtime_files" lineno="293">
<summary>
Read dnsmasq runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_delete_runtime_files" lineno="312">
<summary>
Delete dnsmasq runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_manage_runtime_files" lineno="331">
<summary>
Create, read, write, and delete
dnsmasq runtime files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_admin" lineno="357">
<summary>
All of the rules required to
administrate an dnsmasq environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dovecot" filename="policy/modules/services/dovecot.if">
<summary>POP and IMAP mail server.</summary>
<interface name="dovecot_stream_connect" lineno="14">
<summary>
Connect to dovecot using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dovecot_stream_connect_auth" lineno="35">
<summary>
Connect to dovecot using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dovecot_domtrans_deliver" lineno="55">
<summary>
Execute dovecot_deliver in the
dovecot_deliver domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dovecot_read_config" lineno="75">
<summary>
Read dovecot configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dovecot_manage_spool" lineno="97">
<summary>
Create, read, write, and delete
dovecot spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dovecot_dontaudit_unlink_lib_files" lineno="119">
<summary>
Do not audit attempts to delete
dovecot lib files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dovecot_write_inherited_tmp_files" lineno="137">
<summary>
Write inherited dovecot tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dovecot_admin" lineno="162">
<summary>
All of the rules required to
administrate an dovecot environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="dovecot_can_connect_db" dftval="false">
<desc>
<p>
Determine whether dovecot can connect to
databases.
</p>
</desc>
</tunable>
</module>
<module name="drbd" filename="policy/modules/services/drbd.if">
<summary>Mirrors a block device over the network to another machine.</summary>
<interface name="drbd_domtrans" lineno="14">
<summary>
Execute a domain transition to
run drbd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="drbd_admin" lineno="40">
<summary>
All of the rules required to
administrate an drbd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dspam" filename="policy/modules/services/dspam.if">
<summary>Content-based spam filter designed for multi-user enterprise systems.</summary>
<interface name="dspam_domtrans" lineno="13">
<summary>
Execute a domain transition to run dspam.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_stream_connect" lineno="33">
<summary>
Connect to dspam using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_admin" lineno="60">
<summary>
All of the rules required to
administrate an dspam environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_httpd_dspam_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="entropyd" filename="policy/modules/services/entropyd.if">
<summary>Generate entropy from audio input.</summary>
<interface name="entropyd_admin" lineno="20">
<summary>
All of the rules required to
administrate an entropyd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="entropyd_use_audio" dftval="false">
<desc>
<p>
Determine whether entropyd can use
audio devices as the source for
the entropy feeds.
</p>
</desc>
</tunable>
</module>
<module name="exim" filename="policy/modules/services/exim.if">
<summary>Mail transfer agent.</summary>
<interface name="exim_exec" lineno="13">
<summary>
Execute exim in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_domtrans" lineno="32">
<summary>
Execute a domain transition to run exim.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="exim_run" lineno="59">
<summary>
Execute exim in the exim domain,
and allow the specified role
the exim domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="exim_dontaudit_read_tmp_files" lineno="79">
<summary>
Do not audit attempts to read exim
temporary tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="exim_read_tmp_files" lineno="97">
<summary>
Read exim temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_read_pid_files" lineno="116">
<summary>
Read exim pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_read_log" lineno="131">
<summary>
Read exim log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="exim_append_log" lineno="150">
<summary>
Append exim log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_manage_log" lineno="171">
<summary>
Create, read, write, and delete
exim log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="exim_manage_spool_dirs" lineno="191">
<summary>
Create, read, write, and delete
exim spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_read_spool_files" lineno="210">
<summary>
Read exim spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_manage_spool_files" lineno="231">
<summary>
Create, read, write, and delete
exim spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_read_var_lib_files" lineno="250">
<summary>
Read exim var lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_manage_var_lib_files" lineno="269">
<summary>
Create, read, and write exim var lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_admin" lineno="295">
<summary>
All of the rules required to
administrate an exim environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="exim_can_connect_db" dftval="false">
<desc>
<p>
Determine whether exim can connect to
databases.
</p>
</desc>
</tunable>
<tunable name="exim_read_user_files" dftval="false">
<desc>
<p>
Determine whether exim can read generic
user content files.
</p>
</desc>
</tunable>
<tunable name="exim_manage_user_files" dftval="false">
<desc>
<p>
Determine whether exim can create,
read, write, and delete generic user
content files.
</p>
</desc>
</tunable>
</module>
<module name="fail2ban" filename="policy/modules/services/fail2ban.if">
<summary>Update firewall filtering to ban IP addresses with too many password failures.</summary>
<interface name="fail2ban_domtrans" lineno="13">
<summary>
Execute a domain transition to run fail2ban.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fail2ban_domtrans_client" lineno="33">
<summary>
Execute the fail2ban client in
the fail2ban client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fail2ban_run_client" lineno="60">
<summary>
Execute fail2ban client in the
fail2ban client domain, and allow
the specified role the fail2ban
client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_stream_connect" lineno="80">
<summary>
Connect to fail2ban over a
unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_rw_inherited_tmp_files" lineno="99">
<summary>
Read and write inherited temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_dontaudit_use_fds" lineno="119">
<summary>
Do not audit attempts to use
fail2ban file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fail2ban_dontaudit_rw_stream_sockets" lineno="138">
<summary>
Do not audit attempts to read and
write fail2ban unix stream sockets
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fail2ban_rw_stream_sockets" lineno="157">
<summary>
Read and write fail2ban unix
stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_read_lib_files" lineno="175">
<summary>
Read fail2ban lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_read_log" lineno="195">
<summary>
Read fail2ban log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fail2ban_append_log" lineno="214">
<summary>
Append fail2ban log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_read_pid_files" lineno="233">
<summary>
Read fail2ban pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_admin" lineno="254">
<summary>
All of the rules required to
administrate an fail2ban environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="fcoe" filename="policy/modules/services/fcoe.if">
<summary>Fibre Channel over Ethernet utilities.</summary>
<interface name="fcoe_dgram_send_fcoemon" lineno="13">
<summary>
Send to fcoemon with a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fcoe_admin" lineno="39">
<summary>
All of the rules required to
administrate an fcoemon environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="fetchmail" filename="policy/modules/services/fetchmail.if">
<summary>Remote-mail retrieval and forwarding utility.</summary>
<interface name="fetchmail_admin" lineno="20">
<summary>
All of the rules required to
administrate an fetchmail environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="finger" filename="policy/modules/services/finger.if">
<summary>Finger user information service.</summary>
<interface name="finger_domtrans" lineno="13">
<summary>
Execute fingerd in the fingerd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="firewalld" filename="policy/modules/services/firewalld.if">
<summary>Service daemon with a D-BUS interface that provides a dynamic managed firewall.</summary>
<interface name="firewalld_read_config_files" lineno="13">
<summary>
Read firewalld configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firewalld_dbus_chat" lineno="33">
<summary>
Send and receive messages from
firewalld over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firewalld_dontaudit_rw_tmp_files" lineno="54">
<summary>
Do not audit attempts to read, snd
write firewalld temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="firewalld_read_var_run_files" lineno="72">
<summary>
Read firewalld runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="firewalld_admin" lineno="98">
<summary>
All of the rules required to
administrate an firewalld environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="fprintd" filename="policy/modules/services/fprintd.if">
<summary>DBus fingerprint reader service.</summary>
<interface name="fprintd_domtrans" lineno="13">
<summary>
Execute a domain transition to run fprintd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fprintd_dbus_chat" lineno="33">
<summary>
Send and receive messages from
fprintd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ftp" filename="policy/modules/services/ftp.if">
<summary>File transfer protocol service.</summary>
<interface name="ftp_dyntrans_anon_sftpd" lineno="13">
<summary>
Execute a dyntransition to run anon sftpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ftp_read_config" lineno="31">
<summary>
Read ftpd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_check_exec" lineno="50">
<summary>
Execute FTP daemon entry point programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_read_log" lineno="69">
<summary>
Read ftpd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_domtrans_ftpdctl" lineno="88">
<summary>
Execute the ftpdctl in the ftpdctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ftp_run_ftpdctl" lineno="115">
<summary>
Execute the ftpdctl in the ftpdctl
domain, and allow the specified
role the ftpctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ftp_dyntrans_sftpd" lineno="134">
<summary>
Execute a dyntransition to run sftpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ftp_admin" lineno="159">
<summary>
All of the rules required to
administrate an ftp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ftp_filetrans_pure_ftpd_runtime" lineno="203">
<summary>
create /run/pure-ftpd
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_ftpd_anon_write" dftval="false">
<desc>
<p>
Determine whether ftpd can modify
public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="allow_ftpd_full_access" dftval="false">
<desc>
<p>
Determine whether ftpd can login to
local users and can read and write
all files on the system, governed by DAC.
</p>
</desc>
</tunable>
<tunable name="allow_ftpd_use_cifs" dftval="false">
<desc>
<p>
Determine whether ftpd can use CIFS
used for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="allow_ftpd_use_nfs" dftval="false">
<desc>
<p>
Determine whether ftpd can use NFS
used for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="ftpd_connect_db" dftval="false">
<desc>
<p>
Determine whether ftpd can connect to
databases over the TCP network.
</p>
</desc>
</tunable>
<tunable name="ftpd_use_passive_mode" dftval="false">
<desc>
<p>
Determine whether ftpd can bind to all
unreserved ports for passive mode.
</p>
</desc>
</tunable>
<tunable name="ftpd_connect_all_unreserved" dftval="false">
<desc>
<p>
Determine whether ftpd can connect to
all unreserved ports.
</p>
</desc>
</tunable>
<tunable name="ftp_home_dir" dftval="false">
<desc>
<p>
Determine whether ftpd can read and write
files in user home directories.
</p>
</desc>
</tunable>
<tunable name="sftpd_anon_write" dftval="false">
<desc>
<p>
Determine whether sftpd can modify
public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="sftpd_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether sftpd-can read and write
files in user home directories.
</p>
</desc>
</tunable>
<tunable name="sftpd_full_access" dftval="false">
<desc>
<p>
Determine whether sftpd-can login to
local users and read and write all
files on the system, governed by DAC.
</p>
</desc>
</tunable>
<tunable name="sftpd_write_ssh_home" dftval="false">
<desc>
<p>
Determine whether sftpd can read and write
files in user ssh home directories.
</p>
</desc>
</tunable>
</module>
<module name="gatekeeper" filename="policy/modules/services/gatekeeper.if">
<summary>OpenH.323 Voice-Over-IP Gatekeeper.</summary>
<interface name="gatekeeper_admin" lineno="20">
<summary>
All of the rules required to
administrate an gatekeeper environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="gdomap" filename="policy/modules/services/gdomap.if">
<summary>GNUstep distributed object mapper.</summary>
<interface name="gdomap_read_config" lineno="13">
<summary>
Read gdomap configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gdomap_admin" lineno="39">
<summary>
All of the rules required to
administrate an gdomap environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="geoclue" filename="policy/modules/services/geoclue.if">
<summary>Geoclue is a D-Bus service that provides location information.</summary>
</module>
<module name="git" filename="policy/modules/services/git.if">
<summary>GIT revision control system.</summary>
<template name="git_role" lineno="18">
<summary>
Role access for Git session.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</template>
<interface name="git_read_generic_sys_content_files" lineno="60">
<summary>
Read generic system content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="git_cgi_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether Git CGI
can search home directories.
</p>
</desc>
</tunable>
<tunable name="git_cgi_use_cifs" dftval="false">
<desc>
<p>
Determine whether Git CGI
can access cifs file systems.
</p>
</desc>
</tunable>
<tunable name="git_cgi_use_nfs" dftval="false">
<desc>
<p>
Determine whether Git CGI
can access nfs file systems.
</p>
</desc>
</tunable>
<tunable name="git_session_bind_all_unreserved_ports" dftval="false">
<desc>
<p>
Determine whether Git session daemon
can bind TCP sockets to all
unreserved ports.
</p>
</desc>
</tunable>
<tunable name="git_session_users" dftval="false">
<desc>
<p>
Determine whether calling user domains
can execute Git daemon in the
git_session_t domain.
</p>
</desc>
</tunable>
<tunable name="git_session_send_syslog_msg" dftval="false">
<desc>
<p>
Determine whether Git session daemons
can send syslog messages.
</p>
</desc>
</tunable>
<tunable name="git_system_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether Git system daemon
can search home directories.
</p>
</desc>
</tunable>
<tunable name="git_system_use_cifs" dftval="false">
<desc>
<p>
Determine whether Git system daemon
can access cifs file systems.
</p>
</desc>
</tunable>
<tunable name="git_system_use_nfs" dftval="false">
<desc>
<p>
Determine whether Git system daemon
can access nfs file systems.
</p>
</desc>
</tunable>
<tunable name="allow_httpd_git_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="glance" filename="policy/modules/services/glance.if">
<summary>OpenStack image registry and delivery service.</summary>
<interface name="glance_domtrans_registry" lineno="14">
<summary>
Execute a domain transition to
run glance registry.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="glance_domtrans_api" lineno="34">
<summary>
Execute a domain transition to
run glance api.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="glance_read_log" lineno="54">
<summary>
Read glance log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="glance_append_log" lineno="73">
<summary>
Append glance log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_log" lineno="93">
<summary>
Create, read, write, and delete
glance log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_search_lib" lineno="114">
<summary>
Search glance lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_read_lib_files" lineno="133">
<summary>
Read glance lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_lib_files" lineno="153">
<summary>
Create, read, write, and delete
glance lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_lib_dirs" lineno="173">
<summary>
Create, read, write, and delete
glance lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_read_pid_files" lineno="192">
<summary>
Read glance pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_pid_files" lineno="207">
<summary>
Create, read, write, and delete
glance pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_admin" lineno="228">
<summary>
All of the rules required to
administrate an glance environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="glusterfs" filename="policy/modules/services/glusterfs.if">
<summary>Cluster File System binary, daemon and command line.</summary>
<interface name="glusterfs_admin" lineno="20">
<summary>
All of the rules required to
administrate an glusterfs environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="gnomeclock" filename="policy/modules/services/gnomeclock.if">
<summary>Gnome clock handler for setting the time.</summary>
<interface name="gnomeclock_domtrans" lineno="14">
<summary>
Execute a domain transition to
run gnomeclock.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gnomeclock_run" lineno="40">
<summary>
Execute gnomeclock in the gnomeclock
domain, and allow the specified
role the gnomeclock domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="gnomeclock_dbus_chat" lineno="60">
<summary>
Send and receive messages from
gnomeclock over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnomeclock_dontaudit_dbus_chat" lineno="82">
<summary>
Do not audit attempts to send and
receive messages from gnomeclock
over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="gpm" filename="policy/modules/services/gpm.if">
<summary>General Purpose Mouse driver.</summary>
<interface name="gpm_stream_connect" lineno="14">
<summary>
Connect to GPM over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpm_getattr_gpmctl" lineno="34">
<summary>
Get attributes of gpm control
channel named sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpm_dontaudit_getattr_gpmctl" lineno="56">
<summary>
Do not audit attempts to get
attributes of gpm control channel
named sock files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="gpm_setattr_gpmctl" lineno="76">
<summary>
Set attributes of gpm control
channel named sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpm_admin" lineno="102">
<summary>
All of the rules required to
administrate an gpm environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="gpsd" filename="policy/modules/services/gpsd.if">
<summary>gpsd monitor daemon.</summary>
<interface name="gpsd_domtrans" lineno="13">
<summary>
Execute a domain transition to run gpsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gpsd_run" lineno="38">
<summary>
Execute gpsd in the gpsd domain, and
allow the specified role the gpsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="gpsd_rw_shm" lineno="57">
<summary>
Read and write gpsd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpsd_admin" lineno="86">
<summary>
All of the rules required to
administrate an gpsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="gssproxy" filename="policy/modules/services/gssproxy.if">
<summary>policy for gssproxy - daemon to proxy GSSAPI context establishment and channel handling</summary>
<interface name="gssproxy_domtrans" lineno="13">
<summary>
Execute gssproxy in the gssproxy domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gssproxy_search_lib" lineno="32">
<summary>
Search gssproxy lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_read_lib_files" lineno="51">
<summary>
Read gssproxy lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_manage_lib_files" lineno="70">
<summary>
Manage gssproxy lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_manage_lib_dirs" lineno="89">
<summary>
Manage gssproxy lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_read_pid_files" lineno="108">
<summary>
Read gssproxy PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_stream_connect" lineno="123">
<summary>
Connect to gssproxy over an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gssproxy_admin" lineno="145">
<summary>
All of the rules required to administrate
an gssproxy environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="hadoop" filename="policy/modules/services/hadoop.if">
<summary>Software for reliable, scalable, distributed computing.</summary>
<template name="hadoop_domain_template" lineno="13">
<summary>
The template to define a hadoop domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="hadoop_role" lineno="107">
<summary>
Role access for hadoop.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="hadoop_domtrans" lineno="139">
<summary>
Execute hadoop in the
hadoop domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom" lineno="158">
<summary>
Receive from hadoop peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_domtrans_zookeeper_client" lineno="177">
<summary>
Execute zookeeper client in the
zookeeper client domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_zookeeper_client" lineno="196">
<summary>
Receive from zookeeper peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_domtrans_zookeeper_server" lineno="215">
<summary>
Execute zookeeper server in the
zookeeper server domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_zookeeper_server" lineno="234">
<summary>
Receive from zookeeper server peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_initrc_domtrans_zookeeper_server" lineno="253">
<summary>
Execute zookeeper server in the
zookeeper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_datanode" lineno="271">
<summary>
Receive from datanode peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_read_config" lineno="289">
<summary>
Read hadoop configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_exec_config" lineno="308">
<summary>
Execute hadoop configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_jobtracker" lineno="327">
<summary>
Receive from jobtracker peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_match_lan_spd" lineno="345">
<summary>
Match hadoop lan association.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_namenode" lineno="363">
<summary>
Receive from namenode peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_secondarynamenode" lineno="381">
<summary>
Receive from secondary namenode peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_recvfrom_tasktracker" lineno="399">
<summary>
Receive from tasktracker peer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hadoop_admin" lineno="424">
<summary>
All of the rules required to
administrate an hadoop environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="hddtemp" filename="policy/modules/services/hddtemp.if">
<summary>Hard disk temperature tool running as a daemon.</summary>
<interface name="hddtemp_domtrans" lineno="13">
<summary>
Execute a domain transition to run hddtemp.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hddtemp_exec" lineno="32">
<summary>
Execute hddtemp in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hddtemp_admin" lineno="58">
<summary>
All of the rules required to
administrate an hddtemp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="hostapd" filename="policy/modules/services/hostapd.if">
<summary>IEEE 802.11 wireless LAN Host AP daemon.</summary>
</module>
<module name="howl" filename="policy/modules/services/howl.if">
<summary>Port of Apple Rendezvous multicast DNS.</summary>
<interface name="howl_signal" lineno="13">
<summary>
Send generic signals to howl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="howl_admin" lineno="38">
<summary>
All of the rules required to
administrate an howl environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="hypervkvp" filename="policy/modules/services/hypervkvp.if">
<summary>HyperV key value pair (KVP).</summary>
<interface name="hypervkvp_admin" lineno="20">
<summary>
All of the rules required to
administrate an hypervkvp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="i18n_input" filename="policy/modules/services/i18n_input.if">
<summary>IIIMF htt server.</summary>
<interface name="i18n_input_admin" lineno="20">
<summary>
All of the rules required to
administrate an i18n input environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="i18n_input_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the i18n_input domains read access to generic user content
</p>
</desc>
</tunable>
</module>
<module name="icecast" filename="policy/modules/services/icecast.if">
<summary>ShoutCast compatible streaming media server.</summary>
<interface name="icecast_domtrans" lineno="13">
<summary>
Execute a domain transition to run icecast.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="icecast_signal" lineno="32">
<summary>
Send generic signals to icecast.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_initrc_domtrans" lineno="50">
<summary>
Execute icecast server in the icecast domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="icecast_read_pid_files" lineno="68">
<summary>
Read icecast pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_manage_pid_files" lineno="83">
<summary>
Create, read, write, and delete
icecast pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_read_log" lineno="103">
<summary>
Read icecast log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="icecast_append_log" lineno="122">
<summary>
Append icecast log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_manage_log" lineno="142">
<summary>
Create, read, write, and delete
icecast log files.
</summary>
<param name="domain">
<summary>
Domain allow access.
</summary>
</param>
</interface>
<interface name="icecast_admin" lineno="168">
<summary>
All of the rules required to
administrate an icecast environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="icecast_use_any_tcp_ports" dftval="false">
<desc>
<p>
Determine whether icecast can listen
on and connect to any TCP port.
</p>
</desc>
</tunable>
</module>
<module name="ifplugd" filename="policy/modules/services/ifplugd.if">
<summary>Bring up/down ethernet interfaces based on cable detection.</summary>
<interface name="ifplugd_domtrans" lineno="13">
<summary>
Execute a domain transition to run ifplugd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ifplugd_signal" lineno="32">
<summary>
Send generic signals to ifplugd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_read_config" lineno="50">
<summary>
Read ifplugd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_manage_config" lineno="70">
<summary>
Create, read, write, and delete
ifplugd configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_read_pid_files" lineno="90">
<summary>
Read ifplugd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_admin" lineno="111">
<summary>
All of the rules required to
administrate an ifplugd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="imaze" filename="policy/modules/services/imaze.if">
<summary>iMaze game server.</summary>
</module>
<module name="inetd" filename="policy/modules/services/inetd.if">
<summary>Internet services daemon.</summary>
<interface name="inetd_core_service_domain" lineno="27">
<summary>
Define the specified domain as a inetd service.
</summary>
<desc>
<p>
Define the specified domain as a inetd service.  The
inetd_service_domain(), inetd_tcp_service_domain(),
or inetd_udp_service_domain() interfaces should be used
instead of this interface, as this interface only provides
the common rules to these three interfaces.
</p>
</desc>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_tcp_service_domain" lineno="57">
<summary>
Define the specified domain as a TCP inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_udp_service_domain" lineno="83">
<summary>
Define the specified domain as a UDP inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_service_domain" lineno="108">
<summary>
Define the specified domain as a TCP and UDP inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_use_fds" lineno="133">
<summary>
Inherit and use inetd file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inetd_domtrans_child" lineno="152">
<summary>
Run inetd child process in the
inet child domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="inetd_rw_tcp_sockets" lineno="171">
<summary>
Read and write inetd TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="inn" filename="policy/modules/services/inn.if">
<summary>Internet News NNTP server.</summary>
<interface name="inn_exec" lineno="13">
<summary>
Execute innd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_exec_config" lineno="32">
<summary>
Execute inn configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_manage_log" lineno="52">
<summary>
Create, read, write, and delete
innd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_generic_log_filetrans_innd_log" lineno="81">
<summary>
Create specified objects in generic
log directories with the innd log file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="inn_manage_pid" lineno="100">
<summary>
Create, read, write, and delete
innd pid content.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_manage_runtime_dirs" lineno="118">
<summary>
Create, read, write, and delete
innd runtime dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_manage_runtime_files" lineno="138">
<summary>
Create, read, write, and delete
innd runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_manage_runtime_sockets" lineno="158">
<summary>
Create, read, write, and delete
innd runtime named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_read_config" lineno="178">
<summary>
Read innd configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_read_news_lib" lineno="198">
<summary>
Read innd news library content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_read_news_spool" lineno="217">
<summary>
Read innd news spool content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_dgram_send" lineno="237">
<summary>
Send to a innd unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_domtrans" lineno="256">
<summary>
Execute innd in the innd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="inn_admin" lineno="282">
<summary>
All of the rules required to
administrate an inn environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="iodine" filename="policy/modules/services/iodine.if">
<summary>IP over DNS tunneling daemon.</summary>
<interface name="iodine_admin" lineno="20">
<summary>
All of the rules required to
administrate an iodined environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ircd" filename="policy/modules/services/ircd.if">
<summary>IRC servers.</summary>
<interface name="ircd_admin" lineno="20">
<summary>
All of the rules required to
administrate an ircd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="irqbalance" filename="policy/modules/services/irqbalance.if">
<summary>IRQ balancing daemon.</summary>
<interface name="irqbalance_admin" lineno="20">
<summary>
All of the rules required to
administrate an irqbalance environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="isns" filename="policy/modules/services/isns.if">
<summary>Internet Storage Name Service.</summary>
<interface name="isnsd_admin" lineno="20">
<summary>
All of the rules required to
administrate an isnsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="jabber" filename="policy/modules/services/jabber.if">
<summary>Jabber instant messaging servers.</summary>
<template name="jabber_domain_template" lineno="13">
<summary>
The template to define a jabber domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="jabber_manage_lib_files" lineno="34">
<summary>
Create, read, write, and delete
jabber lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jabber_admin" lineno="60">
<summary>
All of the rules required to
administrate an jabber environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="jockey" filename="policy/modules/services/jockey.if">
<summary>Jockey driver manager.</summary>
</module>
<module name="kerberos" filename="policy/modules/services/kerberos.if">
<summary>MIT Kerberos admin and KDC.</summary>
<interface name="kerberos_exec_kadmind" lineno="13">
<summary>
Execute kadmind in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_domtrans_kpropd" lineno="32">
<summary>
Execute a domain transition to run kpropd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kerberos_use" lineno="51">
<summary>
Support kerberos services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_read_config" lineno="108">
<summary>
Read kerberos configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_dontaudit_write_config" lineno="131">
<summary>
Do not audit attempts to write
kerberos configuration files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kerberos_rw_config" lineno="151">
<summary>
Read and write kerberos
configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_manage_krb5_home_files" lineno="171">
<summary>
Create, read, write, and delete
kerberos home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_relabel_krb5_home_files" lineno="190">
<summary>
Relabel kerberos home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_home_filetrans_krb5_home" lineno="220">
<summary>
Create objects in user home
directories with the krb5 home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="kerberos_read_keytab" lineno="239">
<summary>
Read kerberos key table files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_rw_keytab" lineno="258">
<summary>
Read and write kerberos key table files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_manage_keytab_files" lineno="278">
<summary>
Create, read, write, and delete
kerberos key table files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_etc_filetrans_keytab" lineno="309">
<summary>
Create specified objects in generic
etc directories with the kerberos
keytab file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="kerberos_read_kdc_config" lineno="328">
<summary>
Read kerberos kdc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_manage_host_rcache" lineno="349">
<summary>
Create, read, write, and delete
kerberos host rcache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_tmp_filetrans_host_rcache" lineno="390">
<summary>
Create objects in generic temporary
directories with the kerberos host
rcache type.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="kerberos_connect_524" lineno="408">
<summary>
Connect to krb524 service.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_admin" lineno="437">
<summary>
All of the rules required to
administrate an kerberos environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_kerberos" dftval="false">
<desc>
<p>
Determine whether kerberos is supported.
</p>
</desc>
</tunable>
</module>
<module name="kerneloops" filename="policy/modules/services/kerneloops.if">
<summary>Service for reporting kernel oopses to kerneloops.org.</summary>
<interface name="kerneloops_domtrans" lineno="13">
<summary>
Execute a domain transition to run kerneloops.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kerneloops_dbus_chat" lineno="33">
<summary>
Send and receive messages from
kerneloops over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerneloops_dontaudit_dbus_chat" lineno="55">
<summary>
Do not audit attempts to Send and
receive messages from kerneloops
over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kerneloops_manage_tmp_files" lineno="76">
<summary>
Create, read, write, and delete
kerneloops temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerneloops_admin" lineno="102">
<summary>
All of the rules required to
administrate an kerneloops environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="keystone" filename="policy/modules/services/keystone.if">
<summary>Python implementation of the OpenStack identity service API.</summary>
<interface name="keystone_admin" lineno="20">
<summary>
All of the rules required to
administrate an keystone environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="knot" filename="policy/modules/services/knot.if">
<summary>high-performance authoritative-only DNS server.</summary>
<interface name="knot_domtrans_client" lineno="13">
<summary>
Execute knotc in the knotc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="knot_run_client" lineno="39">
<summary>
Execute knotc in the knotc domain, and
allow the specified role the knotc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="knot_read_config_files" lineno="58">
<summary>
Read knot config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="knot_admin" lineno="84">
<summary>
All of the rules required to
administrate an knot environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ksmtuned" filename="policy/modules/services/ksmtuned.if">
<summary>Kernel Samepage Merging Tuning Daemon.</summary>
<interface name="ksmtuned_domtrans" lineno="13">
<summary>
Execute a domain transition to run ksmtuned.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ksmtuned_initrc_domtrans" lineno="33">
<summary>
Execute ksmtuned server in
the ksmtuned domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ksmtuned_admin" lineno="58">
<summary>
All of the rules required to
administrate an ksmtuned environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ktalk" filename="policy/modules/services/ktalk.if">
<summary>KDE Talk daemon.</summary>
</module>
<module name="l2tp" filename="policy/modules/services/l2tp.if">
<summary>Layer 2 Tunneling Protocol.</summary>
<interface name="l2tpd_dgram_send" lineno="14">
<summary>
Send to l2tpd with a unix
domain dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_rw_socket" lineno="34">
<summary>
Read and write l2tpd sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_stream_connect" lineno="53">
<summary>
Connect to l2tpd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tp_admin" lineno="80">
<summary>
All of the rules required to
administrate an l2tp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ldap" filename="policy/modules/services/ldap.if">
<summary>OpenLDAP directory server.</summary>
<interface name="ldap_list_db" lineno="13">
<summary>
List ldap database directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_read_config" lineno="33">
<summary>
Read ldap configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ldap_stream_connect" lineno="53">
<summary>
Connect to slapd over an unix
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_tcp_connect" lineno="72">
<summary>
Connect to ldap over the network.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_admin" lineno="99">
<summary>
All of the rules required to
administrate an ldap environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="likewise" filename="policy/modules/services/likewise.if">
<summary>Likewise Active Directory support for UNIX.</summary>
<template name="likewise_domain_template" lineno="13">
<summary>
The template to define a likewise domain.
</summary>
<param name="userdomain_prefix">
<summary>
The type of daemon to be used.
</summary>
</param>
</template>
<interface name="likewise_stream_connect_lsassd" lineno="71">
<summary>
Connect to lsassd with a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="likewise_admin" lineno="97">
<summary>
All of the rules required to
administrate an likewise environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="lircd" filename="policy/modules/services/lircd.if">
<summary>Linux infared remote control daemon.</summary>
<interface name="lircd_domtrans" lineno="13">
<summary>
Execute a domain transition to run lircd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lircd_stream_connect" lineno="33">
<summary>
Connect to lircd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lircd_read_config" lineno="52">
<summary>
Read lircd etc files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lircd_admin" lineno="78">
<summary>
All of the rules required to
administrate a lircd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="lldpad" filename="policy/modules/services/lldpad.if">
<summary>Intel LLDP Agent.</summary>
<interface name="lldpad_dgram_send" lineno="13">
<summary>
Send to lldpad with a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lldpad_admin" lineno="39">
<summary>
All of the rules required to
administrate an lldpad environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="lpd" filename="policy/modules/services/lpd.if">
<summary>Line printer daemon.</summary>
<interface name="lpd_role" lineno="18">
<summary>
Role access for lpd.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="lpd_domtrans_checkpc" lineno="58">
<summary>
Execute lpd in the lpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lpd_run_checkpc" lineno="85">
<summary>
Execute amrecover in the lpd
domain, and allow the specified
role the lpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lpd_list_spool" lineno="104">
<summary>
List printer spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_read_spool" lineno="123">
<summary>
Read printer spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_manage_spool" lineno="143">
<summary>
Create, read, write, and delete
printer spool content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_relabel_spool" lineno="164">
<summary>
Relabel spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_read_config" lineno="184">
<summary>
Read printer configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lpd_domtrans_lpr" lineno="203">
<summary>
Transition to a user lpr domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lpd_run_lpr" lineno="229">
<summary>
Execute lpr in the lpr domain, and
allow the specified role the lpr domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lpd_exec_lpr" lineno="248">
<summary>
Execute lpr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="use_lpd_server" dftval="false">
<desc>
<p>
Determine whether to support lpd server.
</p>
</desc>
</tunable>
</module>
<module name="lsm" filename="policy/modules/services/lsm.if">
<summary>Storage array management library.</summary>
<interface name="lsmd_admin" lineno="20">
<summary>
All of the rules required to administrate
an lsmd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role" unused="true">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mailman" filename="policy/modules/services/mailman.if">
<summary>Manage electronic mail discussion and e-newsletter lists.</summary>
<template name="mailman_domain_template" lineno="13">
<summary>
The template to define a mailman domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="mailman_domtrans" lineno="54">
<summary>
Execute mailman in the mailman domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mailman_run" lineno="81">
<summary>
Execute the mailman program in the
mailman domain and allow the
specified role the mailman domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mailman_domtrans_cgi" lineno="101">
<summary>
Execute mailman CGI scripts in the
mailman CGI domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mailman_connect_cgi" lineno="120">
<summary>
Talk to mailman_cgi_t via Unix domain socket
</summary>
<param name="domain">
<summary>
Domain talking to mailman
</summary>
</param>
</interface>
<interface name="mailman_manage_runtime" lineno="140">
<summary>
Manage mailman runtime files
</summary>
<param name="domain">
<summary>
Domain to manage the files
</summary>
</param>
</interface>
<interface name="mailman_read_runtime" lineno="159">
<summary>
read mailman runtime files
</summary>
<param name="domain">
<summary>
Domain to read the files
</summary>
</param>
</interface>
<interface name="mailman_exec" lineno="178">
<summary>
Execute mailman in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_signal_cgi" lineno="197">
<summary>
Send generic signals to mailman cgi.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_search_data" lineno="215">
<summary>
Search mailman data directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_data_files" lineno="234">
<summary>
Read mailman data content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_manage_data_files" lineno="257">
<summary>
Create, read, write, and delete
mailman data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_list_data" lineno="277">
<summary>
List mailman data directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_data_symlinks" lineno="296">
<summary>
Read mailman data symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_log" lineno="314">
<summary>
Read mailman log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_append_log" lineno="333">
<summary>
Append mailman log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_manage_log" lineno="353">
<summary>
Create, read, write, and delete
mailman log content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_archive" lineno="373">
<summary>
Read mailman archive content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_domtrans_queue" lineno="396">
<summary>
Execute mailman_queue in the
mailman_queue domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mailman_manage_lockdir" lineno="415">
<summary>
Manage mailman lock dir
</summary>
<param name="domain">
<summary>
Domain allowed to manage it.
</summary>
</param>
</interface>
</module>
<module name="mailscanner" filename="policy/modules/services/mailscanner.if">
<summary>E-mail security and anti-spam package for e-mail gateway systems.</summary>
<interface name="mscan_manage_spool_content" lineno="14">
<summary>
Create, read, write, and delete
mscan spool content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mscan_admin" lineno="41">
<summary>
All of the rules required to
administrate an mscan environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="matrixd" filename="policy/modules/services/matrixd.if">
<summary>Matrixd</summary>
<tunable name="matrix_allow_federation" dftval="true">
<desc>
<p>
Determine whether Matrixd is allowed to federate
(bind all UDP ports and connect to all TCP ports).
</p>
</desc>
</tunable>
<tunable name="matrix_postgresql_connect" dftval="false">
<desc>
<p>
Determine whether Matrixd can connect to the Postgres database.
</p>
</desc>
</tunable>
</module>
<module name="mediawiki" filename="policy/modules/services/mediawiki.if">
<summary>Open source wiki package written in PHP.</summary>
<tunable name="allow_httpd_mediawiki_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="memcached" filename="policy/modules/services/memcached.if">
<summary>High-performance memory object caching system.</summary>
<interface name="memcached_domtrans" lineno="13">
<summary>
Execute a domain transition to run memcached.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="memcached_manage_pid_files" lineno="33">
<summary>
Create, read, write, and delete
memcached pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="memcached_read_pid_files" lineno="48">
<summary>
Read memcached pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="memcached_manage_runtime_files" lineno="63">
<summary>
Create, read, write, and delete
memcached runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="memcached_stream_connect" lineno="83">
<summary>
Connect to memcached using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="memcached_tcp_connect" lineno="102">
<summary>
Connect to memcache over the network.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="memcached_admin" lineno="129">
<summary>
All of the rules required to
administrate an memcached environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="memlockd" filename="policy/modules/services/memlockd.if">
<summary>memory lock daemon, keeps important files in RAM.</summary>
</module>
<module name="milter" filename="policy/modules/services/milter.if">
<summary>Milter mail filters.</summary>
<template name="milter_template" lineno="13">
<summary>
The template to define a milter domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="milter_stream_connect_all" lineno="52">
<summary>
connect to all milter domains using
a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_getattr_all_sockets" lineno="71">
<summary>
Get attributes of all  milter sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_manage_spamass_state" lineno="90">
<summary>
Create, read, write, and delete
spamassissin milter data content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_var_lib_filetrans_spamass_state" lineno="111">
<summary>
create spamass milter state dir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_getattr_data_dir" lineno="129">
<summary>
Get the attributes of the spamassissin milter data dir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="minidlna" filename="policy/modules/services/minidlna.if">
<summary>MiniDLNA lightweight DLNA/UPnP media server</summary>
<interface name="minidlna_admin" lineno="20">
<summary>
All of the rules required to
administrate an minidlna environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="minidlna_initrc_domtrans" lineno="55">
<summary>
Execute minidlna init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="minidlna_read_generic_user_content" dftval="false">
<desc>
<p>
Determine whether minidlna can read generic user content.
</p>
</desc>
</tunable>
</module>
<module name="minissdpd" filename="policy/modules/services/minissdpd.if">
<summary>Daemon used by MiniUPnPc to speed up device discoveries.</summary>
<interface name="minissdpd_read_config" lineno="13">
<summary>
Read minissdpd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="minissdpd_admin" lineno="39">
<summary>
All of the rules required to
administrate an minissdpd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="modemmanager" filename="policy/modules/services/modemmanager.if">
<summary>Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.</summary>
<interface name="modemmanager_domtrans" lineno="13">
<summary>
Execute a domain transition to run modemmanager.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="modemmanager_dbus_chat" lineno="33">
<summary>
Send and receive messages from
modemmanager over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mojomojo" filename="policy/modules/services/mojomojo.if">
<summary>MojoMojo Wiki.</summary>
<tunable name="allow_httpd_mojomojo_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="mon" filename="policy/modules/services/mon.if">
<summary>mon network monitoring daemon.</summary>
<interface name="mon_dontaudit_use_fds" lineno="13">
<summary>
dontaudit using an inherited fd from mon_t
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="mon_dontaudit_search_var_lib" lineno="31">
<summary>
dontaudit searching /var/lib/mon
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
</module>
<module name="mongodb" filename="policy/modules/services/mongodb.if">
<summary>Scalable, high-performance, open source NoSQL database.</summary>
<interface name="mongodb_admin" lineno="20">
<summary>
All of the rules required to
administrate an mongodb environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="monit" filename="policy/modules/services/monit.if">
<summary>Monit - utility for monitoring services on a Unix system.</summary>
<interface name="monit_domtrans_cli" lineno="13">
<summary>
Execute a domain transition to run monit cli.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="monit_run_cli" lineno="39">
<summary>
Execute monit in the monit cli domain,
and allow the specified role
the monit cli domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="monit_reload" lineno="58">
<summary>
Reload the monit daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="monit_startstop_service" lineno="77">
<summary>
Start and stop the monit daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="monit_admin" lineno="102">
<summary>
All of the rules required to
administrate an monit environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<tunable name="monit_startstop_services" dftval="false">
<desc>
<p>
Allow monit to start/stop services
</p>
</desc>
</tunable>
</module>
<module name="monop" filename="policy/modules/services/monop.if">
<summary>Monopoly daemon.</summary>
<interface name="monop_admin" lineno="20">
<summary>
All of the rules required to
administrate an monop environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mpd" filename="policy/modules/services/mpd.if">
<summary>Music Player Daemon.</summary>
<interface name="mpd_domtrans" lineno="13">
<summary>
Execute a domain transition to run mpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mpd_initrc_domtrans" lineno="32">
<summary>
Execute mpd server in the mpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mpd_read_data_files" lineno="50">
<summary>
Read mpd data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_manage_data_files" lineno="70">
<summary>
Create, read, write, and delete
mpd data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_manage_user_data_content" lineno="90">
<summary>
Create, read, write, and delete
mpd user data content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_relabel_user_data_content" lineno="111">
<summary>
Relabel mpd user data content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_home_filetrans_user_data" lineno="143">
<summary>
Create objects in user home
directories with the mpd user data type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mpd_read_tmpfs_files" lineno="161">
<summary>
Read mpd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_manage_tmpfs_files" lineno="181">
<summary>
Create, read, write, and delete
mpd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_search_lib" lineno="201">
<summary>
Search mpd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_read_lib_files" lineno="220">
<summary>
Read mpd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_manage_lib_files" lineno="240">
<summary>
Create, read, write, and delete
mpd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_var_lib_filetrans" lineno="275">
<summary>
Create specified objects in mpd
lib directories with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mpd_manage_lib_dirs" lineno="295">
<summary>
Create, read, write, and delete
mpd lib dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_admin" lineno="321">
<summary>
All of the rules required to
administrate an mpd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="mpd_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether mpd can traverse
user home directories.
</p>
</desc>
</tunable>
<tunable name="mpd_use_cifs" dftval="false">
<desc>
<p>
Determine whether mpd can use
cifs file systems.
</p>
</desc>
</tunable>
<tunable name="mpd_use_nfs" dftval="false">
<desc>
<p>
Determine whether mpd can use
nfs file systems.
</p>
</desc>
</tunable>
</module>
<module name="mta" filename="policy/modules/services/mta.if">
<summary>Common e-mail transfer agent policy.</summary>
<interface name="mta_stub" lineno="13">
<summary>
MTA stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="mta_base_mail_template" lineno="29">
<summary>
The template to define a mail domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="mta_base_role" lineno="77">
<summary>
Role access for mta.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="mta_user_role" lineno="131">
<summary>
User Role access for mta.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="mta_admin_role" lineno="163">
<summary>
Admin Role access for mta.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="mta_mailserver" lineno="199">
<summary>
Make the specified domain usable for a mail server.
</summary>
<param name="type">
<summary>
Type to be used as a mail server domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="mta_agent_executable" lineno="218">
<summary>
Make the specified type a MTA executable file.
</summary>
<param name="type">
<summary>
Type to be used as a mail client.
</summary>
</param>
</interface>
<interface name="mta_read_mail_home_files" lineno="238">
<summary>
Read mta mail home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_manage_mail_home_files" lineno="258">
<summary>
Create, read, write, and delete
mta mail home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_home_filetrans_mail_home" lineno="289">
<summary>
Create specified objects in user home
directories with the generic mail
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mta_manage_mail_home_rw_content" lineno="308">
<summary>
Create, read, write, and delete
mta mail home rw content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_home_filetrans_mail_home_rw" lineno="343">
<summary>
Create specified objects in user home
directories with the generic mail
home rw type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mta_system_content" lineno="361">
<summary>
Make the specified type by a system MTA.
</summary>
<param name="type">
<summary>
Type to be used as a mail client.
</summary>
</param>
</interface>
<interface name="mta_sendmail_mailserver" lineno="394">
<summary>
Modified mailserver interface for
sendmail daemon use.
</summary>
<desc>
<p>
A modified MTA mail server interface for
the sendmail program.  It's design does
not fit well with policy, and using the
regular interface causes a type_transition
conflict if direct running of init scripts
is enabled.
</p>
<p>
This interface should most likely only be used
by the sendmail policy.
</p>
</desc>
<param name="domain">
<summary>
The type to be used for the mail server.
</summary>
</param>
</interface>
<interface name="mta_use_mailserver_fds" lineno="415">
<summary>
Inherit FDs from mailserver_domain domains
</summary>
<param name="type">
<summary>
Type for a list server or delivery agent that inherits fds
</summary>
</param>
</interface>
<interface name="mta_mailserver_sender" lineno="434">
<summary>
Make a type a mailserver type used
for sending mail.
</summary>
<param name="domain">
<summary>
Mail server domain type used for sending mail.
</summary>
</param>
</interface>
<interface name="mta_mailserver_delivery" lineno="453">
<summary>
Make a type a mailserver type used
for delivering mail to local users.
</summary>
<param name="domain">
<summary>
Mail server domain type used for delivering mail.
</summary>
</param>
</interface>
<interface name="mta_mailserver_user_agent" lineno="473">
<summary>
Make a type a mailserver type used
for sending mail on behalf of local
users to the local mail spool.
</summary>
<param name="domain">
<summary>
Mail server domain type used for sending local mail.
</summary>
</param>
</interface>
<interface name="mta_send_mail" lineno="491">
<summary>
Send mail from the system.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mta_sendmail_domtrans" lineno="528">
<summary>
Execute send mail in a specified domain.
</summary>
<desc>
<p>
Execute send mail in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="mta_signal_system_mail" lineno="550">
<summary>
Send signals to system mail.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_kill_system_mail" lineno="568">
<summary>
Send kill signals to system mail.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_sendmail_exec" lineno="586">
<summary>
Execute sendmail in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_sendmail_entry_point" lineno="606">
<summary>
Make sendmail usable as an entry
point for the domain.
</summary>
<param name="domain">
<summary>
Domain to be entered.
</summary>
</param>
</interface>
<interface name="mta_read_config" lineno="625">
<summary>
Read mail server configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mta_write_config" lineno="647">
<summary>
Write mail server configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mta_read_aliases" lineno="666">
<summary>
Read mail address alias files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_map_aliases" lineno="685">
<summary>
Read mail address alias files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_manage_aliases" lineno="704">
<summary>
Create, read, write, and delete
mail address alias content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_etc_filetrans_aliases" lineno="736">
<summary>
Create specified object in generic
etc directories with the mail address
alias type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mta_spec_filetrans_aliases" lineno="771">
<summary>
Create specified objects in specified
directories with a type transition to
the mail address alias type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
Directory to transition on.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mta_rw_aliases" lineno="790">
<summary>
Read and write mail alias files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mta_dontaudit_rw_delivery_tcp_sockets" lineno="811">
<summary>
Do not audit attempts to read
and write TCP sockets of mail
delivery domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_rw_delivery_fifos" lineno="829">
<summary>
read and write fifo files inherited from delivery domains
</summary>
<param name="domain">
<summary>
Domain to use fifo files
</summary>
</param>
</interface>
<interface name="mta_dontaudit_read_spool_symlinks" lineno="850">
<summary>
Do not audit attempts to read
mail spool symlinks.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_getattr_spool" lineno="868">
<summary>
Get attributes of mail spool content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_dontaudit_getattr_spool_files" lineno="890">
<summary>
Do not audit attempts to get
attributes of mail spool files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_spool_filetrans" lineno="928">
<summary>
Create specified objects in the
mail spool directory with a
private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mta_read_spool_files" lineno="947">
<summary>
Read mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_rw_spool" lineno="967">
<summary>
Read and write mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_append_spool" lineno="988">
<summary>
Create, read, and write mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_delete_spool" lineno="1009">
<summary>
Delete mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_manage_spool" lineno="1029">
<summary>
Create, read, write, and delete
mail spool content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_watch_spool" lineno="1051">
<summary>
Watch mail spool content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_queue_filetrans" lineno="1086">
<summary>
Create specified objects in the
mail queue spool directory with a
private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mta_search_queue" lineno="1105">
<summary>
Search mail queue directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_list_queue" lineno="1124">
<summary>
List mail queue directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_read_queue" lineno="1143">
<summary>
Read mail queue files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_dontaudit_rw_queue" lineno="1163">
<summary>
Do not audit attempts to read and
write mail queue content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_manage_queue" lineno="1183">
<summary>
Create, read, write, and delete
mail queue content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_read_sendmail_bin" lineno="1203">
<summary>
Read sendmail binary.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_rw_user_mail_stream_sockets" lineno="1222">
<summary>
Read and write unix domain stream
sockets of all base mail domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_system_mail_role" lineno="1241">
<summary>
Allow system_mail_t to run in a role
</summary>
<param name="domain">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="munin" filename="policy/modules/services/munin.if">
<summary>Munin network-wide load graphing.</summary>
<template name="munin_plugin_template" lineno="13">
<summary>
The template to define a munin plugin domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="munin_stream_connect" lineno="55">
<summary>
Connect to munin over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="munin_read_config" lineno="75">
<summary>
Read munin configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="munin_append_log" lineno="97">
<summary>
Append munin log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="munin_search_lib" lineno="117">
<summary>
Search munin library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="munin_dontaudit_search_lib" lineno="137">
<summary>
Do not audit attempts to search
munin library directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="munin_admin" lineno="162">
<summary>
All of the rules required to
administrate an munin environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_httpd_munin_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="mysql" filename="policy/modules/services/mysql.if">
<summary>Open source database.</summary>
<interface name="mysql_domtrans" lineno="13">
<summary>
Execute MySQL in the mysql domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mysql_run_mysqld" lineno="38">
<summary>
Execute mysqld in the mysqld domain, and
allow the specified role the mysqld domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="mysql_signal" lineno="57">
<summary>
Send generic signals to mysqld.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_tcp_connect" lineno="75">
<summary>
Connect to mysqld with a tcp socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_stream_connect" lineno="97">
<summary>
Connect to mysqld with a unix
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mysql_read_config" lineno="117">
<summary>
Read mysqld configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mysql_search_db" lineno="138">
<summary>
Search mysqld db directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_rw_db_dirs" lineno="157">
<summary>
Read and write mysqld database directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_manage_db_dirs" lineno="177">
<summary>
Create, read, write, and delete
mysqld database directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_append_db_files" lineno="196">
<summary>
Append mysqld database files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_rw_db_files" lineno="215">
<summary>
Read and write mysqld database files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_manage_db_files" lineno="235">
<summary>
Create, read, write, and delete
mysqld database files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_var_lib_filetrans_db_dir" lineno="254">
<summary>
create mysqld db dir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_manage_mysqld_home_files" lineno="273">
<summary>
Create, read, write, and delete
mysqld home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_relabel_mysqld_home_files" lineno="292">
<summary>
Relabel mysqld home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_home_filetrans_mysqld_home" lineno="322">
<summary>
Create objects in user home
directories with the mysqld home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="mysql_write_log" lineno="340">
<summary>
Write mysqld log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_log_filetrans_log_dir" lineno="360">
<summary>
create mysqld log dir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_domtrans_mysql_safe" lineno="380">
<summary>
Execute mysqld safe in the
mysqld safe domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mysql_read_pid_files" lineno="399">
<summary>
Read mysqld pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_search_pid_files" lineno="414">
<summary>
Search mysqld pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>

</interface>
<interface name="mysql_admin" lineno="435">
<summary>
All of the rules required to
administrate an mysqld environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="mysql_connect_any" dftval="false">
<desc>
<p>
Determine whether mysqld can
connect to all TCP ports.
</p>
</desc>
</tunable>
</module>
<module name="nagios" filename="policy/modules/services/nagios.if">
<summary>Network monitoring server.</summary>
<template name="nagios_plugin_template" lineno="13">
<summary>
The template to define a nagios plugin domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="nagios_dontaudit_rw_pipes" lineno="52">
<summary>
Do not audit attempts to read or
write nagios unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nagios_read_config" lineno="71">
<summary>
Read nagios configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nagios_read_log" lineno="92">
<summary>
Read nagios log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_dontaudit_rw_log" lineno="112">
<summary>
Do not audit attempts to read or
write nagios log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="nagios_search_spool" lineno="130">
<summary>
Search nagios spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_read_tmp_files" lineno="149">
<summary>
Read nagios temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_domtrans_nrpe" lineno="168">
<summary>
Execute nrpe with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nagios_admin" lineno="194">
<summary>
All of the rules required to
administrate an nagios environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_httpd_nagios_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="nessus" filename="policy/modules/services/nessus.if">
<summary>Network scanning daemon.</summary>
<interface name="nessus_admin" lineno="20">
<summary>
All of the rules required to
administrate an nessus environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="networkmanager" filename="policy/modules/services/networkmanager.if">
<summary>Manager for dynamically switching between networks.</summary>
<interface name="networkmanager_rw_udp_sockets" lineno="13">
<summary>
Read and write networkmanager udp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_rw_packet_sockets" lineno="31">
<summary>
Read and write networkmanager packet sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_attach_tun_iface" lineno="49">
<summary>
Relabel networkmanager tun socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_rw_routing_sockets" lineno="69">
<summary>
Read and write networkmanager netlink
routing sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_domtrans" lineno="87">
<summary>
Execute networkmanager with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="networkmanager_initrc_domtrans" lineno="107">
<summary>
Execute networkmanager scripts with
an automatic domain transition to initrc.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="networkmanager_dbus_chat" lineno="126">
<summary>
Send and receive messages from
networkmanager over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_state" lineno="146">
<summary>
Read metworkmanager process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_signal" lineno="166">
<summary>
Send generic signals to networkmanager.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_watch_etc_dirs" lineno="184">
<summary>
Watch networkmanager etc dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_etc_files" lineno="202">
<summary>
Read networkmanager etc files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_manage_lib_files" lineno="223">
<summary>
Create, read, and write
networkmanager library files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_lib_files" lineno="243">
<summary>
Read networkmanager lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_append_log_files" lineno="264">
<summary>
Append networkmanager log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_pid_files" lineno="284">
<summary>
Read networkmanager pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_runtime_files" lineno="299">
<summary>
Read networkmanager runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_watch_runtime_dirs" lineno="318">
<summary>
watch networkmanager runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_stream_connect" lineno="337">
<summary>
Connect to networkmanager over
a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_enabledisable" lineno="356">
<summary>
Allow specified domain to enable/disable NetworkManager units
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_startstop" lineno="375">
<summary>
Allow specified domain to start/stop NetworkManager units
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_status" lineno="394">
<summary>
Allow specified domain to get status of NetworkManager
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_admin" lineno="420">
<summary>
All of the rules required to
administrate an networkmanager environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="nis" filename="policy/modules/services/nis.if">
<summary>Policy for NIS (YP) servers and clients.</summary>
<interface name="nis_use_ypbind_uncond" lineno="26">
<summary>
Use the ypbind service to access NIS services
unconditionally.
</summary>
<desc>
<p>
Use the ypbind service to access NIS services
unconditionally.
</p>
<p>
This interface was added because of apache and
spamassassin, to fix a nested conditionals problem.
When that support is added, this should be removed,
and the regular	interface should be used.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_use_ypbind" lineno="87">
<summary>
Use the ypbind service to access NIS services.
</summary>
<desc>
<p>
Allow the specified domain to use the ypbind service
to access Network Information Service (NIS) services.
Information that can be retrieved from NIS includes
usernames, passwords, home directories, and groups.
If the network is configured to have a single sign-on
using NIS, it is likely that any program that does
authentication will need this access.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
<rolecap/>
</interface>
<interface name="nis_authenticate" lineno="104">
<summary>
Use nis to authenticate passwords.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nis_domtrans_ypbind" lineno="122">
<summary>
Execute ypbind in the ypbind domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nis_exec_ypbind" lineno="141">
<summary>
Execute ypbind in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_run_ypbind" lineno="167">
<summary>
Execute ypbind in the ypbind domain, and
allow the specified role the ypbind domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nis_signal_ypbind" lineno="186">
<summary>
Send generic signals to ypbind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_list_var_yp" lineno="204">
<summary>
List nis data directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_read_ypbind_pid" lineno="223">
<summary>
Read ypbind pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_read_ypbind_runtime_files" lineno="238">
<summary>
Read ypbind runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_delete_ypbind_pid" lineno="257">
<summary>
Delete ypbind pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_read_ypserv_config" lineno="271">
<summary>
Read ypserv configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_domtrans_ypxfr" lineno="290">
<summary>
Execute ypxfr in the ypxfr domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nis_initrc_domtrans" lineno="311">
<summary>
Execute nis init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nis_initrc_domtrans_ypbind" lineno="330">
<summary>
Execute ypbind init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nis_admin" lineno="355">
<summary>
All of the rules required to
administrate an nis environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="nscd" filename="policy/modules/services/nscd.if">
<summary>Name service cache daemon.</summary>
<interface name="nscd_signal" lineno="13">
<summary>
Send generic signals to nscd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_kill" lineno="31">
<summary>
Send kill signals to nscd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_signull" lineno="49">
<summary>
Send null signals to nscd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_domtrans" lineno="67">
<summary>
Execute nscd in the nscd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nscd_exec" lineno="86">
<summary>
Execute nscd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_socket_use" lineno="106">
<summary>
Use nscd services by connecting using
a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_shm_use" lineno="138">
<summary>
Use nscd services by mapping the
database from an inherited nscd
file descriptor.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_use" lineno="167">
<summary>
Use nscd services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_dontaudit_search_pid" lineno="186">
<summary>
Do not audit attempts to search
nscd pid directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="nscd_read_pid" lineno="201">
<summary>
Read nscd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_dontaudit_search_runtime" lineno="217">
<summary>
Do not audit attempts to search
nscd runtime directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="nscd_read_runtime_files" lineno="235">
<summary>
Read nscd runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_unconfined" lineno="254">
<summary>
Unconfined access to nscd services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_run" lineno="279">
<summary>
Execute nscd in the nscd domain, and
allow the specified role the nscd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="nscd_initrc_domtrans" lineno="299">
<summary>
Execute the nscd server init
script in the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nscd_admin" lineno="324">
<summary>
All of the rules required to
administrate an nscd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="nscd_use_shm" dftval="false">
<desc>
<p>
Determine whether confined applications
can use nscd shared memory.
</p>
</desc>
</tunable>
</module>
<module name="nsd" filename="policy/modules/services/nsd.if">
<summary>Authoritative only name server.</summary>
<interface name="nsd_admin" lineno="20">
<summary>
All of the rules required to
administrate an nsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="nslcd" filename="policy/modules/services/nslcd.if">
<summary>Local LDAP name service daemon.</summary>
<interface name="nslcd_domtrans" lineno="13">
<summary>
Execute a domain transition to run nslcd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nslcd_initrc_domtrans" lineno="32">
<summary>
Execute nslcd server in the nslcd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nslcd_read_pid_files" lineno="50">
<summary>
Read nslcd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nslcd_stream_connect" lineno="65">
<summary>
Connect to nslcd over an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nslcd_admin" lineno="91">
<summary>
All of the rules required to
administrate an nslcd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ntop" filename="policy/modules/services/ntop.if">
<summary>A network traffic probe similar to the UNIX top command.</summary>
<interface name="ntop_admin" lineno="20">
<summary>
All of the rules required to
administrate an ntop environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ntp" filename="policy/modules/services/ntp.if">
<summary>Network time protocol daemon.</summary>
<interface name="ntp_stub" lineno="13">
<summary>
NTP stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_read_config" lineno="29">
<summary>
Read ntp.conf
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_domtrans" lineno="47">
<summary>
Execute ntp server in the ntpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ntp_run" lineno="73">
<summary>
Execute ntp in the ntp domain, and
allow the specified role the ntp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ntp_dbus_chat" lineno="93">
<summary>
Send and receive messages from
ntpd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_domtrans_ntpdate" lineno="113">
<summary>
Execute ntpdate server in the ntpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ntp_initrc_domtrans" lineno="133">
<summary>
Execute ntpd init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ntp_read_conf_files" lineno="151">
<summary>
Read ntp conf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_read_drift_files" lineno="170">
<summary>
Read ntp drift files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_rw_shm" lineno="189">
<summary>
Read and write ntpd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_enabledisable" lineno="211">
<summary>
Allow specified domain to enable/disable ntpd unit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_startstop" lineno="232">
<summary>
Allow specified domain to start/stop ntpd unit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_status" lineno="253">
<summary>
Allow specified domain to get status of ntpd unit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_admin" lineno="281">
<summary>
All of the rules required to
administrate an ntp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="numad" filename="policy/modules/services/numad.if">
<summary>Non-Uniform Memory Alignment Daemon.</summary>
<interface name="numad_admin" lineno="20">
<summary>
All of the rules required to
administrate an numad environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="nut" filename="policy/modules/services/nut.if">
<summary>Network UPS Tools </summary>
<interface name="nut_admin" lineno="20">
<summary>
All of the rules required to
administrate an nut environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_httpd_nutups_cgi_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="nx" filename="policy/modules/services/nx.if">
<summary>NX remote desktop.</summary>
<interface name="nx_spec_domtrans_server" lineno="13">
<summary>
Transition to nx server.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nx_read_home_files" lineno="32">
<summary>
Read nx home directory content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nx_search_var_lib" lineno="51">
<summary>
Search nx lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nx_var_lib_filetrans" lineno="86">
<summary>
Create specified objects in nx lib
directories with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
</module>
<module name="oav" filename="policy/modules/services/oav.if">
<summary>Open AntiVirus scannerdaemon and signature update.</summary>
<interface name="oav_domtrans_update" lineno="13">
<summary>
Execute oav_update in the oav_update domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="oav_run_update" lineno="40">
<summary>
Execute oav_update in the oav update
domain, and allow the specified role
the oav_update domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="obex" filename="policy/modules/services/obex.if">
<summary>D-Bus service providing high-level OBEX client and server side functionality.</summary>
<template name="obex_role_template" lineno="24">
<summary>
The role template for obex.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="obex_domtrans" lineno="60">
<summary>
Execute obex in the obex domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="obex_dbus_chat" lineno="80">
<summary>
Send and receive messages from
obex over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="oddjob" filename="policy/modules/services/oddjob.if">
<summary>D-BUS service which runs odd jobs on behalf of client applications.</summary>
<interface name="oddjob_domtrans" lineno="13">
<summary>
Execute a domain transition to run oddjob.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="oddjob_system_entry" lineno="38">
<summary>
Make the specified program domain
accessible from the oddjob.
</summary>
<param name="domain">
<summary>
The type of the process to transition to.
</summary>
</param>
<param name="entrypoint">
<summary>
The type of the file used as an entrypoint to this domain.
</summary>
</param>
</interface>
<interface name="oddjob_dbus_chat" lineno="57">
<summary>
Send and receive messages from
oddjob over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oddjob_domtrans_mkhomedir" lineno="78">
<summary>
Execute a domain transition to
run oddjob mkhomedir.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="oddjob_run_mkhomedir" lineno="106">
<summary>
Execute oddjob mkhomedir in the
oddjob mkhomedir domain and allow
the specified role the oddjob
mkhomedir domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="oddjob_dontaudit_rw_fifo_files" lineno="126">
<summary>
Do not audit attempts to read and write
oddjob fifo files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="oddjob_sigchld" lineno="144">
<summary>
Send child terminated signals to oddjob.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="oident" filename="policy/modules/services/oident.if">
<summary>An ident daemon with IP masq/NAT support and the ability to specify responses.</summary>
<interface name="oident_read_user_content" lineno="13">
<summary>
Read oidentd user home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oident_manage_user_content" lineno="33">
<summary>
Create, read, write, and delete
oidentd user home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oident_relabel_user_content" lineno="52">
<summary>
Relabel oidentd user home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oident_home_filetrans_oidentd_home" lineno="82">
<summary>
Create objects in user home
directories with the oidentd home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="oident_admin" lineno="107">
<summary>
All of the rules required to
administrate an oident environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="openca" filename="policy/modules/services/openca.if">
<summary>Open Certificate Authority.</summary>
<interface name="openca_domtrans" lineno="14">
<summary>
Execute the openca with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openca_signal" lineno="34">
<summary>
Send generic signals to openca.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openca_sigstop" lineno="52">
<summary>
Send stop signals to openca.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openca_kill" lineno="70">
<summary>
Send kill signals to openca.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="openct" filename="policy/modules/services/openct.if">
<summary>Service for handling smart card readers.</summary>
<interface name="openct_signull" lineno="13">
<summary>
Send null signals to openct.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_exec" lineno="31">
<summary>
Execute openct in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_domtrans" lineno="50">
<summary>
Execute a domain transition to run openct.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openct_read_pid_files" lineno="69">
<summary>
Read openct pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_read_runtime_files" lineno="84">
<summary>
Read openct runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_stream_connect" lineno="104">
<summary>
Connect to openct over an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_admin" lineno="130">
<summary>
All of the rules required to
administrate an openct environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="openhpi" filename="policy/modules/services/openhpi.if">
<summary>Open source implementation of the Service Availability Forum Hardware Platform Interface.</summary>
<interface name="openhpi_admin" lineno="20">
<summary>
All of the rules required to
administrate an openhpi environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="openvpn" filename="policy/modules/services/openvpn.if">
<summary>full-featured SSL VPN solution.</summary>
<interface name="openvpn_domtrans" lineno="14">
<summary>
Execute openvpn clients in the
openvpn domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openvpn_run" lineno="41">
<summary>
Execute openvpn clients in the
openvpn domain, and allow the
specified role the openvpn domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="openvpn_kill" lineno="60">
<summary>
Send kill signals to openvpn.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_signal" lineno="78">
<summary>
Send generic signals to openvpn.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_signull" lineno="96">
<summary>
Send null signals to openvpn.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_read_config" lineno="115">
<summary>
Read openvpn configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="openvpn_admin" lineno="143">
<summary>
All of the rules required to
administrate an openvpn environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="openvpn_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether openvpn can
read generic user home content files.
</p>
</desc>
</tunable>
<tunable name="openvpn_can_network_connect" dftval="false">
<desc>
<p>
Determine whether openvpn can
connect to the TCP network.
</p>
</desc>
</tunable>
</module>
<module name="openvswitch" filename="policy/modules/services/openvswitch.if">
<summary>Multilayer virtual switch.</summary>
<interface name="openvswitch_domtrans" lineno="13">
<summary>
Execute openvswitch in the openvswitch domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openvswitch_read_pid_files" lineno="32">
<summary>
Read openvswitch pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_read_runtime_files" lineno="47">
<summary>
Read openvswitch runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_admin" lineno="73">
<summary>
All of the rules required to
administrate an openvswitch environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pacemaker" filename="policy/modules/services/pacemaker.if">
<summary>A scalable high-availability cluster resource manager.</summary>
<interface name="pacemaker_admin" lineno="20">
<summary>
All of the rules required to
administrate an pacemaker environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="pacemaker_startstop_all_services" dftval="false">
<desc>
<p>
Allow pacemaker to start/stop services
</p>
</desc>
</tunable>
</module>
<module name="pads" filename="policy/modules/services/pads.if">
<summary>Passive Asset Detection System.</summary>
<interface name="pads_admin" lineno="20">
<summary>
All of the rules required to
administrate an pads environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pcscd" filename="policy/modules/services/pcscd.if">
<summary>PCSC smart card service.</summary>
<interface name="pcscd_domtrans" lineno="13">
<summary>
Execute a domain transition to run pcscd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pcscd_read_pid_files" lineno="32">
<summary>
Read pcscd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_read_runtime_files" lineno="47">
<summary>
Read pcscd runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_stream_connect" lineno="67">
<summary>
Connect to pcscd over an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_admin" lineno="96">
<summary>
All of the rules required to
administrate an pcscd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pegasus" filename="policy/modules/services/pegasus.if">
<summary>The Open Group Pegasus CIM/WBEM Server.</summary>
<interface name="pegasus_admin" lineno="20">
<summary>
All of the rules required to
administrate an pegasus environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="perdition" filename="policy/modules/services/perdition.if">
<summary>Perdition POP and IMAP proxy.</summary>
<interface name="perdition_admin" lineno="20">
<summary>
All of the rules required to
administrate an perdition environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pingd" filename="policy/modules/services/pingd.if">
<summary>Pingd of the Whatsup cluster node up/down detection utility.</summary>
<interface name="pingd_domtrans" lineno="13">
<summary>
Execute a domain transition to run pingd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pingd_read_config" lineno="32">
<summary>
Read pingd etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pingd_manage_config" lineno="52">
<summary>
Create, read, write, and delete
pingd etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pingd_admin" lineno="78">
<summary>
All of the rules required to
administrate an pingd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pkcs" filename="policy/modules/services/pkcs.if">
<summary>Implementations of the Cryptoki specification.</summary>
<interface name="pkcs_admin_slotd" lineno="20">
<summary>
All of the rules required to
administrate an pkcs slotd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="plymouthd" filename="policy/modules/services/plymouthd.if">
<summary>Plymouth graphical boot.</summary>
<interface name="plymouthd_domtrans" lineno="13">
<summary>
Execute a domain transition to run plymouthd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="plymouthd_exec" lineno="32">
<summary>
Execute plymouthd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_stream_connect" lineno="52">
<summary>
Connect to plymouthd using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_exec_plymouth" lineno="71">
<summary>
Execute plymouth in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_domtrans_plymouth" lineno="90">
<summary>
Execute a domain transition to run plymouth.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="plymouthd_search_spool" lineno="109">
<summary>
Search plymouthd spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_read_spool_files" lineno="128">
<summary>
Read plymouthd spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_manage_spool_files" lineno="148">
<summary>
Create, read, write, and delete
plymouthd spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_search_lib" lineno="167">
<summary>
Search plymouthd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_read_lib_files" lineno="186">
<summary>
Read plymouthd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_rw_lib_files" lineno="205">
<summary>
Read and write plymouthd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_manage_lib_files" lineno="225">
<summary>
Create, read, write, and delete
plymouthd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_read_pid_files" lineno="244">
<summary>
Read plymouthd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_delete_pid_files" lineno="259">
<summary>
Delete the plymouthd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_read_runtime_files" lineno="274">
<summary>
Read plymouthd runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_delete_runtime_files" lineno="293">
<summary>
Delete the plymouthd runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_admin" lineno="319">
<summary>
All of the rules required to
administrate an plymouthd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role" unused="true">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="policykit" filename="policy/modules/services/policykit.if">
<summary>Policy framework for controlling privileges for system-wide services.</summary>
<interface name="policykit_dbus_chat" lineno="14">
<summary>
Send and receive messages from
policykit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_dbus_chat_auth" lineno="35">
<summary>
Send and receive messages from
policykit auth over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_domtrans_auth" lineno="55">
<summary>
Execute a domain transition to run polkit_auth.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="policykit_run_auth" lineno="81">
<summary>
Execute a policy_auth in the policy
auth domain, and allow the specified
role the policy auth domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="policykit_signal_auth" lineno="101">
<summary>
Send generic signals to
policykit auth.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_domtrans_grant" lineno="119">
<summary>
Execute a domain transition to run polkit grant.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="policykit_run_grant" lineno="146">
<summary>
Execute a policy_grant in the policy
grant domain, and allow the specified
role the policy grant domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="policykit_read_reload" lineno="165">
<summary>
Read policykit reload files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_rw_reload" lineno="184">
<summary>
Read and write policykit reload files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_domtrans_resolve" lineno="203">
<summary>
Execute a domain transition to run polkit resolve.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="policykit_search_lib" lineno="222">
<summary>
Search policykit lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_read_lib" lineno="241">
<summary>
Read policykit lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="polipo" filename="policy/modules/services/polipo.if">
<summary>Lightweight forwarding and caching proxy server.</summary>
<template name="polipo_role" lineno="18">
<summary>
Role access for Polipo session.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</template>
<interface name="polipo_initrc_domtrans" lineno="64">
<summary>
Execute Polipo in the Polipo
system domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="polipo_log_filetrans_log" lineno="94">
<summary>
Create specified objects in generic
log directories with the polipo
log file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="polipo_admin" lineno="119">
<summary>
All of the rules required to
administrate an polipo environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="polipo_system_use_cifs" dftval="false">
<desc>
<p>
Determine whether Polipo system
daemon can access CIFS file systems.
</p>
</desc>
</tunable>
<tunable name="polipo_system_use_nfs" dftval="false">
<desc>
<p>
Determine whether Polipo system
daemon can access NFS file systems.
</p>
</desc>
</tunable>
<tunable name="polipo_session_users" dftval="false">
<desc>
<p>
Determine whether calling user domains
can execute Polipo daemon in the
polipo_session_t domain.
</p>
</desc>
</tunable>
<tunable name="polipo_session_send_syslog_msg" dftval="false">
<desc>
<p>
Determine whether Polipo session daemon
can send syslog messages.
</p>
</desc>
</tunable>
</module>
<module name="portmap" filename="policy/modules/services/portmap.if">
<summary>RPC port mapping service.</summary>
<interface name="portmap_domtrans_helper" lineno="13">
<summary>
Execute portmap helper in the helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portmap_run_helper" lineno="40">
<summary>
Execute portmap helper in the helper
domain, and allow the specified role
the helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portmap_admin" lineno="66">
<summary>
All of the rules required to
administrate an portmap environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="portreserve" filename="policy/modules/services/portreserve.if">
<summary>Reserve well-known ports in the RPC port range.</summary>
<interface name="portreserve_domtrans" lineno="13">
<summary>
Execute a domain transition to run portreserve.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portreserve_read_config" lineno="33">
<summary>
Read portreserve configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portreserve_manage_config" lineno="55">
<summary>
Create, read, write, and delete
portreserve configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="portreserve_initrc_domtrans" lineno="77">
<summary>
Execute portreserve init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portreserve_admin" lineno="102">
<summary>
All of the rules required to
administrate an portreserve environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="portslave" filename="policy/modules/services/portslave.if">
<summary>Portslave terminal server software.</summary>
<interface name="portslave_domtrans" lineno="13">
<summary>
Execute portslave with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="postfix" filename="policy/modules/services/postfix.if">
<summary>Postfix email server.</summary>
<interface name="postfix_stub" lineno="13">
<summary>
Postfix stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="postfix_domain_template" lineno="29">
<summary>
The template to define a postfix domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<template name="postfix_server_domain_template" lineno="65">
<summary>
The template to define a postfix server domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<template name="postfix_user_domain_template" lineno="105">
<summary>
The template to define a postfix user domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="postfix_read_config" lineno="142">
<summary>
Read postfix configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_config_filetrans" lineno="179">
<summary>
Create specified object in postfix
etc directories with a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="postfix_dontaudit_rw_local_tcp_sockets" lineno="199">
<summary>
Do not audit attempts to read and
write postfix local delivery
TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="postfix_rw_local_pipes" lineno="217">
<summary>
Read and write postfix local pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_read_local_state" lineno="235">
<summary>
Read postfix local process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_rw_inherited_master_pipes" lineno="256">
<summary>
Read and write inherited postfix master pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_read_master_state" lineno="275">
<summary>
Read postfix master process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_use_fds_master" lineno="296">
<summary>
Use postfix master file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_dontaudit_use_fds" lineno="316">
<summary>
Do not audit attempts to use
postfix master process file
file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_map" lineno="334">
<summary>
Execute postfix_map in the postfix_map domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_run_map" lineno="361">
<summary>
Execute postfix map in the postfix
map domain, and allow the specified
role the postfix_map domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_domtrans_master" lineno="381">
<summary>
Execute the master postfix program
in the postfix_master domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_exec_master" lineno="401">
<summary>
Execute the master postfix program
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_stream_connect_master" lineno="422">
<summary>
Connect to postfix master process
using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_domtrans_postdrop" lineno="441">
<summary>
Execute the master postdrop in the
postfix postdrop domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_postqueue" lineno="461">
<summary>
Execute the master postqueue in the
postfix postqueue domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_exec_postqueue" lineno="481">
<summary>
Execute postfix postqueue in
the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_create_private_sockets" lineno="500">
<summary>
Create postfix private sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_manage_private_sockets" lineno="519">
<summary>
Create, read, write, and delete
postfix private sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_smtp" lineno="538">
<summary>
Execute the smtp postfix program
in the postfix smtp domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_getattr_all_spool_files" lineno="558">
<summary>
Get attributes of all postfix mail
spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_search_spool" lineno="577">
<summary>
Search postfix mail spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_list_spool" lineno="596">
<summary>
List postfix mail spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_read_spool_files" lineno="615">
<summary>
Read postfix mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_manage_spool_files" lineno="635">
<summary>
Create, read, write, and delete
postfix mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_user_mail_handler" lineno="655">
<summary>
Execute postfix user mail programs
in their respective domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_admin" lineno="680">
<summary>
All of the rules required to
administrate an postfix environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="postfix_local_write_mail_spool" dftval="true">
<desc>
<p>
Determine whether postfix local
can manage mail spool content.
</p>
</desc>
</tunable>
<tunable name="postfix_read_generic_user_content" dftval="true">
<desc>
<p>
Grant the postfix domains read access to generic user content
</p>
</desc>
</tunable>
<tunable name="postfix_read_all_user_content" dftval="false">
<desc>
<p>
Grant the postfix domains read access to all user content
</p>
</desc>
</tunable>
<tunable name="postfix_manage_generic_user_content" dftval="false">
<desc>
<p>
Grant the postfix domains manage rights on generic user content
</p>
</desc>
</tunable>
<tunable name="postfix_manage_all_user_content" dftval="false">
<desc>
<p>
Grant the postfix domains manage rights on all user content
</p>
</desc>
</tunable>
</module>
<module name="postfixpolicyd" filename="policy/modules/services/postfixpolicyd.if">
<summary>Postfix policy server.</summary>
<interface name="postfixpolicyd_admin" lineno="20">
<summary>
All of the rules required to administrate
an postfixpolicyd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="postgresql" filename="policy/modules/services/postgresql.if">
<summary>PostgreSQL relational database</summary>
<interface name="postgresql_role" lineno="18">
<summary>
Role access for SE-PostgreSQL.
</summary>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="postgresql_loadable_module" lineno="109">
<summary>
Marks as a SE-PostgreSQL loadable shared library module
</summary>
<param name="type">
<summary>
Type marked as a database object type.
</summary>
</param>
</interface>
<interface name="postgresql_database_object" lineno="127">
<summary>
Marks as a SE-PostgreSQL database object type
</summary>
<param name="type">
<summary>
Type marked as a database object type.
</summary>
</param>
</interface>
<interface name="postgresql_schema_object" lineno="145">
<summary>
Marks as a SE-PostgreSQL schema object type
</summary>
<param name="type">
<summary>
Type marked as a schema object type.
</summary>
</param>
</interface>
<interface name="postgresql_table_object" lineno="163">
<summary>
Marks as a SE-PostgreSQL table/column/tuple object type
</summary>
<param name="type">
<summary>
Type marked as a table/column/tuple object type.
</summary>
</param>
</interface>
<interface name="postgresql_system_table_object" lineno="181">
<summary>
Marks as a SE-PostgreSQL system table/column/tuple object type
</summary>
<param name="type">
<summary>
Type marked as a table/column/tuple object type.
</summary>
</param>
</interface>
<interface name="postgresql_sequence_object" lineno="200">
<summary>
Marks as a SE-PostgreSQL sequence type
</summary>
<param name="type">
<summary>
Type marked as a sequence type.
</summary>
</param>
</interface>
<interface name="postgresql_view_object" lineno="218">
<summary>
Marks as a SE-PostgreSQL view object type
</summary>
<param name="type">
<summary>
Type marked as a view object type.
</summary>
</param>
</interface>
<interface name="postgresql_procedure_object" lineno="236">
<summary>
Marks as a SE-PostgreSQL procedure object type
</summary>
<param name="type">
<summary>
Type marked as a procedure object type.
</summary>
</param>
</interface>
<interface name="postgresql_trusted_procedure_object" lineno="254">
<summary>
Marks as a SE-PostgreSQL trusted procedure object type
</summary>
<param name="type">
<summary>
Type marked as a trusted procedure object type.
</summary>
</param>
</interface>
<interface name="postgresql_language_object" lineno="274">
<summary>
Marks as a SE-PostgreSQL procedural language object type
</summary>
<param name="type">
<summary>
Type marked as a procedural language object type.
</summary>
</param>
</interface>
<interface name="postgresql_blob_object" lineno="292">
<summary>
Marks as a SE-PostgreSQL binary large object type
</summary>
<param name="type">
<summary>
Type marked as a database binary large object type.
</summary>
</param>
</interface>
<interface name="postgresql_search_db" lineno="310">
<summary>
Allow the specified domain to search postgresql's database directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_manage_db" lineno="327">
<summary>
Allow the specified domain to manage postgresql's database.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_domtrans" lineno="347">
<summary>
Execute postgresql in the postgresql domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postgresql_signal" lineno="365">
<summary>
Allow domain to signal postgresql
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_read_config" lineno="383">
<summary>
Allow the specified domain to read postgresql's etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postgresql_tcp_connect" lineno="404">
<summary>
Allow the specified domain to connect to postgresql with a tcp socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_stream_connect" lineno="425">
<summary>
Allow the specified domain to connect to postgresql with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postgresql_unpriv_client" lineno="447">
<summary>
Allow the specified domain unprivileged accesses to unifined database objects
managed by SE-PostgreSQL,
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_unconfined" lineno="539">
<summary>
Allow the specified domain unconfined accesses to any database objects
managed by SE-PostgreSQL,
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_admin" lineno="563">
<summary>
All of the rules required to administrate an postgresql environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the postgresql domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="sepgsql_enable_users_ddl" dftval="false">
<desc>
<p>
Allow unprived users to execute DDL statement
</p>
</desc>
</tunable>
<tunable name="sepgsql_transmit_client_label" dftval="false">
<desc>
<p>
Allow transmit client label to foreign database
</p>
</desc>
</tunable>
<tunable name="sepgsql_unconfined_dbadm" dftval="false">
<desc>
<p>
Allow database admins to execute DML statement
</p>
</desc>
</tunable>
</module>
<module name="postgrey" filename="policy/modules/services/postgrey.if">
<summary>Postfix grey-listing server.</summary>
<interface name="postgrey_stream_connect" lineno="14">
<summary>
Connect to postgrey using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgrey_search_spool" lineno="34">
<summary>
Search spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgrey_admin" lineno="60">
<summary>
All of the rules required to
administrate an postgrey environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ppp" filename="policy/modules/services/ppp.if">
<summary>Point to Point Protocol daemon creates links in ppp networks.</summary>
<interface name="ppp_manage_home_files" lineno="14">
<summary>
Create, read, write, and delete
ppp home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_home_files" lineno="33">
<summary>
Read ppp user home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_relabel_home_files" lineno="53">
<summary>
Relabel ppp home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_home_filetrans_ppp_home" lineno="83">
<summary>
Create objects in user home
directories with the ppp home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="ppp_use_fds" lineno="101">
<summary>
Inherit and use ppp file discriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_dontaudit_use_fds" lineno="120">
<summary>
Do not audit attempts to inherit
and use ppp file discriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ppp_sigchld" lineno="138">
<summary>
Send child terminated signals to ppp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_kill" lineno="158">
<summary>
Send kill signals to ppp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_signal" lineno="176">
<summary>
Send generic signals to ppp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_signull" lineno="194">
<summary>
Send null signals to ppp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_domtrans" lineno="212">
<summary>
Execute pppd in the pppd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ppp_run_cond" lineno="238">
<summary>
Conditionally execute pppd on
behalf of a user or staff type.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ppp_run" lineno="267">
<summary>
Unconditionally execute ppp daemon
on behalf of a user or staff type.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ppp_exec" lineno="286">
<summary>
Execute domain in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_config" lineno="305">
<summary>
Read ppp configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_rw_config" lineno="324">
<summary>
Read ppp writable configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_secrets" lineno="345">
<summary>
Read ppp secret files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_pid_files" lineno="366">
<summary>
Read ppp pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_manage_pid_files" lineno="382">
<summary>
Create, read, write, and delete
ppp pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_pid_filetrans" lineno="408">
<summary>
Create specified pppd pid objects
with a type transition.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="ppp_read_runtime_files" lineno="423">
<summary>
Read ppp runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_manage_runtime_files" lineno="443">
<summary>
Create, read, write, and delete
ppp runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_runtime_filetrans" lineno="473">
<summary>
Create specified pppd runtime objects
with a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="ppp_initrc_domtrans" lineno="492">
<summary>
Execute pppd init script in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ppp_admin" lineno="517">
<summary>
All of the rules required to
administrate an ppp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="pppd_can_insmod" dftval="false">
<desc>
<p>
Determine whether pppd can
load kernel modules.
</p>
</desc>
</tunable>
<tunable name="pppd_for_user" dftval="false">
<desc>
<p>
Determine whether common users can
run pppd with a domain transition.
</p>
</desc>
</tunable>
</module>
<module name="prelude" filename="policy/modules/services/prelude.if">
<summary>Prelude hybrid intrusion detection system.</summary>
<interface name="prelude_domtrans" lineno="13">
<summary>
Execute a domain transition to run prelude.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="prelude_domtrans_audisp" lineno="33">
<summary>
Execute a domain transition to
run prelude audisp.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="prelude_signal_audisp" lineno="52">
<summary>
Send generic signals to prelude audisp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelude_read_spool" lineno="70">
<summary>
Read prelude spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelude_manage_spool" lineno="90">
<summary>
Create, read, write, and delete
prelude manager spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelude_admin" lineno="117">
<summary>
All of the rules required to
administrate an prelude environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_httpd_prewikka_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="privoxy" filename="policy/modules/services/privoxy.if">
<summary>Privacy enhancing web proxy.</summary>
<interface name="privoxy_admin" lineno="20">
<summary>
All of the rules required to
administrate an privoxy environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="privoxy_connect_any" dftval="false">
<desc>
<p>
Determine whether privoxy can
connect to all tcp ports.
</p>
</desc>
</tunable>
</module>
<module name="procmail" filename="policy/modules/services/procmail.if">
<summary>Procmail mail delivery agent.</summary>
<interface name="procmail_domtrans" lineno="13">
<summary>
Execute procmail with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="procmail_exec" lineno="32">
<summary>
Execute procmail in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_manage_home_files" lineno="52">
<summary>
Create, read, write, and delete
procmail home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_read_home_files" lineno="71">
<summary>
Read procmail user home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_relabel_home_files" lineno="91">
<summary>
Relabel procmail home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_home_filetrans_procmail_home" lineno="121">
<summary>
Create objects in user home
directories with the procmail home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="procmail_read_tmp_files" lineno="139">
<summary>
Read procmail tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_rw_tmp_files" lineno="158">
<summary>
Read and write procmail tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="psad" filename="policy/modules/services/psad.if">
<summary>Intrusion Detection and Log Analysis with iptables.</summary>
<interface name="psad_domtrans" lineno="13">
<summary>
Execute a domain transition to run psad.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="psad_signal" lineno="32">
<summary>
Send generic signals to psad.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_signull" lineno="50">
<summary>
Send null signals to psad.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_read_config" lineno="68">
<summary>
Read psad configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_manage_config" lineno="90">
<summary>
Create, read, write, and delete
psad configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_read_pid_files" lineno="111">
<summary>
Read psad pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_rw_pid_files" lineno="125">
<summary>
Read and write psad pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_read_log" lineno="140">
<summary>
Read psad log content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="psad_append_log" lineno="161">
<summary>
Append psad log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="psad_rw_fifo_file" lineno="180">
<summary>
Read and write psad fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_rw_tmp_files" lineno="199">
<summary>
Read and write psad temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_admin" lineno="225">
<summary>
All of the rules required to
administrate an psad environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="publicfile" filename="policy/modules/services/publicfile.if">
<summary>publicfile supplies files to the public through HTTP and FTP.</summary>
</module>
<module name="pwauth" filename="policy/modules/services/pwauth.if">
<summary>External plugin for mod_authnz_external authenticator.</summary>
<interface name="pwauth_role" lineno="18">
<summary>
Role access for pwauth.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="pwauth_domtrans" lineno="39">
<summary>
Execute pwauth in the pwauth domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pwauth_run" lineno="65">
<summary>
Execute pwauth in the pwauth
domain, and allow the specified
role the pwauth domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="pxe" filename="policy/modules/services/pxe.if">
<summary>Server for the PXE network boot protocol.</summary>
<interface name="pxe_admin" lineno="20">
<summary>
All of the rules required to
administrate an pxe environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pyicqt" filename="policy/modules/services/pyicqt.if">
<summary>ICQ transport for XMPP server.</summary>
<interface name="pyicqt_admin" lineno="20">
<summary>
All of the rules required to
administrate an pyicqt environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pyzor" filename="policy/modules/services/pyzor.if">
<summary>Pyzor is a distributed, collaborative spam detection and filtering network.</summary>
<interface name="pyzor_role" lineno="18">
<summary>
Role access for pyzor.
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="pyzor_signal" lineno="49">
<summary>
Send generic signals to pyzor.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pyzor_domtrans" lineno="67">
<summary>
Execute pyzor with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pyzor_exec" lineno="86">
<summary>
Execute pyzor in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pyzor_admin" lineno="112">
<summary>
All of the rules required to
administrate an pyzor environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="qmail" filename="policy/modules/services/qmail.if">
<summary>Qmail Mail Server.</summary>
<template name="qmail_child_domain_template" lineno="18">
<summary>
Template for qmail parent/sub-domain pairs.
</summary>
<param name="child_prefix">
<summary>
The prefix of the child domain.
</summary>
</param>
<param name="parent_domain">
<summary>
The name of the parent domain.
</summary>
</param>
</template>
<interface name="qmail_domtrans_inject" lineno="55">
<summary>
Transition to qmail_inject_t.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qmail_domtrans_queue" lineno="80">
<summary>
Transition to qmail_queue_t.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qmail_read_config" lineno="106">
<summary>
Read qmail configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="qmail_smtpd_service_domain" lineno="137">
<summary>
Define the specified domain as a
qmail-smtp service.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
</module>
<module name="qpid" filename="policy/modules/services/qpid.if">
<summary>Apache QPID AMQP messaging server.</summary>
<interface name="qpidd_domtrans" lineno="13">
<summary>
Execute a domain transition to run qpidd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qpidd_rw_semaphores" lineno="32">
<summary>
Read and write access qpidd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_rw_shm" lineno="50">
<summary>
Read and write qpidd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_initrc_domtrans" lineno="69">
<summary>
Execute qpidd init script in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qpidd_read_pid_files" lineno="87">
<summary>
Read qpidd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_search_lib" lineno="101">
<summary>
Search qpidd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_read_lib_files" lineno="120">
<summary>
Read qpidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_manage_lib_files" lineno="140">
<summary>
Create, read, write, and delete
qpidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_admin" lineno="166">
<summary>
All of the rules required to
administrate an qpidd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="quantum" filename="policy/modules/services/quantum.if">
<summary>Virtual network service for Openstack.</summary>
<interface name="quantum_admin" lineno="20">
<summary>
All of the rules required to
administrate an quantum environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rabbitmq" filename="policy/modules/services/rabbitmq.if">
<summary>AMQP server written in Erlang.</summary>
<interface name="rabbitmq_domtrans" lineno="13">
<summary>
Execute rabbitmq in the rabbitmq domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rabbitmq_admin" lineno="41">
<summary>
All of the rules required to
administrate an rabbitmq environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="radius" filename="policy/modules/services/radius.if">
<summary>RADIUS authentication and accounting server.</summary>
<interface name="radius_admin" lineno="20">
<summary>
All of the rules required to
administrate an radius environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="radvd" filename="policy/modules/services/radvd.if">
<summary>IPv6 router advertisement daemon.</summary>
<interface name="radvd_admin" lineno="20">
<summary>
All of the rules required to
administrate an radvd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rasdaemon" filename="policy/modules/services/rasdaemon.if">
<summary></summary>
</module>
<module name="razor" filename="policy/modules/services/razor.if">
<summary>A distributed, collaborative, spam detection and filtering network.</summary>
<template name="razor_common_domain_template" lineno="13">
<summary>
The template to define a razor domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="razor_role" lineno="51">
<summary>
Role access for razor.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="razor_domtrans" lineno="82">
<summary>
Execute razor in the system razor domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="razor_manage_home_content" lineno="102">
<summary>
Create, read, write, and delete
razor home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="razor_read_lib_files" lineno="123">
<summary>
Read razor lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rdisc" filename="policy/modules/services/rdisc.if">
<summary>Network router discovery daemon.</summary>
<interface name="rdisc_exec" lineno="13">
<summary>
Execute rdisc in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="realmd" filename="policy/modules/services/realmd.if">
<summary>Dbus system service which manages discovery and enrollment in realms and domains like Active Directory or IPA.</summary>
<interface name="realmd_domtrans" lineno="13">
<summary>
Execute realmd in the realmd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="realmd_dbus_chat" lineno="33">
<summary>
Send and receive messages from
realmd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="redis" filename="policy/modules/services/redis.if">
<summary>Advanced key-value store.</summary>
<interface name="redis_admin" lineno="20">
<summary>
All of the rules required to
administrate an redis environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="remotelogin" filename="policy/modules/services/remotelogin.if">
<summary>Rshd, rlogind, and telnetd.</summary>
<interface name="remotelogin_domtrans" lineno="13">
<summary>
Domain transition to the remote login domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="remotelogin_signal" lineno="32">
<summary>
Send generic signals to remote login.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="remotelogin_manage_tmp_content" lineno="51">
<summary>
Create, read, write, and delete
remote login temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="remotelogin_relabel_tmp_content" lineno="71">
<summary>
Relabel remote login temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="resmgr" filename="policy/modules/services/resmgr.if">
<summary>Resource management daemon.</summary>
<interface name="resmgr_stream_connect" lineno="14">
<summary>
Connect to resmgrd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="resmgr_admin" lineno="40">
<summary>
All of the rules required to
administrate an resmgr environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rgmanager" filename="policy/modules/services/rgmanager.if">
<summary>Resource Group Manager.</summary>
<interface name="rgmanager_domtrans" lineno="13">
<summary>
Execute a domain transition to run rgmanager.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rgmanager_stream_connect" lineno="33">
<summary>
Connect to rgmanager with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_manage_tmp_files" lineno="53">
<summary>
Create, read, write, and delete
rgmanager tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_manage_tmpfs_files" lineno="73">
<summary>
Create, read, write, and delete
rgmanager tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_admin" lineno="99">
<summary>
All of the rules required to
administrate an rgmanager environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="rgmanager_can_network_connect" dftval="false">
<desc>
<p>
Determine whether rgmanager can
connect to the network using TCP.
</p>
</desc>
</tunable>
</module>
<module name="rhcs" filename="policy/modules/services/rhcs.if">
<summary>Red Hat Cluster Suite.</summary>
<template name="rhcs_domain_template" lineno="13">
<summary>
The template to define a rhcs domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="rhcs_domtrans_dlm_controld" lineno="75">
<summary>
Execute a domain transition to
run dlm_controld.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_getattr_fenced_exec_files" lineno="95">
<summary>
Get attributes of fenced
executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_dlm_controld" lineno="114">
<summary>
Connect to dlm_controld with a
unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_dlm_controld_semaphores" lineno="133">
<summary>
Read and write dlm_controld semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_fenced" lineno="154">
<summary>
Execute a domain transition to run fenced.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_rw_fenced_semaphores" lineno="173">
<summary>
Read and write fenced semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_cluster" lineno="195">
<summary>
Connect to all cluster domains
with a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_fenced" lineno="215">
<summary>
Connect to fenced with an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_gfs_controld" lineno="235">
<summary>
Execute a domain transition
to run gfs_controld.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_rw_gfs_controld_semaphores" lineno="254">
<summary>
Read and write gfs_controld semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_gfs_controld_shm" lineno="275">
<summary>
Read and write gfs_controld_t shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_gfs_controld" lineno="297">
<summary>
Connect to gfs_controld_t with
a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_groupd" lineno="316">
<summary>
Execute a domain transition to run groupd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_groupd" lineno="336">
<summary>
Connect to groupd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_cluster_shm" lineno="356">
<summary>
Read and write all cluster domains
shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_cluster_semaphores" lineno="378">
<summary>
Read and write all cluster
domains semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_groupd_semaphores" lineno="396">
<summary>
Read and write groupd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_groupd_shm" lineno="417">
<summary>
Read and write groupd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_qdiskd" lineno="438">
<summary>
Execute a domain transition to run qdiskd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_admin" lineno="464">
<summary>
All of the rules required to
administrate an rhcs environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="fenced_can_network_connect" dftval="false">
<desc>
<p>
Determine whether fenced can
connect to the TCP network.
</p>
</desc>
</tunable>
<tunable name="fenced_can_ssh" dftval="false">
<desc>
<p>
Determine whether fenced can use ssh.
</p>
</desc>
</tunable>
</module>
<module name="rhsmcertd" filename="policy/modules/services/rhsmcertd.if">
<summary>Subscription Management Certificate Daemon.</summary>
<interface name="rhsmcertd_domtrans" lineno="13">
<summary>
Execute rhsmcertd in the rhsmcertd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhsmcertd_initrc_domtrans" lineno="33">
<summary>
Execute rhsmcertd init scripts
in the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhsmcertd_read_log" lineno="52">
<summary>
Read rhsmcertd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rhsmcertd_append_log" lineno="71">
<summary>
Append rhsmcertd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_manage_log" lineno="91">
<summary>
Create, read, write, and delete
rhsmcertd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_search_lib" lineno="112">
<summary>
Search rhsmcertd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_read_lib_files" lineno="131">
<summary>
Read rhsmcertd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_manage_lib_files" lineno="151">
<summary>
Create, read, write, and delete
rhsmcertd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_manage_lib_dirs" lineno="171">
<summary>
Create, read, write, and delete
rhsmcertd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_read_pid_files" lineno="190">
<summary>
Read rhsmcertd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_stream_connect" lineno="205">
<summary>
Connect to rhsmcertd with a
unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_dbus_chat" lineno="225">
<summary>
Send and receive messages from
rhsmcertd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_dontaudit_dbus_chat" lineno="247">
<summary>
Do not audit attempts to send
and receive messages from
rhsmcertd over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rhsmcertd_admin" lineno="274">
<summary>
All of the rules required to
administrate an rhsmcertd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ricci" filename="policy/modules/services/ricci.if">
<summary>Ricci cluster management agent.</summary>
<interface name="ricci_domtrans" lineno="13">
<summary>
Execute a domain transition to run ricci.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modcluster" lineno="33">
<summary>
Execute a domain transition to
run ricci modcluster.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_dontaudit_use_modcluster_fds" lineno="53">
<summary>
Do not audit attempts to use
ricci modcluster file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ricci_dontaudit_rw_modcluster_pipes" lineno="72">
<summary>
Do not audit attempts to read write
ricci modcluster unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ricci_stream_connect_modclusterd" lineno="91">
<summary>
Connect to ricci_modclusterd with
a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modlog" lineno="111">
<summary>
Execute a domain transition to
run ricci modlog.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modrpm" lineno="131">
<summary>
Execute a domain transition to
run ricci modrpm.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modservice" lineno="151">
<summary>
Execute a domain transition to
run ricci modservice.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modstorage" lineno="171">
<summary>
Execute a domain transition to
run ricci modstorage.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_admin" lineno="197">
<summary>
All of the rules required to
administrate an ricci environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rlogin" filename="policy/modules/services/rlogin.if">
<summary>Remote login daemon.</summary>
<interface name="rlogin_domtrans" lineno="13">
<summary>
Execute rlogind in the rlogin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<template name="rlogin_read_home_content" lineno="32">
<summary>
Read rlogin user home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<interface name="rlogin_manage_rlogind_home_files" lineno="54">
<summary>
Create, read, write, and delete
rlogind home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rlogin_relabel_rlogind_home_files" lineno="73">
<summary>
Relabel rlogind home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rlogin_home_filetrans_logind_home" lineno="103">
<summary>
Create objects in user home
directories with the rlogind home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="rlogin_manage_rlogind_tmp_content" lineno="122">
<summary>
Create, read, write, and delete
rlogind temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rlogin_relabel_rlogind_tmp_content" lineno="142">
<summary>
Relabel rlogind temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rngd" filename="policy/modules/services/rngd.if">
<summary>Check and feed random data from hardware device to kernel random device.</summary>
<interface name="rngd_admin" lineno="20">
<summary>
All of the rules required to
administrate an rng environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rpc" filename="policy/modules/services/rpc.if">
<summary>Remote Procedure Call Daemon.</summary>
<interface name="rpc_stub" lineno="13">
<summary>
RPC stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="rpc_domain_template" lineno="29">
<summary>
The template to define a rpc domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="rpc_dontaudit_getattr_exports" lineno="64">
<summary>
Do not audit attempts to get
attributes of export files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rpc_read_exports" lineno="82">
<summary>
Read export files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_write_exports" lineno="100">
<summary>
Write export files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_domtrans_nfsd" lineno="118">
<summary>
Execute nfsd in the nfsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpc_initrc_domtrans_nfsd" lineno="138">
<summary>
Execute nfsd init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpc_domtrans_rpcd" lineno="156">
<summary>
Execute rpcd in the rpcd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpc_initrc_domtrans_rpcd" lineno="176">
<summary>
Execute rpcd init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpc_read_nfs_content" lineno="195">
<summary>
Read nfs exported content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpc_manage_nfs_rw_content" lineno="217">
<summary>
Create, read, write, and delete
nfs exported read write content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpc_manage_nfs_ro_content" lineno="239">
<summary>
Create, read, write, and delete
nfs exported read only content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpc_tcp_rw_nfs_sockets" lineno="259">
<summary>
Read and write to nfsd tcp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_udp_rw_nfs_sockets" lineno="277">
<summary>
Read and write to nfsd udp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_search_nfs_state_data" lineno="295">
<summary>
Search nfs lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_read_nfs_state_data" lineno="314">
<summary>
Read nfs lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_manage_nfs_state_data" lineno="334">
<summary>
Create, read, write, and delete
nfs lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_admin" lineno="360">
<summary>
All of the rules required to
administrate an rpc environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_gssd_read_tmp" dftval="false">
<desc>
<p>
Determine whether gssd can read
generic user temporary content.
</p>
</desc>
</tunable>
<tunable name="allow_gssd_write_tmp" dftval="false">
<desc>
<p>
Determine whether gssd can write
generic user temporary content.
</p>
</desc>
</tunable>
<tunable name="allow_nfsd_anon_write" dftval="false">
<desc>
<p>
Determine whether nfs can modify
public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="rpcbind" filename="policy/modules/services/rpcbind.if">
<summary>Universal Addresses to RPC Program Number Mapper.</summary>
<interface name="rpcbind_domtrans" lineno="13">
<summary>
Execute a domain transition to run rpcbind.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpcbind_stream_connect" lineno="33">
<summary>
Connect to rpcbind with a
unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_read_pid_files" lineno="52">
<summary>
Read rpcbind pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_search_lib" lineno="66">
<summary>
Search rpcbind lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_read_lib_files" lineno="85">
<summary>
Read rpcbind lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_manage_lib_files" lineno="105">
<summary>
Create, read, write, and delete
rpcbind lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_signull" lineno="124">
<summary>
Send null signals to rpcbind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_admin" lineno="149">
<summary>
All of the rules required to
administrate an rpcbind environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rshd" filename="policy/modules/services/rshd.if">
<summary>Remote shell service.</summary>
<interface name="rshd_domtrans" lineno="13">
<summary>
Execute rshd in the rshd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="rsync" filename="policy/modules/services/rsync.if">
<summary>Fast incremental file transfer for synchronization.</summary>
<interface name="rsync_entry_type" lineno="14">
<summary>
Make rsync executable file an
entry point for the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which rsync_exec_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="rsync_entry_spec_domtrans" lineno="47">
<summary>
Execute a rsync in a specified domain.
</summary>
<desc>
<p>
Execute a rsync in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="rsync_entry_domtrans" lineno="81">
<summary>
Execute a rsync in a specified domain.
</summary>
<desc>
<p>
Execute a rsync in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="rsync_domtrans" lineno="100">
<summary>
Execute the rsync program in the rsync domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rsync_run" lineno="125">
<summary>
Execute rsync in the rsync domain, and
allow the specified role the rsync domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="rsync_exec" lineno="144">
<summary>
Execute rsync in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rsync_read_config" lineno="163">
<summary>
Read rsync config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rsync_write_config" lineno="182">
<summary>
Write rsync config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rsync_manage_config_files" lineno="202">
<summary>
Create, read, write, and delete
rsync config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rsync_etc_filetrans_config" lineno="232">
<summary>
Create specified objects in etc directories
with rsync etc type.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="rsync_admin" lineno="257">
<summary>
All of the rules required to
administrate an rsync environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role" unused="true">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="rsync_use_cifs" dftval="false">
<desc>
<p>
Determine whether rsync can use
cifs file systems.
</p>
</desc>
</tunable>
<tunable name="rsync_use_fusefs" dftval="false">
<desc>
<p>
Determine whether rsync can
use fuse file systems.
</p>
</desc>
</tunable>
<tunable name="rsync_use_nfs" dftval="false">
<desc>
<p>
Determine whether rsync can use
nfs file systems.
</p>
</desc>
</tunable>
<tunable name="rsync_client" dftval="false">
<desc>
<p>
Determine whether rsync can
run as a client
</p>
</desc>
</tunable>
<tunable name="rsync_export_all_ro" dftval="false">
<desc>
<p>
Determine whether rsync can
export all content read only.
</p>
</desc>
</tunable>
<tunable name="allow_rsync_anon_write" dftval="false">
<desc>
<p>
Determine whether rsync can modify
public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="rtkit" filename="policy/modules/services/rtkit.if">
<summary>Realtime scheduling for user processes.</summary>
<interface name="rtkit_daemon_domtrans" lineno="13">
<summary>
Execute a domain transition to run rtkit_daemon.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rtkit_daemon_dbus_chat" lineno="33">
<summary>
Send and receive messages from
rtkit_daemon over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rtkit_scheduled" lineno="53">
<summary>
Allow rtkit to control scheduling for your process.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rtkit_admin" lineno="85">
<summary>
All of the rules required to
administrate an rtkit environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rwho" filename="policy/modules/services/rwho.if">
<summary>Who is logged in on other machines?</summary>
<interface name="rwho_domtrans" lineno="13">
<summary>
Execute a domain transition to run rwho.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rwho_search_log" lineno="32">
<summary>
Search rwho log directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_read_log_files" lineno="51">
<summary>
Read rwho log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_search_spool" lineno="71">
<summary>
Search rwho spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_read_spool_files" lineno="90">
<summary>
Read rwho spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_manage_spool_files" lineno="110">
<summary>
Create, read, write, and delete
rwho spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_admin" lineno="136">
<summary>
All of the rules required to
administrate an rwho environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="samba" filename="policy/modules/services/samba.if">
<summary>SMB and CIFS client/server programs.</summary>
<interface name="samba_domtrans_nmbd" lineno="13">
<summary>
Execute nmbd in the nmbd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_signal_nmbd" lineno="32">
<summary>
Send generic signals to nmbd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_stream_connect_nmbd" lineno="50">
<summary>
Connect to nmbd with a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_initrc_domtrans" lineno="70">
<summary>
Execute samba init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_domtrans_net" lineno="88">
<summary>
Execute samba net in the samba net domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_run_net" lineno="115">
<summary>
Execute samba net in the samba net
domain, and allow the specified
role the samba net domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_domtrans_smbmount" lineno="134">
<summary>
Execute smbmount in the smbmount domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_run_smbmount" lineno="161">
<summary>
Execute smbmount in the smbmount
domain, and allow the specified
role the smbmount domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_read_config" lineno="181">
<summary>
Read samba configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_rw_config" lineno="201">
<summary>
Read and write samba configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_manage_config" lineno="222">
<summary>
Create, read, write, and delete
samba configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_read_log" lineno="243">
<summary>
Read samba log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_append_log" lineno="264">
<summary>
Append to samba log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_exec_log" lineno="284">
<summary>
Execute samba log files in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_read_secrets" lineno="303">
<summary>
Read samba secret files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_read_share_files" lineno="322">
<summary>
Read samba share files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_start" lineno="341">
<summary>
start samba daemon
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_stop" lineno="361">
<summary>
stop samba daemon
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_status" lineno="381">
<summary>
get status of samba daemon
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_reload" lineno="401">
<summary>
reload samba daemon
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_search_var" lineno="421">
<summary>
Search samba var directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_read_var_files" lineno="440">
<summary>
Read samba var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_dontaudit_write_var_files" lineno="460">
<summary>
Do not audit attempts to write
samba var files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="samba_rw_var_files" lineno="478">
<summary>
Read and write samba var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_manage_var_files" lineno="498">
<summary>
Create, read, write, and delete
samba var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_domtrans_smbcontrol" lineno="517">
<summary>
Execute smbcontrol in the smbcontrol domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_run_smbcontrol" lineno="543">
<summary>
Execute smbcontrol in the smbcontrol
domain, and allow the specified
role the smbcontrol domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="samba_domtrans_smbd" lineno="562">
<summary>
Execute smbd in the smbd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_signal_smbd" lineno="581">
<summary>
Send generic signals to smbd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_dontaudit_use_fds" lineno="599">
<summary>
Do not audit attempts to inherit
and use smbd file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="samba_write_smbmount_tcp_sockets" lineno="617">
<summary>
Write smbmount tcp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_rw_smbmount_tcp_sockets" lineno="635">
<summary>
Read and write smbmount tcp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_domtrans_winbind_helper" lineno="654">
<summary>
Execute winbind helper in the
winbind helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_getattr_winbind_exec" lineno="673">
<summary>
Get attributes of winbind executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_run_winbind_helper" lineno="699">
<summary>
Execute winbind helper in the winbind
helper domain, and allow the specified
role the winbind helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_read_winbind_pid" lineno="718">
<summary>
Read winbind pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_read_winbind_runtime_files" lineno="733">
<summary>
Read winbind runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_stream_connect_winbind" lineno="753">
<summary>
Connect to winbind with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_admin" lineno="779">
<summary>
All of the rules required to
administrate an samba environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="samba_read_shadow" dftval="false">
<desc>
<p>
Determine whether smbd_t can
read shadow files.
</p>
</desc>
</tunable>
<tunable name="allow_smbd_anon_write" dftval="false">
<desc>
<p>
Determine whether samba can modify
public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="samba_create_home_dirs" dftval="false">
<desc>
<p>
Determine whether samba can
create home directories via pam.
</p>
</desc>
</tunable>
<tunable name="samba_domain_controller" dftval="false">
<desc>
<p>
Determine whether samba can act as the
domain controller, add users, groups
and change passwords.
</p>
</desc>
</tunable>
<tunable name="samba_portmapper" dftval="false">
<desc>
<p>
Determine whether samba can
act as a portmapper.
</p>
</desc>
</tunable>
<tunable name="samba_enable_home_dirs" dftval="false">
<desc>
<p>
Determine whether samba can share
users home directories.
</p>
</desc>
</tunable>
<tunable name="samba_export_all_ro" dftval="false">
<desc>
<p>
Determine whether samba can share
any content read only.
</p>
</desc>
</tunable>
<tunable name="samba_export_all_rw" dftval="false">
<desc>
<p>
Determine whether samba can share any
content readable and writable.
</p>
</desc>
</tunable>
<tunable name="samba_run_unconfined" dftval="false">
<desc>
<p>
Determine whether samba can
run unconfined scripts.
</p>
</desc>
</tunable>
<tunable name="samba_share_nfs" dftval="false">
<desc>
<p>
Determine whether samba can
use nfs file systems.
</p>
</desc>
</tunable>
<tunable name="samba_share_fusefs" dftval="false">
<desc>
<p>
Determine whether samba can
use fuse file systems.
</p>
</desc>
</tunable>
</module>
<module name="sanlock" filename="policy/modules/services/sanlock.if">
<summary>shared storage lock manager.</summary>
<interface name="sanlock_domtrans" lineno="13">
<summary>
Execute a domain transition to run sanlock.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sanlock_initrc_domtrans" lineno="33">
<summary>
Execute sanlock init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sanlock_manage_pid_files" lineno="52">
<summary>
Create, read, write, and delete
sanlock pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sanlock_stream_connect" lineno="67">
<summary>
Connect to sanlock with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sanlock_admin" lineno="93">
<summary>
All of the rules required to
administrate an sanlock environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="sanlock_use_nfs" dftval="false">
<desc>
<p>
Determine whether sanlock can use
nfs file systems.
</p>
</desc>
</tunable>
<tunable name="sanlock_use_samba" dftval="false">
<desc>
<p>
Determine whether sanlock can use
cifs file systems.
</p>
</desc>
</tunable>
</module>
<module name="sasl" filename="policy/modules/services/sasl.if">
<summary>SASL authentication server.</summary>
<interface name="sasl_connect" lineno="13">
<summary>
Connect to SASL.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sasl_admin" lineno="39">
<summary>
All of the rules required to
administrate an sasl environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_saslauthd_read_shadow" dftval="false">
<desc>
<p>
Determine whether sasl can
read shadow files.
</p>
</desc>
</tunable>
</module>
<module name="sendmail" filename="policy/modules/services/sendmail.if">
<summary>Internetwork email routing facility.</summary>
<interface name="sendmail_stub" lineno="13">
<summary>
Sendmail stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_rw_pipes" lineno="29">
<summary>
Read and write sendmail unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_domtrans" lineno="47">
<summary>
Execute a domain transition to run sendmail.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sendmail_run" lineno="78">
<summary>
Execute the sendmail program in the
sendmail domain, and allow the
specified role the sendmail domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_signal" lineno="97">
<summary>
Send generic signals to sendmail.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_rw_tcp_sockets" lineno="115">
<summary>
Read and write sendmail TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_dontaudit_rw_tcp_sockets" lineno="134">
<summary>
Do not audit attempts to read and write
sendmail TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sendmail_rw_unix_stream_sockets" lineno="153">
<summary>
Read and write sendmail unix
domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_dontaudit_rw_unix_stream_sockets" lineno="172">
<summary>
Do not audit attempts to read and write
sendmail unix_stream_sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sendmail_read_log" lineno="191">
<summary>
Read sendmail log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_manage_log" lineno="212">
<summary>
Create, read, write, and delete
sendmail log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_log_filetrans_sendmail_log" lineno="242">
<summary>
Create specified objects in generic
log directories sendmail log file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="sendmail_manage_tmp_files" lineno="261">
<summary>
Create, read, write, and delete
sendmail tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_domtrans_unconfined" lineno="280">
<summary>
Execute sendmail in the unconfined sendmail domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sendmail_run_unconfined" lineno="311">
<summary>
Execute sendmail in the unconfined
sendmail domain, and allow the
specified role the unconfined
sendmail domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_admin" lineno="337">
<summary>
All of the rules required to
administrate an sendmail environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sensord" filename="policy/modules/services/sensord.if">
<summary>Sensor information logging daemon.</summary>
<interface name="sensord_admin" lineno="20">
<summary>
All of the rules required to
administrate an sensord environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="setroubleshoot" filename="policy/modules/services/setroubleshoot.if">
<summary>SELinux troubleshooting service.</summary>
<interface name="setroubleshoot_stream_connect" lineno="14">
<summary>
Connect to setroubleshootd with a
unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dontaudit_stream_connect" lineno="36">
<summary>
Do not audit attempts to connect to
setroubleshootd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="setroubleshoot_signull" lineno="55">
<summary>
Send null signals to setroubleshoot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dbus_chat" lineno="74">
<summary>
Send and receive messages from
setroubleshoot over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dontaudit_dbus_chat" lineno="95">
<summary>
Do not audit send and receive messages from
setroubleshoot over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dbus_chat_fixit" lineno="116">
<summary>
Send and receive messages from
setroubleshoot fixit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_admin" lineno="143">
<summary>
All of the rules required to
administrate an setroubleshoot environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role" unused="true">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="shibboleth" filename="policy/modules/services/shibboleth.if">
<summary>Shibboleth authentication daemon</summary>
<interface name="shibboleth_read_config" lineno="14">
<summary>
Allow your application domain to access
config files from shibboleth
</summary>
<param name="domain">
<summary>
The domain which should be enabled.
</summary>
</param>
</interface>
<interface name="shibboleth_stream_connect" lineno="32">
<summary>
Allow the specified domain to connect to shibboleth with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="slpd" filename="policy/modules/services/slpd.if">
<summary>OpenSLP server daemon to dynamically register services.</summary>
<interface name="slpd_admin" lineno="20">
<summary>
All of the rules required to
administrate an slpd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="slrnpull" filename="policy/modules/services/slrnpull.if">
<summary>Service for downloading news feeds the slrn newsreader.</summary>
<interface name="slrnpull_search_spool" lineno="13">
<summary>
Search slrnpull spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="slrnpull_manage_spool" lineno="33">
<summary>
Create, read, write, and delete
slrnpull spool content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="smartmon" filename="policy/modules/services/smartmon.if">
<summary>Smart disk monitoring daemon.</summary>
<interface name="smartmon_read_tmp_files" lineno="13">
<summary>
Read smartmon temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smartmon_admin" lineno="39">
<summary>
All of the rules required to
administrate an smartmon environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fsdaemon_read_lib" lineno="71">
<summary>
Read fsdaemon /var/lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="smartmon_3ware" dftval="false">
<desc>
<p>
Determine whether smartmon can support
devices on 3ware controllers.
</p>
</desc>
</tunable>
</module>
<module name="smokeping" filename="policy/modules/services/smokeping.if">
<summary>Smokeping network latency measurement.</summary>
<interface name="smokeping_domtrans" lineno="13">
<summary>
Execute a domain transition to run smokeping.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="smokeping_initrc_domtrans" lineno="33">
<summary>
Execute smokeping init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="smokeping_read_pid_files" lineno="51">
<summary>
Read smokeping pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_manage_pid_files" lineno="66">
<summary>
Create, read, write, and delete
smokeping pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_getattr_lib_files" lineno="80">
<summary>
Get attributes of smokeping lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_read_lib_files" lineno="99">
<summary>
Read smokeping lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_manage_lib_files" lineno="119">
<summary>
Create, read, write, and delete
smokeping lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_admin" lineno="145">
<summary>
All of the rules required to
administrate a smokeping environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_httpd_smokeping_cgi_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="smstools" filename="policy/modules/services/smstools.if">
<summary> Tools to send and receive short messages through GSM modems or mobile phones.</summary>
<interface name="smstools_admin" lineno="20">
<summary>
All of the rules required to
administrate an smstools environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="snmp" filename="policy/modules/services/snmp.if">
<summary>Simple network management protocol services.</summary>
<interface name="snmp_stream_connect" lineno="14">
<summary>
Connect to snmpd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_tcp_connect" lineno="33">
<summary>
Connect to snmp over the TCP network.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_manage_var_lib_dirs" lineno="54">
<summary>
Create, read, write, and delete
snmp lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_manage_var_lib_files" lineno="74">
<summary>
Create, read, write, and delete
snmp lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_read_snmp_var_lib_files" lineno="94">
<summary>
Read snmpd lib content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_dontaudit_read_snmp_var_lib_files" lineno="115">
<summary>
Do not audit attempts to read
snmpd lib content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="snmp_dontaudit_write_snmp_var_lib_files" lineno="136">
<summary>
Do not audit attempts to write
snmpd lib files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="snmp_admin" lineno="161">
<summary>
All of the rules required to
administrate an snmp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="snort" filename="policy/modules/services/snort.if">
<summary>Snort network intrusion detection system.</summary>
<interface name="snort_domtrans" lineno="13">
<summary>
Execute a domain transition to run snort.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="snort_admin" lineno="39">
<summary>
All of the rules required to
administrate an snort environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="soundserver" filename="policy/modules/services/soundserver.if">
<summary>sound server for network audio server programs, nasd, yiff, etc</summary>
<interface name="soundserver_admin" lineno="20">
<summary>
All of the rules required to
administrate an soundd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="spamassassin" filename="policy/modules/services/spamassassin.if">
<summary>Filter used for removing unsolicited email.</summary>
<interface name="spamassassin_role" lineno="18">
<summary>
Role access for spamassassin.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
<interface name="spamassassin_run_update" lineno="57">
<summary>
Execute sa-update in the spamd-update domain,
and allow the specified role
the spamd-update domain. Also allow transitive
access to the private gpg domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_exec" lineno="77">
<summary>
Execute the standalone spamassassin
program in the caller directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_signal_spamd" lineno="96">
<summary>
Send generic signals to spamd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_reload" lineno="115">
<summary>
reload SA service
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="spamassassin_status" lineno="135">
<summary>
Get SA service status
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="spamassassin_exec_spamd" lineno="154">
<summary>
Execute spamd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_domtrans_client" lineno="173">
<summary>
Execute spamc in the spamc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="spamassassin_exec_client" lineno="192">
<summary>
Execute spamc in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_kill_client" lineno="211">
<summary>
Send kill signals to spamc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_domtrans_local_client" lineno="230">
<summary>
Execute spamassassin standalone client
in the user spamassassin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="spamassassin_manage_spamd_home_content" lineno="250">
<summary>
Create, read, write, and delete
spamd home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_relabel_spamd_home_content" lineno="271">
<summary>
Relabel spamd home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_home_filetrans_spamd_home" lineno="303">
<summary>
Create objects in user home
directories with the spamd home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="spamassassin_read_lib_files" lineno="321">
<summary>
Read spamd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_manage_lib_files" lineno="341">
<summary>
Create, read, write, and delete
spamd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_read_spamd_pid_files" lineno="360">
<summary>
Read spamd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_read_spamd_runtime_files" lineno="375">
<summary>
Read spamd runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_read_spamd_tmp_files" lineno="394">
<summary>
Read temporary spamd files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_dontaudit_getattr_spamd_tmp_sockets" lineno="413">
<summary>
Do not audit attempts to get
attributes of temporary spamd sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="spamassassin_stream_connect_spamd" lineno="432">
<summary>
Connect to spamd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_admin" lineno="458">
<summary>
All of the rules required to
administrate an spamassassin environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="spamassassin_can_network" dftval="false">
<desc>
<p>
Determine whether spamassassin
clients can use the network.
</p>
</desc>
</tunable>
<tunable name="spamd_enable_home_dirs" dftval="false">
<desc>
<p>
Determine whether spamd can manage
generic user home content.
</p>
</desc>
</tunable>
<tunable name="rspamd_spamd" dftval="false">
<desc>
<p>
Determine whether extra rules should
be enabled to support rspamd.
</p>
</desc>
</tunable>
</module>
<module name="squid" filename="policy/modules/services/squid.if">
<summary>Squid caching http proxy server.</summary>
<interface name="squid_domtrans" lineno="13">
<summary>
Execute squid in the squid domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="squid_exec" lineno="32">
<summary>
Execute squid in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_signal" lineno="51">
<summary>
Send generic signals to squid.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_rw_stream_sockets" lineno="70">
<summary>
Read and write squid unix
domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_dontaudit_search_cache" lineno="90">
<summary>
Do not audit attempts to search
squid cache directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="squid_read_config" lineno="109">
<summary>
Read squid configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="squid_read_log" lineno="129">
<summary>
Read squid log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="squid_append_log" lineno="148">
<summary>
Append squid log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_manage_logs" lineno="169">
<summary>
Create, read, write, and delete
squid log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="squid_dontaudit_read_tmpfs_files" lineno="189">
<summary>
dontaudit statting tmpfs files
</summary>
<param name="domain">
<summary>
Domain to not be audited
</summary>
</param>
<rolecap/>
</interface>
<interface name="squid_admin" lineno="214">
<summary>
All of the rules required to
administrate an squid environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="squid_connect_any" dftval="false">
<desc>
<p>
Determine whether squid can
connect to all TCP ports.
</p>
</desc>
</tunable>
<tunable name="squid_use_tproxy" dftval="false">
<desc>
<p>
Determine whether squid can run
as a transparent proxy.
</p>
</desc>
</tunable>
<tunable name="squid_use_pinger" dftval="true">
<desc>
<p>
Determine whether squid can use the
pinger daemon (needs raw net access)
</p>
</desc>
</tunable>
<tunable name="allow_httpd_squid_script_anon_write" dftval="false">
<desc>
<p>
Determine whether the script domain can
modify public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
</module>
<module name="ssh" filename="policy/modules/services/ssh.if">
<summary>Secure shell client and server policy.</summary>
<template name="ssh_basic_client_template" lineno="34">
<summary>
Basic SSH client template.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for ssh client sessions.  A derived
type is also created to protect the user ssh keys.
</p>
<p>
This template was added for NX.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_domain">
<summary>
The type of the domain.
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
</template>
<template name="ssh_server_template" lineno="168">
<summary>
The template to define a ssh server.
</summary>
<desc>
<p>
This template creates a domains to be used for
creating a ssh server.  This is typically done
to have multiple ssh servers of different sensitivities,
such as for an internal network-facing ssh server, and
a external network-facing ssh server.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the server domain (e.g., sshd
is the prefix for sshd_t).
</summary>
</param>
</template>
<template name="ssh_role_template" lineno="298">
<summary>
Role access for ssh
</summary>
<param name="role_prefix">
<summary>
The prefix of the role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</template>
<interface name="ssh_sigchld" lineno="457">
<summary>
Send a SIGCHLD signal to the ssh server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_signal" lineno="475">
<summary>
Send a generic signal to the ssh server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_signull" lineno="493">
<summary>
Send a null signal to sshd processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_read_pipes" lineno="511">
<summary>
Read a ssh server unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_rw_pipes" lineno="528">
<summary>
Read and write a ssh server unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_rw_stream_sockets" lineno="546">
<summary>
Read and write ssh server unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_rw_tcp_sockets" lineno="564">
<summary>
Read and write ssh server TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_dontaudit_rw_tcp_sockets" lineno="583">
<summary>
Do not audit attempts to read and write
ssh server TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ssh_exec_sshd" lineno="601">
<summary>
Execute the ssh daemon in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_domtrans" lineno="620">
<summary>
Execute the ssh daemon sshd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ssh_exec" lineno="638">
<summary>
Execute the ssh client in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_setattr_key_files" lineno="657">
<summary>
Set the attributes of sshd key files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_agent_exec" lineno="676">
<summary>
Execute the ssh agent client in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_read_user_home_files" lineno="695">
<summary>
Read ssh home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_domtrans_keygen" lineno="716">
<summary>
Execute the ssh key generator in the ssh keygen domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ssh_dontaudit_read_server_keys" lineno="734">
<summary>
Read ssh server keys
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ssh_manage_home_files" lineno="752">
<summary>
Manage ssh home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_delete_tmp" lineno="771">
<summary>
Delete from the ssh temp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_dontaudit_agent_tmp" lineno="790">
<summary>
dontaudit access to ssh agent tmp dirs
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<tunable name="allow_ssh_keysign" dftval="false">
<desc>
<p>
allow host key based authentication
</p>
</desc>
</tunable>
<tunable name="ssh_sysadm_login" dftval="false">
<desc>
<p>
Allow ssh logins as sysadm_r:sysadm_t
</p>
</desc>
</tunable>
<tunable name="ssh_use_gpg_agent" dftval="false">
<desc>
<p>
Allow ssh to use gpg-agent
</p>
</desc>
</tunable>
</module>
<module name="sssd" filename="policy/modules/services/sssd.if">
<summary>System Security Services Daemon.</summary>
<interface name="sssd_getattr_exec" lineno="13">
<summary>
Get attributes of sssd executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_domtrans" lineno="31">
<summary>
Execute a domain transition to run sssd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sssd_initrc_domtrans" lineno="51">
<summary>
Execute sssd init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sssd_read_config" lineno="69">
<summary>
Read sssd configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_write_config" lineno="89">
<summary>
Write sssd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_manage_config" lineno="109">
<summary>
Create, read, write, and delete
sssd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_read_public_files" lineno="128">
<summary>
Read sssd public files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_manage_public_files" lineno="149">
<summary>
Create, read, write, and delete
sssd public files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_read_pid_files" lineno="168">
<summary>
Read sssd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_manage_pids" lineno="184">
<summary>
Create, read, write, and delete
sssd pid content.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_read_runtime_files" lineno="198">
<summary>
Read sssd runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_search_lib" lineno="217">
<summary>
Search sssd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_dontaudit_search_lib" lineno="237">
<summary>
Do not audit attempts to search
sssd lib directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sssd_read_lib_files" lineno="255">
<summary>
Read sssd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_manage_lib_files" lineno="276">
<summary>
Create, read, write, and delete
sssd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_dbus_chat" lineno="297">
<summary>
Send and receive messages from
sssd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_stream_connect" lineno="318">
<summary>
Connect to sssd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_admin" lineno="344">
<summary>
All of the rules required to
administrate an sssd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="stubby" filename="policy/modules/services/stubby.if">
<summary>DNS Privacy stub resolver.</summary>
</module>
<module name="stunnel" filename="policy/modules/services/stunnel.if">
<summary>SSL Tunneling Proxy.</summary>
<interface name="stunnel_service_domain" lineno="18">
<summary>
Define the specified domain as a stunnel inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the stunnel inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="stunnel_read_config" lineno="37">
<summary>
Read stunnel configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="svnserve" filename="policy/modules/services/svnserve.if">
<summary>Server for the svn repository access method.</summary>
<interface name="svnserve_admin" lineno="20">
<summary>
All of the rules required to
administrate an svnserve environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sympa" filename="policy/modules/services/sympa.if">
<summary></summary>
<interface name="sympa_append_var_files" lineno="13">
<summary>
Allow appending to sympa_var_t (for error log)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sympa_read_var_files" lineno="31">
<summary>
Allow reading sympa_var_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sympa_manage_var_files" lineno="50">
<summary>
Allow managing sympa_var_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sympa_domtrans" lineno="69">
<summary>
Transition to sympa_t when executing sympa_exec_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sympa_use_fd" lineno="87">
<summary>
Use file handles inherited from sympa
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sympa_dontaudit_tcp_rw" lineno="105">
<summary>
Dontaudit access to inherited sympa tcp sockets
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="sympa_read_conf" lineno="123">
<summary>
Allow reading sympa config files
</summary>
<param name="domain">
<summary>
Domain to allow
</summary>
</param>
</interface>
<interface name="sympa_manage_runtime_files" lineno="142">
<summary>
Allow rw sympa runtime dirs and manage sympa runtime files
</summary>
<param name="domain">
<summary>
Domain to allow
</summary>
</param>
</interface>
<interface name="sympa_manage_runtime_sock_files" lineno="161">
<summary>
Allow rw sympa runtime dirs and manage sympa runtime sock files
</summary>
<param name="domain">
<summary>
Domain to allow
</summary>
</param>
</interface>
</module>
<module name="sysstat" filename="policy/modules/services/sysstat.if">
<summary>Reports on various system states.</summary>
<interface name="sysstat_manage_log" lineno="15">
<summary>
Create, read, write, and delete
sysstat log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysstat_admin" lineno="41">
<summary>
All of the rules required to
administrate an sysstat environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="systemtap" filename="policy/modules/services/systemtap.if">
<summary>instrumentation system for Linux.</summary>
<interface name="stapserver_admin" lineno="20">
<summary>
All of the rules required to
administrate an stapserver environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="tcpd" filename="policy/modules/services/tcpd.if">
<summary>TCP daemon.</summary>
<interface name="tcpd_domtrans" lineno="13">
<summary>
Execute tcpd in the tcpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tcpd_wrapped_domain" lineno="38">
<summary>
Create a domain for services that
utilize tcp wrappers.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
</module>
<module name="tcsd" filename="policy/modules/services/tcsd.if">
<summary>TSS Core Services daemon.</summary>
<interface name="tcsd_domtrans" lineno="13">
<summary>
Execute a domain transition to run tcsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tcsd_initrc_domtrans" lineno="33">
<summary>
Execute tcsd init scripts in the
initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tcsd_search_lib" lineno="51">
<summary>
Search tcsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tcsd_manage_lib_dirs" lineno="71">
<summary>
Create, read, write, and delete
tcsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tcsd_read_lib_files" lineno="90">
<summary>
Read tcsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tcsd_manage_lib_files" lineno="110">
<summary>
Create, read, write, and delete
tcsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tcsd_admin" lineno="136">
<summary>
All of the rules required to
administrate an tcsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="telnet" filename="policy/modules/services/telnet.if">
<summary>Telnet daemon.</summary>
<interface name="telnet_use_ptys" lineno="13">
<summary>
Read and write telnetd pty devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="tftp" filename="policy/modules/services/tftp.if">
<summary>Trivial file transfer protocol daemon.</summary>
<interface name="tftp_read_content" lineno="13">
<summary>
Read tftp content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_manage_rw_content" lineno="35">
<summary>
Create, read, write, and delete
tftp rw content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_read_config_files" lineno="56">
<summary>
Read tftpd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_manage_config_files" lineno="76">
<summary>
Create, read, write, and delete
tftpd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_etc_filetrans_config" lineno="106">
<summary>
Create objects in etc directories
with tftp conf type.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="tftp_filetrans_tftpdir" lineno="140">
<summary>
Create objects in tftpdir directories
with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
Private file type.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="tftp_admin" lineno="166">
<summary>
All of the rules required to
administrate an tftp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role" unused="true">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="tftp_anon_write" dftval="false">
<desc>
<p>
Determine whether tftp can modify
public files used for public file
transfer services. Directories/Files must
be labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="tftp_enable_homedir" dftval="false">
<desc>
<p>
Determine whether tftp can manage
generic user home content.
</p>
</desc>
</tunable>
</module>
<module name="tgtd" filename="policy/modules/services/tgtd.if">
<summary>Linux Target Framework Daemon.</summary>
<interface name="tgtd_rw_semaphores" lineno="13">
<summary>
Read and write tgtd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tgtd_manage_semaphores" lineno="32">
<summary>
Create, read, write, and delete
tgtd sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tgtd_stream_connect" lineno="51">
<summary>
Connect to tgtd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tgtd_admin" lineno="77">
<summary>
All of the rules required to
administrate an tgtd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="timidity" filename="policy/modules/services/timidity.if">
<summary>MIDI to WAV converter and player configured as a service.</summary>
</module>
<module name="tor" filename="policy/modules/services/tor.if">
<summary>The onion router.</summary>
<interface name="tor_domtrans" lineno="13">
<summary>
Execute a domain transition to run tor.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tor_admin" lineno="39">
<summary>
All of the rules required to
administrate an tor environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="tor_bind_all_unreserved_ports" dftval="false">
<desc>
<p>
Determine whether tor can bind
tcp sockets to all unreserved ports.
</p>
</desc>
</tunable>
</module>
<module name="tpm2" filename="policy/modules/services/tpm2.if">
<summary>Trusted Platform Module 2.0</summary>
<interface name="tpm2_exec" lineno="14">
<summary>
Execute tpm2_* processes
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tpm2_domtrans" lineno="33">
<summary>
Execute tpm2_* processes in the tpm2 domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tpm2_run" lineno="58">
<summary>
Execute tpm2_* processes in the tpm2
domain and allow the specified role
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="tpm2_use_fds" lineno="78">
<summary>
Use tpm2 file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tpm2_dontaudit_use_fds" lineno="97">
<summary>
Do not audit attempts to inherit file
descriptors from tpm2.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="tpm2_dbus_chat_abrmd" lineno="116">
<summary>
Send and receive messages from
tpm2-abrmd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tpm2_read_pipes" lineno="144">
<summary>
Allow tpm2 to read unnamed pipes from other process.
</summary>
<desc>
<p>
Allow the tpm to open and read pipes from other
domain.  This is seen when piping input to one
of the tpm2_* processes.  For example:
sha512sum my_file | tpm2_hmac -k 0x81001000 -g sha256 /dev/stdin
</p>
</desc>
<param name="domain">
<summary>
Domain of pipe to be read by tpm2_t.
</summary>
</param>
</interface>
<interface name="tpm2_enabledisable_abrmd" lineno="162">
<summary>
Allow specified domain to enable/disable tpm2-abrmd unit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tpm2_startstop_abrmd" lineno="181">
<summary>
Allow specified domain to start/stop tpm2-abrmd unit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tpm2_status_abrmd" lineno="200">
<summary>
Allow specified domain to get status of tpm2-abrmd unit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tpm2_rw_abrmd_pipes" lineno="219">
<summary>
access tpm2-abrmd fifos
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
</module>
<module name="transproxy" filename="policy/modules/services/transproxy.if">
<summary>Portable Transparent Proxy Solution.</summary>
<interface name="transproxy_admin" lineno="20">
<summary>
All of the rules required to
administrate an transproxy environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="tuned" filename="policy/modules/services/tuned.if">
<summary>Dynamic adaptive system tuning daemon.</summary>
<interface name="tuned_domtrans" lineno="13">
<summary>
Execute a domain transition to run tuned.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tuned_exec" lineno="32">
<summary>
Execute tuned in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tuned_read_pid_files" lineno="51">
<summary>
Read tuned pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tuned_manage_pid_files" lineno="66">
<summary>
Create, read, write, and delete
tuned pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tuned_initrc_domtrans" lineno="81">
<summary>
Execute tuned init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tuned_admin" lineno="106">
<summary>
All of the rules required to
administrate an tuned environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ucspitcp" filename="policy/modules/services/ucspitcp.if">
<summary>UNIX Client-Server Program Interface for TCP.</summary>
<interface name="ucspitcp_service_domain" lineno="18">
<summary>
Define a specified domain as a ucspitcp service.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
</module>
<module name="ulogd" filename="policy/modules/services/ulogd.if">
<summary>Iptables/netfilter userspace logging daemon.</summary>
<interface name="ulogd_domtrans" lineno="13">
<summary>
Execute a domain transition to run ulogd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ulogd_read_config" lineno="33">
<summary>
Read ulogd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ulogd_read_log" lineno="53">
<summary>
Read ulogd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ulogd_search_log" lineno="73">
<summary>
Search ulogd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ulogd_append_log" lineno="93">
<summary>
Append to ulogd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ulogd_admin" lineno="120">
<summary>
All of the rules required to
administrate an ulogd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="uptime" filename="policy/modules/services/uptime.if">
<summary>Daemon to record and keep track of system up times.</summary>
<interface name="uptime_admin" lineno="20">
<summary>
All of the rules required to
administrate an uptime environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="usbmuxd" filename="policy/modules/services/usbmuxd.if">
<summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone.</summary>
<interface name="usbmuxd_domtrans" lineno="13">
<summary>
Execute a domain transition to run usbmuxd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usbmuxd_stream_connect" lineno="33">
<summary>
Connect to usbmuxd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="uucp" filename="policy/modules/services/uucp.if">
<summary>Unix to Unix Copy.</summary>
<interface name="uucp_domtrans" lineno="13">
<summary>
Execute uucico in the uucpd_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="uucp_append_log" lineno="32">
<summary>
Append uucp log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uucp_manage_spool" lineno="53">
<summary>
Create, read, write, and delete
uucp spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uucp_domtrans_uux" lineno="74">
<summary>
Execute uux in the uux_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="uucp_admin" lineno="100">
<summary>
All of the rules required to
administrate an uucp environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="uuidd" filename="policy/modules/services/uuidd.if">
<summary>UUID generation daemon.</summary>
<interface name="uuidd_domtrans" lineno="13">
<summary>
Execute uuidd in the uuidd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="uuidd_initrc_domtrans" lineno="33">
<summary>
Execute uuidd init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_search_lib" lineno="51">
<summary>
Search uuidd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_read_lib_files" lineno="70">
<summary>
Read uuidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_manage_lib_files" lineno="90">
<summary>
Create, read, write, and delete
uuidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_manage_lib_dirs" lineno="110">
<summary>
Create, read, write, and delete
uuidd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_read_pid_files" lineno="129">
<summary>
Read uuidd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_stream_connect_manager" lineno="144">
<summary>
Connect to uuidd with an unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_admin" lineno="170">
<summary>
All of the rules required to
administrate an uuidd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="uwimap" filename="policy/modules/services/uwimap.if">
<summary>University of Washington IMAP toolkit POP3 and IMAP mail server.</summary>
<interface name="uwimap_domtrans" lineno="13">
<summary>
Execute imapd in the imapd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="varnishd" filename="policy/modules/services/varnishd.if">
<summary>Varnishd http accelerator daemon.</summary>
<interface name="varnishd_domtrans" lineno="13">
<summary>
Execute varnishd in the varnishd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="varnishd_exec" lineno="32">
<summary>
Execute varnishd in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_read_config" lineno="51">
<summary>
Read varnishd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_read_lib_files" lineno="70">
<summary>
Read varnish lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_read_log" lineno="89">
<summary>
Read varnish log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_append_log" lineno="108">
<summary>
Append varnish log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_manage_log" lineno="128">
<summary>
Create, read, write, and delete
varnish log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_admin_varnishlog" lineno="154">
<summary>
All of the rules required to
administrate an varnishlog environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="varnishd_admin" lineno="189">
<summary>
All of the rules required to
administrate an varnishd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="varnishd_connect_any" dftval="false">
<desc>
<p>
Determine whether varnishd can
use the full TCP network.
</p>
</desc>
</tunable>
</module>
<module name="vdagent" filename="policy/modules/services/vdagent.if">
<summary>Spice agent for Linux.</summary>
<interface name="vdagent_domtrans" lineno="13">
<summary>
Execute a domain transition to run vdagent.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_getattr_exec_files" lineno="32">
<summary>
Get attributes of vdagent executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_getattr_log" lineno="50">
<summary>
Get attributes of vdagent log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_read_pid_files" lineno="69">
<summary>
Read vdagent pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_stream_connect" lineno="84">
<summary>
Connect to vdagent with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_admin" lineno="110">
<summary>
All of the rules required to
administrate an vdagent environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="vhostmd" filename="policy/modules/services/vhostmd.if">
<summary>Virtual host metrics daemon.</summary>
<interface name="vhostmd_domtrans" lineno="13">
<summary>
Execute a domain transition to run vhostmd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vhostmd_initrc_domtrans" lineno="33">
<summary>
Execute vhostmd init scripts in
the initrc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vhostmd_read_tmpfs_files" lineno="51">
<summary>
Read vhostmd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_dontaudit_read_tmpfs_files" lineno="71">
<summary>
Do not audit attempts to read
vhostmd tmpfs files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="vhostmd_rw_tmpfs_files" lineno="89">
<summary>
Read and write vhostmd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_manage_tmpfs_files" lineno="109">
<summary>
Create, read, write, and delete
vhostmd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_read_pid_files" lineno="128">
<summary>
Read vhostmd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_manage_pid_files" lineno="143">
<summary>
Create, read, write, and delete
vhostmd pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_stream_connect" lineno="158">
<summary>
Connect to vhostmd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_dontaudit_rw_stream_connect" lineno="178">
<summary>
Do not audit attempts to read and
write vhostmd unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="vhostmd_admin" lineno="203">
<summary>
All of the rules required to
administrate an vhostmd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="virt" filename="policy/modules/services/virt.if">
<summary>Libvirt virtualization API.</summary>
<template name="virt_domain_template" lineno="13">
<summary>
The template to define a virt domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<template name="virt_lxc_domain_template" lineno="97">
<summary>
The template to define a virt lxc domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="virt_image" lineno="121">
<summary>
Make the specified type virt image type.
</summary>
<param name="type">
<summary>
Type to be used as a virtual image.
</summary>
</param>
</interface>
<interface name="virt_domtrans" lineno="141">
<summary>
Execute a domain transition to run virtd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_domtrans_qmf" lineno="160">
<summary>
Execute a domain transition to run virt qmf.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_domtrans_bridgehelper" lineno="180">
<summary>
Execute a domain transition to
run virt bridgehelper.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_domtrans_leaseshelper" lineno="200">
<summary>
Execute a domain transition to
run virt leaseshelper.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_run_bridgehelper" lineno="226">
<summary>
Execute bridgehelper in the bridgehelper
domain, and allow the specified role
the bridgehelper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="virt_run_virt_domain" lineno="252">
<summary>
Execute virt domain in the their
domain, and allow the specified
role that virt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="virt_signal_all_virt_domains" lineno="276">
<summary>
Send generic signals to all virt domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_kill_all_virt_domains" lineno="294">
<summary>
Send kill signals to all virt domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_run_svirt_lxc_domain" lineno="319">
<summary>
Execute svirt lxc domains in their
domain, and allow the specified
role that svirt lxc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="virt_getattr_virtd_exec_files" lineno="343">
<summary>
Get attributes of virtd executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_stream_connect" lineno="362">
<summary>
Connect to virt with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_attach_tun_iface" lineno="381">
<summary>
Attach to virt tun devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_config" lineno="400">
<summary>
Read virt configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_config" lineno="423">
<summary>
Create, read, write, and delete
virt configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_content" lineno="445">
<summary>
Read virt content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_virt_content" lineno="481">
<summary>
Create, read, write, and delete
virt content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_relabel_virt_content" lineno="517">
<summary>
Relabel virt content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_home_filetrans_virt_content" lineno="552">
<summary>
Create specified objects in user home
directories with the virt content type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="virt_manage_svirt_home_content" lineno="571">
<summary>
Create, read, write, and delete
svirt home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_relabel_svirt_home_content" lineno="606">
<summary>
Relabel svirt home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_home_filetrans_svirt_home" lineno="640">
<summary>
Create specified objects in user home
directories with the svirt home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="virt_home_filetrans" lineno="675">
<summary>
Create specified objects in generic
virt home directories with private
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
Private file type.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="virt_manage_home_files" lineno="695">
<summary>
Create, read, write, and delete
virt home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_generic_virt_home_content" lineno="715">
<summary>
Create, read, write, and delete
virt home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_relabel_generic_virt_home_content" lineno="750">
<summary>
Relabel virt home content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_home_filetrans_virt_home" lineno="785">
<summary>
Create specified objects in user home
directories with the generic virt
home type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="virt_read_pid_files" lineno="803">
<summary>
Read virt pid files.  (Depprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_pid_files" lineno="819">
<summary>
Create, read, write, and delete
virt pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_runtime_files" lineno="833">
<summary>
Read virt runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_runtime_filetrans" lineno="868">
<summary>
Create an object in the libvirt runtime directory, with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="virt_search_lib" lineno="886">
<summary>
Search virt lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_lib_files" lineno="905">
<summary>
Read virt lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_lib_files" lineno="926">
<summary>
Create, read, write, and delete
virt lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_pid_filetrans" lineno="962">
<summary>
Create objects in virt pid
directories with a private type.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="virt_read_log" lineno="978">
<summary>
Read virt log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="virt_append_log" lineno="997">
<summary>
Append virt log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_log" lineno="1017">
<summary>
Create, read, write, and delete
virt log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_search_images" lineno="1038">
<summary>
Search virt image directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_images" lineno="1057">
<summary>
Read virt image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_rw_all_image_chr_files" lineno="1093">
<summary>
Read and write all virt image
character files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_virt_cache" lineno="1114">
<summary>
Create, read, write, and delete
virt cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_images" lineno="1136">
<summary>
Create, read, write, and delete
virt image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_admin" lineno="1178">
<summary>
All of the rules required to
administrate an virt environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="virt_use_comm" dftval="false">
<desc>
<p>
Determine whether confined virtual guests
can use serial/parallel communication ports.
</p>
</desc>
</tunable>
<tunable name="virt_use_execmem" dftval="false">
<desc>
<p>
Determine whether confined virtual guests
can use executable memory and can make
their stack executable.
</p>
</desc>
</tunable>
<tunable name="virt_use_fusefs" dftval="false">
<desc>
<p>
Determine whether confined virtual guests
can use fuse file systems.
</p>
</desc>
</tunable>
<tunable name="virt_use_nfs" dftval="false">
<desc>
<p>
Determine whether confined virtual guests
can use nfs file systems.
</p>
</desc>
</tunable>
<tunable name="virt_use_samba" dftval="false">
<desc>
<p>
Determine whether confined virtual guests
can use cifs file systems.
</p>
</desc>
</tunable>
<tunable name="virt_use_sysfs" dftval="false">
<desc>
<p>
Determine whether confined virtual guests
can manage device configuration.
</p>
</desc>
</tunable>
<tunable name="virt_use_usb" dftval="false">
<desc>
<p>
Determine whether confined virtual guests
can use usb devices.
</p>
</desc>
</tunable>
<tunable name="virt_use_xserver" dftval="false">
<desc>
<p>
Determine whether confined virtual guests
can interact with xserver.
</p>
</desc>
</tunable>
<tunable name="virt_use_vfio" dftval="false">
<desc>
<p>
Determine whether confined virtual guests
can use vfio for pci device pass through (vt-d).
</p>
</desc>
</tunable>
<tunable name="virt_use_evdev" dftval="false">
<desc>
<p>
Determine whether confined virtual guests
can use input devices via evdev pass through.
</p>
</desc>
</tunable>
</module>
<module name="vnstatd" filename="policy/modules/services/vnstatd.if">
<summary>Console network traffic monitor.</summary>
<interface name="vnstatd_domtrans_vnstat" lineno="13">
<summary>
Execute a domain transition to run vnstat.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vnstatd_run_vnstat" lineno="39">
<summary>
Execute vnstat in the vnstat domain,
and allow the specified role
the vnstat domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="vnstatd_admin" lineno="65">
<summary>
All of the rules required to
administrate an vnstatd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="watchdog" filename="policy/modules/services/watchdog.if">
<summary>Software watchdog.</summary>
<interface name="watchdog_admin" lineno="20">
<summary>
All of the rules required to
administrate an watchdog environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="wdmd" filename="policy/modules/services/wdmd.if">
<summary>Watchdog multiplexing daemon.</summary>
<interface name="wdmd_stream_connect" lineno="14">
<summary>
Connect to wdmd with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wdmd_admin" lineno="40">
<summary>
All of the rules required to
administrate an wdmd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="wireguard" filename="policy/modules/services/wireguard.if">
<summary>WireGuard VPN.</summary>
<interface name="wireguard_domtrans" lineno="13">
<summary>
Execute WireGuard in the wireguard domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="wireguard_run" lineno="39">
<summary>
Execute WireGuard in the wireguard domain, and
allow the specified role the wireguard domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="wireguard_admin" lineno="66">
<summary>
All of the rules required to
administrate a WireGuard
environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="xfs" filename="policy/modules/services/xfs.if">
<summary>X Windows Font Server.</summary>
<interface name="xfs_read_sockets" lineno="13">
<summary>
Read xfs temporary sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xfs_stream_connect" lineno="33">
<summary>
Connect to xfs with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xfs_exec" lineno="52">
<summary>
Execute xfs in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xfs_create_tmp_dirs" lineno="71">
<summary>
Create xfs temporary dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xfs_admin" lineno="97">
<summary>
All of the rules required to
administrate an xfs environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="xserver" filename="policy/modules/services/xserver.if">
<summary>X Windows Server</summary>
<interface name="xserver_restricted_role" lineno="19">
<summary>
Rules required for using the X Windows server
and environment, for restricted users.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_role" lineno="141">
<summary>
Rules required for using the X Windows server
and environment.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_ro_session" lineno="212">
<summary>
Create sessions on the X server, with read-only
access to the X server shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tmpfs_type">
<summary>
The type of the domain SYSV tmpfs files.
</summary>
</param>
</interface>
<interface name="xserver_rw_session" lineno="254">
<summary>
Create sessions on the X server, with read and write
access to the X server shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tmpfs_type">
<summary>
The type of the domain SYSV tmpfs files.
</summary>
</param>
</interface>
<interface name="xserver_non_drawing_client" lineno="274">
<summary>
Create non-drawing client sessions on an X server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="xserver_common_x_domain_template" lineno="313">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain.  Provides the minimal set required by a basic
X client application.
</summary>
<param name="prefix">
<summary>
The prefix of the X client domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Client domain allowed access.
</summary>
</param>
</template>
<template name="xserver_object_types_template" lineno="372">
<summary>
Template for creating the set of types used
in an X windows domain.
</summary>
<param name="prefix">
<summary>
The prefix of the X client domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="xserver_user_x_domain_template" lineno="414">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain.  Provides the minimal set required by a basic
X client application.
</summary>
<param name="prefix">
<summary>
The prefix of the X client domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Client domain allowed access.
</summary>
</param>
<param name="tmpfs_type">
<summary>
The type of the domain SYSV tmpfs files.
</summary>
</param>
</template>
<interface name="xserver_use_user_fonts" lineno="481">
<summary>
Read user fonts, user font configuration,
and manage the user font cache.
</summary>
<desc>
<p>
Read user fonts, user font configuration,
and manage the user font cache.
</p>
<p>
This is a templated interface, and should only
be called from a per-userdomain template.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_domtrans_xauth" lineno="513">
<summary>
Transition to the Xauthority domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xserver_user_home_dir_filetrans_user_xauth" lineno="536">
<summary>
Create a Xauthority file in the user home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="xserver_user_home_dir_filetrans_user_iceauth" lineno="560">
<summary>
Create a ICEauthority file in
the user home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="xserver_user_home_dir_filetrans_user_xsession_log" lineno="579">
<summary>
Create a .xsession-errors log
file in the user home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_user_xauth" lineno="597">
<summary>
Read all users .Xauthority.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_user_dmrc" lineno="616">
<summary>
Read all users .dmrc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_user_iceauth" lineno="635">
<summary>
Read all users .ICEauthority.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_setattr_console_pipes" lineno="654">
<summary>
Set the attributes of the X windows console named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_rw_console" lineno="672">
<summary>
Read and write the X windows console named pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_create_console_pipes" lineno="690">
<summary>
Create the X windows console named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_relabel_console_pipes" lineno="708">
<summary>
relabel the X windows console named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_use_xdm_fds" lineno="726">
<summary>
Use file descriptors for xdm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_use_xdm_fds" lineno="745">
<summary>
Do not audit attempts to inherit
XDM file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_sigchld_xdm" lineno="763">
<summary>
Allow domain to send sigchld to xdm_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_rw_xdm_pipes" lineno="781">
<summary>
Read and write XDM unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_rw_xdm_pipes" lineno="800">
<summary>
Do not audit attempts to read and write
XDM unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_dbus_chat_xdm" lineno="820">
<summary>
Send and receive messages from
xdm over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_state" lineno="840">
<summary>
Read xdm process state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_setsched_xdm" lineno="862">
<summary>
Set the priority of the X Display
Manager (XDM).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_stream_connect_xdm" lineno="881">
<summary>
Connect to XDM over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_rw_config" lineno="900">
<summary>
Read xdm-writable configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_setattr_xdm_tmp_dirs" lineno="919">
<summary>
Set the attributes of XDM temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_create_xdm_tmp_sockets" lineno="938">
<summary>
Create a named socket in a XDM
temporary directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_delete_xdm_tmp_sockets" lineno="959">
<summary>
Delete a named socket in a XDM
temporary directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_pid" lineno="978">
<summary>
Read XDM pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_runtime_files" lineno="993">
<summary>
Read XDM runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_lib_files" lineno="1012">
<summary>
Read XDM var lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_xsession_entry_type" lineno="1030">
<summary>
Make an X session script an entrypoint for the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which the shell is an entrypoint.
</summary>
</param>
</interface>
<interface name="xserver_xsession_spec_domtrans" lineno="1067">
<summary>
Execute an X session in the target domain.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<desc>
<p>
Execute an Xsession in the target domain.  This
is an explicit transition, requiring the
caller to use setexeccon().
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the shell process.
</summary>
</param>
</interface>
<interface name="xserver_write_inherited_xsession_log" lineno="1086">
<summary>
Write to inherited  xsession log
files such as .xsession-errors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_rw_xsession_log" lineno="1106">
<summary>
Read and write xsession log
files such as .xsession-errors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_manage_xsession_log" lineno="1125">
<summary>
Manage xsession log files such
as .xsession-errors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_write_inherited_log" lineno="1144">
<summary>
Write to inherited X server log
files like /var/log/lightdm/lightdm.log
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_getattr_log" lineno="1162">
<summary>
Get the attributes of X server logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_write_log" lineno="1182">
<summary>
Do not audit attempts to write the X server
log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_delete_log" lineno="1200">
<summary>
Delete X server log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xkb_libs" lineno="1221">
<summary>
Read X keyboard extension libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_create_xdm_tmp_dirs" lineno="1243">
<summary>
Create xdm temporary directories.
</summary>
<param name="domain">
<summary>
Domain to allow access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_tmp_files" lineno="1261">
<summary>
Read xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_read_xdm_tmp_files" lineno="1280">
<summary>
Do not audit attempts to read xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_rw_xdm_tmp_files" lineno="1299">
<summary>
Read write xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_manage_xdm_tmp_files" lineno="1318">
<summary>
Create, read, write, and delete xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_getattr_xdm_tmp_sockets" lineno="1337">
<summary>
Do not audit attempts to get the attributes of
xdm temporary named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_list_xdm_tmp" lineno="1355">
<summary>
list xdm_tmp_t directories
</summary>
<param name="domain">
<summary>
Domain to allow
</summary>
</param>
</interface>
<interface name="xserver_domtrans" lineno="1373">
<summary>
Execute the X server in the X server domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xserver_signal" lineno="1392">
<summary>
Signal X servers
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_kill" lineno="1410">
<summary>
Kill X servers
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_state" lineno="1428">
<summary>
Allow reading xserver_t files to get cgroup and sessionid
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_rw_shm" lineno="1448">
<summary>
Read and write X server Sys V Shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_rw_tcp_sockets" lineno="1467">
<summary>
Do not audit attempts to read and write to
X server sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_rw_stream_sockets" lineno="1486">
<summary>
Do not audit attempts to read and write X server
unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_stream_connect" lineno="1505">
<summary>
Connect to the X server over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_tmp_files" lineno="1524">
<summary>
Read X server temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dbus_chat" lineno="1543">
<summary>
talk to xserver_t by dbus
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_manage_core_devices" lineno="1564">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain.  Gives the domain permission to read the
virtual core keyboard and virtual core pointer devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_unconfined" lineno="1587">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain.  Gives the domain complete control over the
display.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_rw_xdm_keys" lineno="1607">
<summary>
Manage keys for xdm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_link_xdm_keys" lineno="1625">
<summary>
Manage keys for xdm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_rw_mesa_shader_cache" lineno="1643">
<summary>
Read and write the mesa shader cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_manage_mesa_shader_cache" lineno="1664">
<summary>
Manage the mesa shader cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_write_xshm" dftval="false">
<desc>
<p>
Allows clients to write to the X server shared
memory segments.
</p>
</desc>
</tunable>
<tunable name="xdm_sysadm_login" dftval="false">
<desc>
<p>
Allow xdm logins as sysadm
</p>
</desc>
</tunable>
<tunable name="xserver_gnome_xdm" dftval="false">
<desc>
<p>
Use gnome-shell in gdm mode as the
X Display Manager (XDM)
</p>
</desc>
</tunable>
<tunable name="xserver_object_manager" dftval="false">
<desc>
<p>
Support X userspace object manager
</p>
</desc>
</tunable>
<tunable name="xserver_allow_dri" dftval="false">
<desc>
<p>
Allow DRI access
</p>
</desc>
</tunable>
</module>
<module name="zabbix" filename="policy/modules/services/zabbix.if">
<summary>Distributed infrastructure monitoring.</summary>
<interface name="zabbix_domtrans" lineno="13">
<summary>
Execute a domain transition to run zabbix.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zabbix_tcp_connect" lineno="32">
<summary>
Connect to zabbit on the TCP network.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_read_log" lineno="53">
<summary>
Read zabbix log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="zabbix_append_log" lineno="72">
<summary>
Append zabbix log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_read_pid_files" lineno="91">
<summary>
Read zabbix pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_agent_tcp_connect" lineno="105">
<summary>
Connect to zabbix agent on the TCP network.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_admin" lineno="132">
<summary>
All of the rules required to
administrate an zabbix environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="zabbix_can_network" dftval="false">
<desc>
<p>
Determine whether zabbix can
connect to all TCP ports
</p>
</desc>
</tunable>
</module>
<module name="zarafa" filename="policy/modules/services/zarafa.if">
<summary>Zarafa collaboration platform.</summary>
<template name="zarafa_domain_template" lineno="13">
<summary>
The template to define a zarafa domain.
</summary>
<param name="domain_prefix">
<summary>
Domain prefix to be used.
</summary>
</param>
</template>
<interface name="zarafa_search_config" lineno="60">
<summary>
search zarafa configuration directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zarafa_domtrans_deliver" lineno="79">
<summary>
Execute a domain transition to run zarafa deliver.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zarafa_domtrans_server" lineno="98">
<summary>
Execute a domain transition to run zarafa server.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zarafa_stream_connect_server" lineno="118">
<summary>
Connect to zarafa server with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zarafa_admin" lineno="144">
<summary>
All of the rules required to
administrate an zarafa environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="zebra" filename="policy/modules/services/zebra.if">
<summary>Zebra border gateway protocol network routing service.</summary>
<interface name="zebra_read_config" lineno="14">
<summary>
Read zebra configuration content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="zebra_stream_connect" lineno="36">
<summary>
Connect to zebra with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zebra_admin" lineno="62">
<summary>
All of the rules required to
administrate an zebra environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_zebra_write_config" dftval="false">
<desc>
<p>
Determine whether zebra daemon can
manage its configuration files.
</p>
</desc>
</tunable>
</module>
<module name="zosremote" filename="policy/modules/services/zosremote.if">
<summary>z/OS Remote-services Audit dispatcher plugin.</summary>
<interface name="zosremote_domtrans" lineno="13">
<summary>
Execute a domain transition to run audispd-zos-remote.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zosremote_run" lineno="39">
<summary>
Execute zos remote in the zos remote
domain, and allow the specified role
the zos remote domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
</layer>
<layer name="system">
<summary>
	Policy modules for system functions from init to multi-user login.
</summary>
<module name="application" filename="policy/modules/system/application.if">
<summary>Policy for user executable applications.</summary>
<interface name="application_type" lineno="13">
<summary>
Make the specified type usable as an application domain.
</summary>
<param name="type">
<summary>
Type to be used as a domain type.
</summary>
</param>
</interface>
<interface name="application_executable_file" lineno="36">
<summary>
Make the specified type usable for files
that are executables, such as binary programs.
This does not include shared libraries.
</summary>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
</interface>
<interface name="application_exec" lineno="56">
<summary>
Execute application executables in the caller domain.
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="application_exec_all" lineno="75">
<summary>
Execute all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="application_domain" lineno="110">
<summary>
Create a domain for applications.
</summary>
<desc>
<p>
Create a domain for applications.  Typically these are
programs that are run interactively.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
</desc>
<param name="domain">
<summary>
Type to be used as an application domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="application_signull" lineno="126">
<summary>
Send null signals to all application domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="application_dontaudit_signull" lineno="145">
<summary>
Do not audit attempts to send null signals
to all application domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="application_signal" lineno="163">
<summary>
Send general signals to all application domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="application_dontaudit_signal" lineno="182">
<summary>
Do not audit attempts to send general signals
to all application domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="application_dontaudit_sigkill" lineno="201">
<summary>
Do not audit attempts to send kill signals
to all application domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="authlogin" filename="policy/modules/system/authlogin.if">
<summary>Common policy for authentication and user login.</summary>
<interface name="auth_role" lineno="18">
<summary>
Role access for password authentication.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_use_pam" lineno="43">
<summary>
Use PAM for authentication.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_use_pam_systemd" lineno="92">
<summary>
Use the pam module systemd during authentication.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_use_pam_motd_dynamic" lineno="110">
<summary>
Use the pam module motd with dynamic support during authentication.
This module comes from Ubuntu (https://bugs.launchpad.net/ubuntu/+source/pam/+bug/399071)
and was added to Debian (https://sources.debian.org/src/pam/1.3.1-5/debian/patches-applied/update-motd/)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_login_pgm_domain" lineno="134">
<summary>
Make the specified domain used for a login program.
</summary>
<param name="domain">
<summary>
Domain type used for a login program domain.
</summary>
</param>
</interface>
<interface name="auth_login_entry_type" lineno="221">
<summary>
Use the login program as an entry point program.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_login_program" lineno="244">
<summary>
Execute a login_program in the target domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the login_program process.
</summary>
</param>
</interface>
<interface name="auth_ranged_domtrans_login_program" lineno="274">
<summary>
Execute a login_program in the target domain,
with a range transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the login_program process.
</summary>
</param>
<param name="range">
<summary>
Range of the login program.
</summary>
</param>
</interface>
<interface name="auth_search_cache" lineno="300">
<summary>
Search authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_cache" lineno="318">
<summary>
Read authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_cache" lineno="336">
<summary>
Read/Write authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_cache" lineno="354">
<summary>
Manage authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_var_filetrans_cache" lineno="373">
<summary>
Automatic transition from cache_t to cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_chk_passwd" lineno="391">
<summary>
Run unix_chkpwd to check a password.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_domtrans_chkpwd" lineno="439">
<summary>
Run unix_chkpwd to check a password.
Stripped down version to be called within boolean
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_run_chk_passwd" lineno="465">
<summary>
Execute chkpwd programs in the chkpwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the chkpwd domain.
</summary>
</param>
</interface>
<interface name="auth_domtrans_upd_passwd" lineno="484">
<summary>
Execute a domain transition to run unix_update.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_run_upd_passwd" lineno="509">
<summary>
Execute updpwd programs in the updpwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the updpwd domain.
</summary>
</param>
</interface>
<interface name="auth_getattr_shadow" lineno="528">
<summary>
Get the attributes of the shadow passwords file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_getattr_shadow" lineno="548">
<summary>
Do not audit attempts to get the attributes
of the shadow passwords file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_read_shadow" lineno="570">
<summary>
Read the shadow passwords file (/etc/shadow)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_map_shadow" lineno="585">
<summary>
Map the shadow passwords file (/etc/shadow)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_can_read_shadow_passwords" lineno="611">
<summary>
Pass shadow assertion for reading.
</summary>
<desc>
<p>
Pass shadow assertion for reading.
This should only be used with
auth_tunable_read_shadow(), and
only exists because typeattribute
does not work in conditionals.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_tunable_read_shadow" lineno="637">
<summary>
Read the shadow password file.
</summary>
<desc>
<p>
Read the shadow password file.  This
should only be used in a conditional;
it does not pass the reading shadow
assertion.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_read_shadow" lineno="657">
<summary>
Do not audit attempts to read the shadow
password file (/etc/shadow).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_rw_shadow" lineno="675">
<summary>
Read and write the shadow password file (/etc/shadow).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_shadow" lineno="697">
<summary>
Create, read, write, and delete the shadow
password file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_etc_filetrans_shadow" lineno="722">
<summary>
Automatic transition from etc to shadow.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="auth_relabelto_shadow" lineno="741">
<summary>
Relabel to the shadow
password file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabel_shadow" lineno="763">
<summary>
Relabel from and to the shadow
password file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_append_faillog" lineno="784">
<summary>
Append to the login failure log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_create_faillog_files" lineno="803">
<summary>
Create fail log lock (in /run/faillock).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_faillog" lineno="821">
<summary>
Read and write the login failure log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_faillog" lineno="840">
<summary>
Manage the login failure logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_setattr_faillog_files" lineno="859">
<summary>
Setattr the login failure logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_lastlog" lineno="878">
<summary>
Read the last logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_append_lastlog" lineno="897">
<summary>
Append only to the last logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabel_lastlog" lineno="916">
<summary>
relabel the last logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_lastlog" lineno="935">
<summary>
Read and write to the last logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_lastlog" lineno="954">
<summary>
Manage the last logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_pam" lineno="973">
<summary>
Execute pam programs in the pam domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_signal_pam" lineno="991">
<summary>
Send generic signals to pam processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_run_pam" lineno="1014">
<summary>
Execute pam programs in the PAM domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the PAM domain.
</summary>
</param>
</interface>
<interface name="auth_exec_pam" lineno="1033">
<summary>
Execute the pam program.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_var_auth" lineno="1052">
<summary>
Read var auth files. Used by various other applications
and pam applets etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_var_auth" lineno="1072">
<summary>
Read and write var auth files. Used by various other applications
and pam applets etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_var_auth" lineno="1092">
<summary>
Manage var auth files. Used by various other applications
and pam applets etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_pam_pid" lineno="1113">
<summary>
Read PAM PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_read_pam_pid" lineno="1128">
<summary>
Do not audit attempts to read PAM PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_pid_filetrans_pam_var_run" lineno="1156">
<summary>
Create specified objects in
pid directories with the pam var
run file type using a
file type transition.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="auth_delete_pam_pid" lineno="1171">
<summary>
Delete pam PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_pam_pid" lineno="1186">
<summary>
Manage pam PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_pam_runtime_dirs" lineno="1202">
<summary>
Manage pam runtime dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_runtime_filetrans_pam_runtime" lineno="1233">
<summary>
Create specified objects in
pid directories with the pam runtime
file type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="auth_read_pam_runtime_files" lineno="1251">
<summary>
Read PAM runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_read_pam_runtime_files" lineno="1271">
<summary>
Do not audit attempts to read PAM runtime files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_delete_pam_runtime_files" lineno="1289">
<summary>
Delete pam runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_pam_runtime_files" lineno="1308">
<summary>
Create, read, write, and delete pam runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_pam_console" lineno="1327">
<summary>
Execute pam_console with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_search_pam_console_data" lineno="1346">
<summary>
Search the contents of the
pam_console data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_list_pam_console_data" lineno="1366">
<summary>
List the contents of the pam_console
data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_create_pam_console_data_dirs" lineno="1385">
<summary>
Create pam var console pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabel_pam_console_data_dirs" lineno="1404">
<summary>
Relabel pam_console data directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_pam_console_data" lineno="1422">
<summary>
Read pam_console data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_pam_console_data" lineno="1443">
<summary>
Create, read, write, and delete
pam_console data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_delete_pam_console_data" lineno="1463">
<summary>
Delete pam_console data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_pid_filetrans_pam_var_console" lineno="1496">
<summary>
Create specified objects in
pid directories with the pam var
console pid file type using a
file type transition.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="auth_runtime_filetrans_pam_var_console" lineno="1524">
<summary>
Create specified objects in generic
runtime directories with the pam var
console runtime file type using a
file type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="auth_domtrans_utempter" lineno="1542">
<summary>
Execute utempter programs in the utempter domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_run_utempter" lineno="1565">
<summary>
Execute utempter programs in the utempter domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the utempter domain.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_exec_utempter" lineno="1584">
<summary>
Do not audit attempts to execute utempter executable.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_setattr_login_records" lineno="1602">
<summary>
Set the attributes of login record files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_login_records" lineno="1622">
<summary>
Read login records files (/var/log/wtmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_dontaudit_read_login_records" lineno="1643">
<summary>
Do not audit attempts to read login records
files (/var/log/wtmp).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_dontaudit_write_login_records" lineno="1662">
<summary>
Do not audit attempts to write to
login records files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_append_login_records" lineno="1680">
<summary>
Append to login records (wtmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_write_login_records" lineno="1699">
<summary>
Write to login records (wtmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_login_records" lineno="1717">
<summary>
Read and write login records.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_log_filetrans_login_records" lineno="1737">
<summary>
Create a login records in the log directory
using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_login_records" lineno="1756">
<summary>
Create, read, write, and delete login
records files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabel_login_records" lineno="1775">
<summary>
Relabel login record files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_use_nsswitch" lineno="1803">
<summary>
Use nsswitch to look up user, password, group, or
host information.
</summary>
<desc>
<p>
Allow the specified domain to look up user, password,
group, or host information using the name service.
The most common use of this interface is for services
that do host name resolution (usually DNS resolution).
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="auth_unconfined" lineno="1831">
<summary>
Unconfined access to the authlogin module.
</summary>
<desc>
<p>
Unconfined access to the authlogin module.
</p>
<p>
Currently, this only allows assertions for
the shadow passwords file (/etc/shadow) to
be passed.  No access is granted yet.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="authlogin_nsswitch_use_ldap" dftval="false">
<desc>
<p>
Allow users to resolve user passwd entries directly from ldap rather then using a sssd server
</p>
</desc>
</tunable>
</module>
<module name="clock" filename="policy/modules/system/clock.if">
<summary>Policy for reading and setting the hardware clock.</summary>
<interface name="clock_domtrans" lineno="13">
<summary>
Execute hwclock in the clock domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clock_run" lineno="38">
<summary>
Execute hwclock in the clock domain, and
allow the specified role the hwclock domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="clock_exec" lineno="57">
<summary>
Execute hwclock in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clock_read_adjtime" lineno="75">
<summary>
Read clock drift adjustments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clock_dontaudit_write_adjtime" lineno="94">
<summary>
Do not audit attempts to write clock drift adjustments.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="clock_rw_adjtime" lineno="112">
<summary>
Read and write clock drift adjustments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="daemontools" filename="policy/modules/system/daemontools.if">
<summary>Collection of tools for managing UNIX services.</summary>
<interface name="daemontools_ipc_domain" lineno="14">
<summary>
An ipc channel between the
supervised domain and svc_start_t.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="daemontools_service_domain" lineno="41">
<summary>
Create a domain which can be
started by daemontools.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entrypoint">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="daemontools_domtrans_start" lineno="64">
<summary>
Execute svc start in the svc
start domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="daemonstools_run_start" lineno="91">
<summary>
Execute svc start in the svc
start domain, and allow the
specified role the svc start domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="daemontools_domtrans_run" lineno="110">
<summary>
Execute avc run in the svc run domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="daemontools_sigchld_run" lineno="130">
<summary>
Send child terminated signals
to svc run.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="daemontools_domtrans_multilog" lineno="149">
<summary>
Execute avc multilog in the svc
multilog domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="daemontools_search_svc_dir" lineno="168">
<summary>
Search svc svc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="daemontools_read_svc" lineno="188">
<summary>
Read svc avc files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="daemontools_manage_svc" lineno="210">
<summary>
Create, read, write and delete
svc svc content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="fstools" filename="policy/modules/system/fstools.if">
<summary>Tools for filesystem management, such as mkfs and fsck.</summary>
<interface name="fstools_domtrans" lineno="13">
<summary>
Execute fs tools in the fstools domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fstools_run" lineno="39">
<summary>
Execute fs tools in the fstools domain, and
allow the specified role the fs tools domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fstools_exec" lineno="58">
<summary>
Execute fsadm in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_signal" lineno="76">
<summary>
Send signal to fsadm process
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_use_fds" lineno="94">
<summary>
Inherit fstools file descriptors.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="fstools_read_pipes" lineno="112">
<summary>
Read fstools unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_relabelto_entry_files" lineno="131">
<summary>
Relabel a file to the type used by the
filesystem tools programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_manage_entry_files" lineno="150">
<summary>
Create, read, write, and delete a file used by the
filesystem tools programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_write_log" lineno="168">
<summary>
Write to fsadm_log_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_manage_runtime_files" lineno="187">
<summary>
Create, read, write, and delete filesystem tools
runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_getattr_swap_files" lineno="205">
<summary>
Getattr swapfile
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_dontaudit_getattr_swap_files" lineno="223">
<summary>
Ignore access to a swapfile.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fstools_relabelto_swap_files" lineno="241">
<summary>
Relabel to swapfile.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_manage_swap_files" lineno="259">
<summary>
Manage swapfile.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="getty" filename="policy/modules/system/getty.if">
<summary>Manages physical or virtual terminals.</summary>
<interface name="getty_domtrans" lineno="13">
<summary>
Execute gettys in the getty domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="getty_use_fds" lineno="32">
<summary>
Inherit and use getty file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="getty_read_log" lineno="51">
<summary>
Allow process to read getty log file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="getty_read_config" lineno="71">
<summary>
Allow process to read getty config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="getty_rw_config" lineno="91">
<summary>
Allow process to edit getty config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="hostname" filename="policy/modules/system/hostname.if">
<summary>Policy for changing the system host name.</summary>
<interface name="hostname_domtrans" lineno="13">
<summary>
Execute hostname in the hostname domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hostname_run" lineno="38">
<summary>
Execute hostname in the hostname domain, and
allow the specified role the hostname domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="hostname_exec" lineno="58">
<summary>
Execute hostname in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="init" filename="policy/modules/system/init.if">
<summary>System initialization programs (init and init scripts).</summary>
<interface name="init_mountpoint" lineno="17">
<summary>
Make the specified type usable as a mountpoint.
</summary>
<desc>
Make the specified type usable as a mountpoint.
This is normally used for systemd BindPaths options.
</desc>
<param name="file_type">
<summary>
Type to be used as a mountpoint.
</summary>
</param>
</interface>
<interface name="init_path_unit_location_file" lineno="35">
<summary>
Create a file type monitored by a systemd path unit.
</summary>
<param name="script_file">
<summary>
Type to be used for a path unit monitored location.
</summary>
</param>
</interface>
<interface name="init_script_file" lineno="73">
<summary>
Create a file type used for init scripts.
</summary>
<desc>
<p>
Create a file type used for init scripts.  It can not be
used in conjunction with init_script_domain(). These
script files are typically stored in the /etc/init.d directory.
</p>
<p>
Typically this is used to constrain what services an
admin can start/stop.  For example, a policy writer may want
to constrain a web administrator to only being able to
restart the web server, not other services.  This special type
will help address that goal.
</p>
<p>
This also makes the type usable for files; thus an
explicit call to files_type() is redundant.
</p>
</desc>
<param name="script_file">
<summary>
Type to be used for a script file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="init_unit_file" lineno="97">
<summary>
Make the specified type usable for
systemd unit files.
</summary>
<param name="type">
<summary>
Type to be used for systemd unit files.
</summary>
</param>
</interface>
<interface name="init_script_domain" lineno="128">
<summary>
Create a domain used for init scripts.
</summary>
<desc>
<p>
Create a domain used for init scripts.
Can not be used in conjunction with
init_script_file().
</p>
</desc>
<param name="domain">
<summary>
Type to be used as an init script domain.
</summary>
</param>
<param name="script_file">
<summary>
Type of the script file used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="init_domain" lineno="170">
<summary>
Create a domain which can be started by init.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="init_ranged_domain" lineno="217">
<summary>
Create a domain which can be started by init,
with a range transition.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
</interface>
<interface name="init_spec_daemon_domain" lineno="258">
<summary>
Setup a domain which can be manually transitioned to from init.
</summary>
<desc>
<p>
Create a domain used for systemd services where the SELinuxContext
option is specified in the .service file.  This allows for the
manual transition from systemd into the new domain.  This is used
when automatic transitions won't work.  Used for the case where the
same binary is used for multiple target domains.
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program being executed when starting this domain.
</summary>
</param>
</interface>
<interface name="init_daemon_domain" lineno="331">
<summary>
Create a domain for long running processes
(daemons/services) which are started by init scripts.
</summary>
<desc>
<p>
Create a domain for long running processes (daemons/services)
which are started by init scripts. Short running processes
should use the init_system_domain() interface instead.
Typically all long running processes started by an init
script (usually in /etc/init.d) will need to use this
interface.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the process must also run in a specific MLS/MCS level,
the init_ranged_daemon_domain() should be used instead.
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a daemon domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_ranged_daemon_domain" lineno="419">
<summary>
Create a domain for long running processes
(daemons/services) which are started by init scripts,
running at a specified MLS/MCS range.
</summary>
<desc>
<p>
Create a domain for long running processes (daemons/services)
which are started by init scripts, running at a specified
MLS/MCS range. Short running processes
should use the init_ranged_system_domain() interface instead.
Typically all long running processes started by an init
script (usually in /etc/init.d) will need to use this
interface if they need to run in a specific MLS/MCS range.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the policy build option TYPE is standard (MLS and MCS disabled),
this interface has the same behavior as init_daemon_domain().
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a daemon domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="range">
<summary>
MLS/MCS range for the domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_abstract_socket_activation" lineno="450">
<summary>
Abstract socket service activation (systemd).
</summary>
<param name="domain">
<summary>
The domain to be started by systemd socket activation.
</summary>
</param>
</interface>
<interface name="init_named_socket_activation" lineno="475">
<summary>
Named socket service activation (systemd).
</summary>
<param name="domain">
<summary>
The domain to be started by systemd socket activation.
</summary>
</param>
<param name="sock_file">
<summary>
The domain socket file type.
</summary>
</param>
</interface>
<interface name="init_system_domain" lineno="526">
<summary>
Create a domain for short running processes
which are started by init scripts.
</summary>
<desc>
<p>
Create a domain for short running processes
which are started by init scripts. These are generally applications that
are used to initialize the system during boot.
Long running processes, such as daemons/services
should use the init_daemon_domain() interface instead.
Typically all short running processes started by an init
script (usually in /etc/init.d) will need to use this
interface.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the process must also run in a specific MLS/MCS level,
the init_ranged_system_domain() should be used instead.
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a system domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_ranged_system_domain" lineno="588">
<summary>
Create a domain for short running processes
which are started by init scripts.
</summary>
<desc>
<p>
Create a domain for long running processes (daemons/services)
which are started by init scripts.
These are generally applications that
are used to initialize the system during boot.
Long running processes
should use the init_ranged_system_domain() interface instead.
Typically all short running processes started by an init
script (usually in /etc/init.d) will need to use this
interface if they need to run in a specific MLS/MCS range.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the policy build option TYPE is standard (MLS and MCS disabled),
this interface has the same behavior as init_system_domain().
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a system domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_dyntrans" lineno="619">
<summary>
Allow domain dyntransition to init_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="init_daemon_pid_file" lineno="648">
<summary>
Mark the file type as a daemon pid file, allowing initrc_t
to create it  (Deprecated)
</summary>
<param name="filetype">
<summary>
Type to mark as a daemon pid file
</summary>
</param>
<param name="class">
<summary>
Class on which the type is applied
</summary>
</param>
<param name="filename">
<summary>
Filename of the file that the init script creates
</summary>
</param>
</interface>
<interface name="init_daemon_runtime_file" lineno="675">
<summary>
Mark the file type as a daemon runtime file, allowing initrc_t
to create it
</summary>
<param name="filetype">
<summary>
Type to mark as a daemon pid file
</summary>
</param>
<param name="class">
<summary>
Class on which the type is applied
</summary>
</param>
<param name="filename">
<summary>
Filename of the file that the init script creates
</summary>
</param>
</interface>
<interface name="init_daemon_lock_file" lineno="708">
<summary>
Mark the file type as a daemon lock file, allowing initrc_t
to create it
</summary>
<param name="filetype">
<summary>
Type to mark as a daemon lock file
</summary>
</param>
<param name="class">
<summary>
Class on which the type is applied
</summary>
</param>
<param name="filename">
<summary>
Filename of the file that the init script creates
</summary>
</param>
</interface>
<interface name="init_domtrans" lineno="730">
<summary>
Execute init (/sbin/init) with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="init_pgm_spec_user_daemon_domain" lineno="754">
<summary>
Execute init (/sbin/init) with a domain transition
to the provided domain.
</summary>
<desc>
Execute init (/sbin/init) with a domain transition
to the provided domain.  This is used by systemd
to execute the systemd user session.
</desc>
<param name="domain">
<summary>
The type to be used as a systemd --user domain.
</summary>
</param>
</interface>
<interface name="init_exec" lineno="782">
<summary>
Execute the init program in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_pgm_entrypoint" lineno="803">
<summary>
Allow the init program to be an entrypoint
for the specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_exec_rc" lineno="832">
<summary>
Execute the rc application in the caller domain.
</summary>
<desc>
<p>
This is only applicable to Gentoo or distributions that use the OpenRC
init system.
</p>
<p>
The OpenRC /sbin/rc binary is used for both init scripts as well as
management applications and tools. When used for management purposes,
calling /sbin/rc should never cause a transition to initrc_t.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getpgid" lineno="851">
<summary>
Get the process group of init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signal" lineno="869">
<summary>
Send init a generic signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signull" lineno="887">
<summary>
Send init a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_sigchld" lineno="905">
<summary>
Send init a SIGCHLD signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stream_connect" lineno="923">
<summary>
Connect to init with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_unix_stream_socket_connectto" lineno="944">
<summary>
Connect to init with a unix socket.
Without any additional permissions.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_use_fds" lineno="1002">
<summary>
Inherit and use file descriptors from init.
</summary>
<desc>
<p>
Allow the specified domain to inherit file
descriptors from the init program (process ID 1).
Typically the only file descriptors to be
inherited from init are for the console.
This does not allow the domain any access to
the object to which the file descriptors references.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>init_dontaudit_use_fds()</li>
<li>term_dontaudit_use_console()</li>
<li>term_use_console()</li>
</ul>
<p>
Example usage:
</p>
<p>
init_use_fds(mydomain_t)
term_use_console(mydomain_t)
</p>
<p>
Normally, processes that can inherit these file
descriptors (usually services) write messages to the
system log instead of writing to the console.
Therefore, in many cases, this access should
dontaudited instead.
</p>
<p>
Example dontaudit usage:
</p>
<p>
init_dontaudit_use_fds(mydomain_t)
term_dontaudit_use_console(mydomain_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="init_dontaudit_use_fds" lineno="1021">
<summary>
Do not audit attempts to inherit file
descriptors from init.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_dgram_send" lineno="1040">
<summary>
Send messages to init unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_rw_inherited_stream_socket" lineno="1060">
<summary>
Read and write to inherited init unix streams.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_stream_sockets" lineno="1079">
<summary>
Allow the specified domain to read/write to
init with unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_start_system" lineno="1097">
<summary>
start service (systemd).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stop_system" lineno="1115">
<summary>
stop service (systemd).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_get_system_status" lineno="1133">
<summary>
Get all service status (systemd).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_enable" lineno="1151">
<summary>
Enable all systemd services (systemd).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_disable" lineno="1169">
<summary>
Disable all services (systemd).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_reload" lineno="1187">
<summary>
Reload all services (systemd).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_reboot_system" lineno="1205">
<summary>
Reboot the system (systemd).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_shutdown_system" lineno="1223">
<summary>
Shutdown (halt) the system (systemd).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_service_status" lineno="1241">
<summary>
Allow specified domain to get init status
</summary>
<param name="domain">
<summary>
Domain to allow access.
</summary>
</param>
</interface>
<interface name="init_service_start" lineno="1260">
<summary>
Allow specified domain to get init start
</summary>
<param name="domain">
<summary>
Domain to allow access.
</summary>
</param>
</interface>
<interface name="init_dbus_chat" lineno="1280">
<summary>
Send and receive messages from
systemd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_var_lib_links" lineno="1300">
<summary>
read/follow symlinks under /var/lib/systemd/
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_list_var_lib_dirs" lineno="1319">
<summary>
List /var/lib/systemd/ dir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_relabel_var_lib_dirs" lineno="1337">
<summary>
Relabel dirs in /var/lib/systemd/.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_var_lib_files" lineno="1355">
<summary>
Manage files in /var/lib/systemd/.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_var_lib_filetrans" lineno="1390">
<summary>
Create files in /var/lib/systemd
with an automatic type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="type">
<summary>
The type of object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="init_search_pids" lineno="1409">
<summary>
Allow search  directory in the /run/systemd directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_list_pids" lineno="1424">
<summary>
Allow listing of the /run/systemd directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_pid_symlinks" lineno="1439">
<summary>
Create symbolic links in the /run/systemd directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_create_pid_files" lineno="1454">
<summary>
Create files in the /run/systemd directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_write_pid_files" lineno="1469">
<summary>
Write files in the /run/systemd directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_pid_dirs" lineno="1485">
<summary>
Create, read, write, and delete
directories in the /run/systemd directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_pid_filetrans" lineno="1515">
<summary>
Create files in an init PID directory.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="init_search_runtime" lineno="1530">
<summary>
Search init runtime directories, e.g. /run/systemd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_list_runtime" lineno="1548">
<summary>
List init runtime directories, e.g. /run/systemd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_runtime_dirs" lineno="1568">
<summary>
Create, read, write, and delete
directories in the /run/systemd directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_runtime_filetrans" lineno="1601">
<summary>
Create files in an init runtime directory with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="init_write_runtime_files" lineno="1620">
<summary>
Write init runtime files, e.g. in /run/systemd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_create_runtime_files" lineno="1638">
<summary>
Create init runtime files, e.g. in /run/systemd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_runtime_symlinks" lineno="1656">
<summary>
Create init runtime symbolic links, e.g. in /run/systemd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_initctl" lineno="1674">
<summary>
Get the attributes of initctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_getattr_initctl" lineno="1695">
<summary>
Do not audit attempts to get the
attributes of initctl.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_write_initctl" lineno="1713">
<summary>
Write to initctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_telinit" lineno="1734">
<summary>
Use telinit (Read and write initctl).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_rw_initctl" lineno="1767">
<summary>
Read and write initctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_rw_initctl" lineno="1788">
<summary>
Do not audit attempts to read and
write initctl.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_script_file_entry_type" lineno="1807">
<summary>
Make init scripts an entry point for
the specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_spec_domtrans_script" lineno="1825">
<summary>
Execute init scripts with a specified domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="init_domtrans_script" lineno="1860">
<summary>
Execute init scripts with an automatic domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="init_domtrans_labeled_script" lineno="1887">
<summary>
Execute labelled init scripts with an automatic domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="init_script_file_domtrans" lineno="1933">
<summary>
Execute a init script in a specified domain.
</summary>
<desc>
<p>
Execute a init script in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="init_kill_scripts" lineno="1952">
<summary>
Send a kill signal to init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_script_service" lineno="1970">
<summary>
Allow manage service for initrc_exec_t scripts
</summary>
<param name="domain">
<summary>
Target domain
</summary>
</param>
</interface>
<interface name="init_labeled_script_domtrans" lineno="1995">
<summary>
Transition to the init script domain
on a specified labeled init script.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="init_script_file">
<summary>
Labeled init script file.
</summary>
</param>
</interface>
<interface name="init_all_labeled_script_domtrans" lineno="2017">
<summary>
Transition to the init script domain
for all labeled init script types
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="init_get_script_status" lineno="2035">
<summary>
Allow getting service status of initrc_exec_t scripts
</summary>
<param name="domain">
<summary>
Target domain
</summary>
</param>
</interface>
<interface name="init_startstop_service" lineno="2075">
<summary>
Allow the role to start and stop
labeled services.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to be performing this action.
</summary>
</param>
<param name="domain">
<summary>
Type to be used as a daemon domain.
</summary>
</param>
<param name="init_script_file">
<summary>
Labeled init script file.
</summary>
</param>
<param name="unit" optional="true">
<summary>
Systemd unit file type.
</summary>
</param>
</interface>
<interface name="init_run_daemon" lineno="2131">
<summary>
Start and stop daemon programs directly.
</summary>
<desc>
<p>
Start and stop daemon programs directly
in the traditional "/etc/init.d/daemon start"
style, and do not require run_init.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be performing this action.
</summary>
</param>
</interface>
<interface name="init_startstop_all_script_services" lineno="2153">
<summary>
Start and stop init_script_file_type services
</summary>
<param name="domain">
<summary>
domain that can start and stop the services
</summary>
</param>
</interface>
<interface name="init_read_state" lineno="2172">
<summary>
Read the process state (/proc/pid) of init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_read_state" lineno="2192">
<summary>
Dontaudit read the process state (/proc/pid) of init.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_ptrace" lineno="2213">
<summary>
Ptrace init
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_getattr" lineno="2232">
<summary>
get init process stats
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_write_script_pipes" lineno="2250">
<summary>
Write an init script unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_script_files" lineno="2268">
<summary>
Get the attribute of init script entrypoint files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_script_files" lineno="2287">
<summary>
Read init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_exec_script_files" lineno="2306">
<summary>
Execute init scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_all_script_files" lineno="2325">
<summary>
Get the attribute of all init script entrypoint files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_all_script_files" lineno="2344">
<summary>
Read all init script files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_read_all_script_files" lineno="2363">
<summary>
Dontaudit read all init script files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_exec_all_script_files" lineno="2381">
<summary>
Execute all init scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_script_state" lineno="2400">
<summary>
Read the process state (/proc/pid) of the init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_use_script_fds" lineno="2419">
<summary>
Inherit and use init script file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_use_script_fds" lineno="2438">
<summary>
Do not audit attempts to inherit
init script file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_search_script_keys" lineno="2456">
<summary>
Search init script keys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getpgid_script" lineno="2474">
<summary>
Get the process group ID of init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_sigchld_script" lineno="2492">
<summary>
Send SIGCHLD signals to init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signal_script" lineno="2510">
<summary>
Send generic signals to init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signull_script" lineno="2528">
<summary>
Send null signals to init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_script_pipes" lineno="2546">
<summary>
Read and write init script unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stream_connect_script" lineno="2565">
<summary>
Allow the specified domain to connect to
init scripts with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_script_stream_sockets" lineno="2584">
<summary>
Allow the specified domain to read/write to
init scripts with a unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_stream_connect_script" lineno="2603">
<summary>
Dont audit the specified domain connecting to
init scripts with a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_dbus_send_script" lineno="2620">
<summary>
Send messages to init scripts over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dbus_chat_script" lineno="2640">
<summary>
Send and receive messages from
init scripts over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_use_script_ptys" lineno="2669">
<summary>
Read and write the init script pty.
</summary>
<desc>
<p>
Read and write the init script pty.  This
pty is generally opened by the open_init_pty
portion of the run_init program so that the
daemon does not require direct access to
the administrator terminal.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_use_inherited_script_ptys" lineno="2688">
<summary>
Read and write inherited init script ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_use_script_ptys" lineno="2710">
<summary>
Do not audit attempts to read and
write the init script pty.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_getattr_script_status_files" lineno="2729">
<summary>
Get the attributes of init script
status files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_read_script_status_files" lineno="2748">
<summary>
Do not audit attempts to read init script
status files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_search_run" lineno="2767">
<summary>
Search the /run/systemd directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_script_tmp_files" lineno="2786">
<summary>
Read init script temporary data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_inherited_script_tmp_files" lineno="2805">
<summary>
Read and write init script inherited temporary data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_script_tmp_files" lineno="2823">
<summary>
Read and write init script temporary data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_script_tmp_filetrans" lineno="2858">
<summary>
Create files in a init script
temporary data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="init_getattr_utmp" lineno="2877">
<summary>
Get the attributes of init script process id files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_utmp" lineno="2895">
<summary>
Read utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_write_utmp" lineno="2914">
<summary>
Do not audit attempts to write utmp.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_write_utmp" lineno="2932">
<summary>
Write to utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_lock_utmp" lineno="2952">
<summary>
Do not audit attempts to lock
init script pid files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_rw_utmp" lineno="2970">
<summary>
Read and write utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_rw_utmp" lineno="2989">
<summary>
Do not audit attempts to read and write utmp.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_manage_utmp" lineno="3007">
<summary>
Create, read, write, and delete utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_relabel_utmp" lineno="3026">
<summary>
Relabel utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_watch_utmp" lineno="3044">
<summary>
Watch utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_runtime_filetrans_utmp" lineno="3063">
<summary>
Create files in /var/run with the
utmp file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_create_runtime_dirs" lineno="3081">
<summary>
Create a directory in the /run/systemd directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_runtime_files" lineno="3100">
<summary>
Read init_runtime_t files
</summary>
<param name="domain">
<summary>
domain
</summary>
</param>
</interface>
<interface name="init_rename_runtime_files" lineno="3118">
<summary>
Rename init_runtime_t files
</summary>
<param name="domain">
<summary>
domain
</summary>
</param>
</interface>
<interface name="init_setattr_runtime_files" lineno="3136">
<summary>
Setattr init_runtime_t files
</summary>
<param name="domain">
<summary>
domain
</summary>
</param>
</interface>
<interface name="init_delete_runtime_files" lineno="3154">
<summary>
Delete init_runtime_t files
</summary>
<param name="domain">
<summary>
domain
</summary>
</param>
</interface>
<interface name="init_write_runtime_socket" lineno="3173">
<summary>
Allow the specified domain to write to
init sock file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_runtime_pipes" lineno="3191">
<summary>
Read init unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_runtime_symlinks" lineno="3209">
<summary>
read systemd unit symlinks (usually under /run/systemd/units/)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_tcp_recvfrom_all_daemons" lineno="3227">
<summary>
Allow the specified domain to connect to daemon with a tcp socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_udp_recvfrom_all_daemons" lineno="3245">
<summary>
Allow the specified domain to connect to daemon with a udp socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_search_units" lineno="3262">
<summary>
Search systemd unit dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_list_unit_dirs" lineno="3287">
<summary>
List systemd unit dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_restart_units" lineno="3307">
<summary>
restart systemd units, for /run/systemd/transient/*
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_generic_units_files" lineno="3325">
<summary>
Read systemd unit files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_generic_units_symlinks" lineno="3343">
<summary>
Read systemd unit links
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_get_generic_units_status" lineno="3361">
<summary>
Get status of generic systemd units.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_start_generic_units" lineno="3380">
<summary>
Start generic systemd units.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stop_generic_units" lineno="3399">
<summary>
Stop generic systemd units.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_reload_generic_units" lineno="3418">
<summary>
Reload generic systemd units.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_get_all_units_status" lineno="3437">
<summary>
Get status of all systemd units.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_all_units" lineno="3456">
<summary>
All perms on all systemd units.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_start_all_units" lineno="3476">
<summary>
Start all systemd units.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stop_all_units" lineno="3495">
<summary>
Stop all systemd units.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_reload_all_units" lineno="3514">
<summary>
Reload all systemd units.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_all_units" lineno="3533">
<summary>
getattr all systemd unit files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_all_unit_files" lineno="3551">
<summary>
Manage systemd unit dirs and the files in them
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_linkable_keyring" lineno="3572">
<summary>
Associate the specified domain to be a domain whose
keyring init should be allowed to link.
</summary>
<param name="domain">
<summary>
Domain whose keyring init should be allowed to link.
</summary>
</param>
</interface>
<interface name="init_getattr_all_unit_files" lineno="3590">
<summary>
stat systemd unit files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_admin" lineno="3608">
<summary>
Allow unconfined access to send instructions to init
</summary>
<param name="domain">
<summary>
Target domain
</summary>
</param>
</interface>
<interface name="init_getrlimit" lineno="3640">
<summary>
Allow getting init_t rlimit
</summary>
<param name="domain">
<summary>
Source domain
</summary>
</param>
</interface>
<interface name="init_search_keys" lineno="3658">
<summary>
Allow searching init_t keys
</summary>
<param name="domain">
<summary>
Source domain
</summary>
</param>
</interface>
<tunable name="init_upstart" dftval="false">
<desc>
<p>
Enable support for upstart as the init program.
</p>
</desc>
</tunable>
<tunable name="init_daemons_use_tty" dftval="false">
<desc>
<p>
Allow all daemons the ability to read/write terminals
</p>
</desc>
</tunable>
<tunable name="init_mounton_non_security" dftval="false">
<desc>
<p>
Enable systemd to mount on all non-security files.
</p>
</desc>
</tunable>
</module>
<module name="ipsec" filename="policy/modules/system/ipsec.if">
<summary>TCP/IP encryption</summary>
<interface name="ipsec_domtrans" lineno="13">
<summary>
Execute ipsec in the ipsec domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ipsec_stream_connect" lineno="31">
<summary>
Connect to IPSEC using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_domtrans_mgmt" lineno="50">
<summary>
Execute ipsec in the ipsec mgmt domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_stream_connect_racoon" lineno="68">
<summary>
Connect to racoon using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_getattr_key_sockets" lineno="87">
<summary>
Get the attributes of an IPSEC key socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_exec_mgmt" lineno="105">
<summary>
Execute the IPSEC management program in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_signal_mgmt" lineno="124">
<summary>
Send ipsec mgmt a general signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_signull_mgmt" lineno="143">
<summary>
Send ipsec mgmt a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_kill_mgmt" lineno="162">
<summary>
Send ipsec mgmt a kill signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_mgmt_dbus_chat" lineno="181">
<summary>
Send and receive messages from
ipsec-mgmt over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_read_config" lineno="202">
<summary>
Read the IPSEC configuration
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ipsec_match_default_spd" lineno="221">
<summary>
Match the default SPD entry.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_setcontext_default_spd" lineno="241">
<summary>
Set the context of a SPD entry to
the default context.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_write_pid" lineno="259">
<summary>
write the ipsec_runtime_t files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_manage_pid" lineno="275">
<summary>
Create, read, write, and delete the IPSEC pid files.
(Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_write_runtime_files" lineno="290">
<summary>
Write ipsec runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_manage_runtime_files" lineno="309">
<summary>
Create, read, write, and delete the IPSEC runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_domtrans_racoon" lineno="328">
<summary>
Execute racoon in the racoon domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ipsec_run_racoon" lineno="352">
<summary>
Execute racoon and allow the specified role the domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ipsec_domtrans_setkey" lineno="371">
<summary>
Execute setkey in the setkey domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ipsec_run_setkey" lineno="395">
<summary>
Execute setkey and allow the specified role the domains.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access..
</summary>
</param>
<rolecap/>
</interface>
<interface name="ipsec_admin" lineno="421">
<summary>
All of the rules required to
administrate an ipsec environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="racoon_read_shadow" dftval="false">
<desc>
<p>
Allow racoon to read shadow
</p>
</desc>
</tunable>
</module>
<module name="iptables" filename="policy/modules/system/iptables.if">
<summary>Administration tool for IP packet filtering and NAT.</summary>
<interface name="iptables_domtrans" lineno="13">
<summary>
Execute iptables in the iptables domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="iptables_run" lineno="43">
<summary>
Execute iptables in the iptables domain, and
allow the specified role the iptables domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="iptables_exec" lineno="62">
<summary>
Execute iptables in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_initrc_domtrans" lineno="82">
<summary>
Execute iptables init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="iptables_setattr_config" lineno="100">
<summary>
Set the attributes of iptables config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_read_config" lineno="119">
<summary>
Read iptables config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_etc_filetrans_config" lineno="140">
<summary>
Create files in /etc with the type used for
the iptables config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_manage_config" lineno="158">
<summary>
Manage iptables config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_dontaudit_read_pids" lineno="177">
<summary>
dontaudit reading iptables_runtime_t  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="iptables_dontaudit_read_runtime_files" lineno="192">
<summary>
Do not audit reading iptables runtime files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="iptables_startstop" lineno="210">
<summary>
Allow specified domain to start and stop iptables service
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_status" lineno="229">
<summary>
Allow specified domain to get status of iptables service
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_admin" lineno="256">
<summary>
All of the rules required to
administrate an iptables
environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="iscsi" filename="policy/modules/system/iscsi.if">
<summary>Establish connections to iSCSI devices.</summary>
<interface name="iscsid_domtrans" lineno="13">
<summary>
Execute a domain transition to run iscsid.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="iscsi_manage_semaphores" lineno="33">
<summary>
Create, read, write, and delete
iscsid sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iscsi_stream_connect" lineno="52">
<summary>
Connect to iscsid using a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iscsi_read_lib_files" lineno="71">
<summary>
Read iscsid lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iscsi_admin" lineno="98">
<summary>
All of the rules required to
administrate an iscsi environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="libraries" filename="policy/modules/system/libraries.if">
<summary>Policy for system libraries.</summary>
<interface name="libs_domtrans_ldconfig" lineno="13">
<summary>
Execute ldconfig in the ldconfig domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="libs_run_ldconfig" lineno="38">
<summary>
Execute ldconfig in the ldconfig domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the ldconfig domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="libs_exec_ldconfig" lineno="58">
<summary>
Execute ldconfig in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="libs_use_ld_so" lineno="78">
<summary>
Use the dynamic link/loader for automatic loading
of shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_legacy_use_ld_so" lineno="103">
<summary>
Use the dynamic link/loader for automatic loading
of shared libraries with legacy support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_exec_ld_so" lineno="123">
<summary>
Execute the dynamic link/loader in the caller's domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_manage_ld_so" lineno="145">
<summary>
Create, read, write, and delete the
dynamic link/loader.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabel_ld_so" lineno="165">
<summary>
Relabel to and from the type used for
the dynamic link/loader.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_rw_ld_so_cache" lineno="184">
<summary>
Modify the dynamic link/loader's cached listing
of shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_search_lib" lineno="203">
<summary>
Search library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_dontaudit_write_lib_dirs" lineno="228">
<summary>
Do not audit attempts to write to library directories.
</summary>
<desc>
<p>
Do not audit attempts to write to library directories.
Typically this is used to quiet attempts to recompile
python byte code.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="libs_manage_lib_dirs" lineno="246">
<summary>
Create, read, write, and delete library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_dontaudit_setattr_lib_files" lineno="264">
<summary>
dontaudit attempts to setattr on library files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="libs_read_lib_files" lineno="283">
<summary>
Read files in the library directories, such
as static libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_exec_lib_files" lineno="304">
<summary>
Execute library scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_manage_lib_files" lineno="327">
<summary>
Create, read, write, and delete generic
files in library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabelto_lib_files" lineno="345">
<summary>
Relabel files to the type used in library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabel_lib_files" lineno="365">
<summary>
Relabel to and from the type used
for generic lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_delete_lib_symlinks" lineno="384">
<summary>
Delete generic symlinks in library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_manage_shared_libs" lineno="403">
<summary>
Create, read, write, and delete shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_use_shared_libs" lineno="421">
<summary>
Load and execute functions from shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_legacy_use_shared_libs" lineno="444">
<summary>
Load and execute functions from shared libraries,
with legacy support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabel_shared_libs" lineno="465">
<summary>
Relabel to and from the type used for
shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_watch_shared_libs_dir" lineno="483">
<summary>
watch lib dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="locallogin" filename="policy/modules/system/locallogin.if">
<summary>Policy for local logins.</summary>
<interface name="locallogin_domtrans" lineno="13">
<summary>
Execute local logins in the local login domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="locallogin_read_state" lineno="35">
<summary>
Allow calling domain to read locallogin state.
</summary>
<param name="domain">
<summary>
Domain allowed permission.
</summary>
</param>
</interface>
<interface name="locallogin_use_fds" lineno="56">
<summary>
Allow processes to inherit local login file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_dontaudit_use_fds" lineno="74">
<summary>
Do not audit attempts to inherit local login file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="locallogin_signull" lineno="92">
<summary>
Send a null signal to local login processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_search_keys" lineno="110">
<summary>
Search for key.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_link_keys" lineno="128">
<summary>
Allow link to the local_login key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_domtrans_sulogin" lineno="146">
<summary>
Execute single-user logins in the single-user login domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="logging" filename="policy/modules/system/logging.if">
<summary>Policy for the kernel message logger and system logging daemon.</summary>
<interface name="logging_log_file" lineno="41">
<summary>
Make the specified type usable for log files
in a filesystem.
</summary>
<desc>
<p>
Make the specified type usable for log files in a filesystem.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a log file type may result in problems with log
rotation, log analysis, and log monitoring programs.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>logging_log_filetrans()</li>
</ul>
<p>
Example usage with a domain that can create
and append to a private log file stored in the
general directories (e.g., /var/log):
</p>
<p>
type mylogfile_t;
logging_log_file(mylogfile_t)
allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
logging_log_filetrans(mydomain_t, mylogfile_t, file)
</p>
</desc>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="logging_send_audit_msgs" lineno="62">
<summary>
Send audit messages.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_send_audit_msgs" lineno="77">
<summary>
dontaudit attempts to send audit messages.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="logging_set_loginuid" lineno="92">
<summary>
Set login uid
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_set_tty_audit" lineno="107">
<summary>
Set tty auditing
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_set_audit_parameters" lineno="121">
<summary>
Set up audit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_read_audit_log" lineno="137">
<summary>
Read the audit log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_domtrans_auditctl" lineno="159">
<summary>
Execute auditctl in the auditctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_run_auditctl" lineno="184">
<summary>
Execute auditctl in the auditctl domain, and
allow the specified role the auditctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_domtrans_auditd" lineno="203">
<summary>
Execute auditd in the auditd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_run_auditd" lineno="227">
<summary>
Execute auditd in the auditd domain, and
allow the specified role the auditd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="logging_domtrans_dispatcher" lineno="246">
<summary>
Execute a domain transition to run the audit dispatcher.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_signal_dispatcher" lineno="264">
<summary>
Signal the audit dispatcher.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dispatcher_domain" lineno="288">
<summary>
Create a domain for processes
which can be started by the system audit dispatcher
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="logging_stream_connect_dispatcher" lineno="316">
<summary>
Connect to the audit dispatcher over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_audit_config" lineno="336">
<summary>
Manage the auditd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_manage_audit_log" lineno="358">
<summary>
Manage the audit log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_domtrans_klog" lineno="380">
<summary>
Execute klogd in the klog domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_check_exec_syslog" lineno="399">
<summary>
Check if syslogd is executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_domtrans_syslog" lineno="418">
<summary>
Execute syslogd in the syslog domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_startstop_syslog" lineno="440">
<summary>
Allow specified domain to start/stop syslog units
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_status_syslog" lineno="459">
<summary>
Allow specified domain to check status of syslog unit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_setattr_syslogd_tmp_files" lineno="479">
<summary>
Set the attributes of syslog temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_audit_socket_activation" lineno="498">
<summary>
Allow the domain to create the audit socket
for syslogd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_relabel_syslogd_tmp_files" lineno="517">
<summary>
Relabel to and from syslog temporary file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_setattr_syslogd_tmp_dirs" lineno="536">
<summary>
Set the attributes of syslog temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_relabel_syslogd_tmp_dirs" lineno="555">
<summary>
Relabel to and from syslog temporary directory type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_log_filetrans" lineno="616">
<summary>
Create an object in the log directory, with a private type.
</summary>
<desc>
<p>
Allow the specified domain to create an object
in the general system log directories (e.g., /var/log)
with a private type.  Typically this is used for creating
private log files in /var/log with the private type instead
of the general system log type. To accomplish this goal,
either the program must be SELinux-aware, or use this interface.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>logging_log_file()</li>
</ul>
<p>
Example usage with a domain that can create
and append to a private log file stored in the
general directories (e.g., /var/log):
</p>
<p>
type mylogfile_t;
logging_log_file(mylogfile_t)
allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
logging_log_filetrans(mydomain_t, mylogfile_t, file)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="logging_send_syslog_msg" lineno="658">
<summary>
Send system log messages.
</summary>
<desc>
<p>
Allow the specified domain to connect to the
system log service (syslog), to send messages be added to
the system logs. Typically this is used by services
that do not have their own log file in /var/log.
</p>
<p>
This does not allow messages to be sent to
the auditing system.
</p>
<p>
Programs which use the libc function syslog() will
require this access.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>logging_send_audit_msgs()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_use_syslogd_fd" lineno="700">
<summary>
Allow domain to use a file descriptor
from syslogd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_relabelto_devlog_sock_files" lineno="719">
<summary>
Allow domain to relabelto devlog sock_files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_create_devlog" lineno="737">
<summary>
Connect to the syslog control unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_read_audit_config" lineno="758">
<summary>
Read the auditd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_dontaudit_search_audit_config" lineno="781">
<summary>
dontaudit search of auditd configuration files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_read_syslog_config" lineno="800">
<summary>
Read syslog configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_watch_runtime_dirs" lineno="818">
<summary>
Watch syslog runtime dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_pid_sockets" lineno="836">
<summary>
Create, read, write, and delete syslog PID sockets.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_runtime_sockets" lineno="851">
<summary>
Create, read, write, and delete syslog PID sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_search_logs" lineno="872">
<summary>
Allows the domain to open a file in the
log directory, but does not allow the listing
of the contents of the log directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_search_logs" lineno="892">
<summary>
Do not audit attempts to search the var log directory.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="logging_list_logs" lineno="910">
<summary>
List the contents of the generic log directory (/var/log).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_rw_generic_log_dirs" lineno="930">
<summary>
Read and write the generic log directory (/var/log).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_search_all_logs" lineno="951">
<summary>
Search through all log dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_setattr_all_log_dirs" lineno="970">
<summary>
Set attributes on all log dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_dontaudit_getattr_all_logs" lineno="989">
<summary>
Do not audit attempts to get the attributes
of any log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="logging_getattr_all_logs" lineno="1007">
<summary>
Read the attributes of any log file
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="logging_append_all_logs" lineno="1025">
<summary>
Append to all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_append_all_inherited_logs" lineno="1046">
<summary>
Append to all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_read_all_logs" lineno="1065">
<summary>
Read all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_exec_all_logs" lineno="1087">
<summary>
Execute all log files in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_rw_all_logs" lineno="1107">
<summary>
read/write to all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_all_logs" lineno="1127">
<summary>
Create, read, write, and delete all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_manage_generic_log_dirs" lineno="1148">
<summary>
Create, read, write, and delete generic log directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_relabel_generic_log_dirs" lineno="1168">
<summary>
Relabel from and to generic log directory type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_read_generic_logs" lineno="1188">
<summary>
Read generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_mmap_generic_logs" lineno="1209">
<summary>
Map generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_write_generic_logs" lineno="1227">
<summary>
Write generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_write_generic_logs" lineno="1248">
<summary>
Dontaudit Write generic log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="logging_rw_generic_logs" lineno="1266">
<summary>
Read and write generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_generic_logs" lineno="1289">
<summary>
Create, read, write, and delete
generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_watch_generic_logs_dir" lineno="1308">
<summary>
Watch generic log dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_admin_audit" lineno="1333">
<summary>
All of the rules required to administrate
the audit environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
User role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_admin_syslog" lineno="1377">
<summary>
All of the rules required to administrate
the syslog environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
User role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_admin" lineno="1433">
<summary>
All of the rules required to administrate
the logging environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
User role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_mmap_journal" lineno="1448">
<summary>
Map files in /run/log/journal/ directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="lvm" filename="policy/modules/system/lvm.if">
<summary>Policy for logical volume management programs.</summary>
<interface name="lvm_domtrans" lineno="13">
<summary>
Execute lvm programs in the lvm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lvm_exec" lineno="32">
<summary>
Execute lvm programs in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_run" lineno="57">
<summary>
Execute lvm programs in the lvm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the LVM domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_signull" lineno="77">
<summary>
Send lvm a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_read_config" lineno="96">
<summary>
Read LVM configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_map_config" lineno="127">
<summary>
Map lvm config files.
</summary>
<desc>
<p>
Allow the specified domain to map lvm config files.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>lvm_read_config()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_manage_config" lineno="146">
<summary>
Manage LVM configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_create_lock_dirs" lineno="167">
<summary>
Create lvm_lock_t directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_rw_inherited_pid_pipes" lineno="186">
<summary>
Read and write a lvm unnamed pipe.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_domtrans_clvmd" lineno="200">
<summary>
Execute a domain transition to run clvmd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lvm_admin" lineno="225">
<summary>
All of the rules required to
administrate an lvm environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="lvm_manage_metadata" lineno="262">
<summary>
Manage LVM metadata
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="miscfiles" filename="policy/modules/system/miscfiles.if">
<summary>Miscellaneous files.</summary>
<interface name="miscfiles_cert_type" lineno="38">
<summary>
Make the specified type usable as a cert file.
</summary>
<desc>
<p>
Make the specified type usable for cert files.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a temporary file may result in problems with
cert management tools.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_type()</li>
</ul>
<p>
Example:
</p>
<p>
type mycertfile_t;
cert_type(mycertfile_t)
allow mydomain_t mycertfile_t:file read_file_perms;
files_search_etc(mydomain_t)
</p>
</desc>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="miscfiles_tls_privkey_type" lineno="83">
<summary>
Make the specified type usable
as a SSL/TLS private key file.
</summary>
<desc>
<p>
Make the specified type usable for SSL/TLS private key files.
This will also make the type usable for files, making
calls to files_type() redundant.  Failure to use this interface
for a temporary file may result in problems with
SSL/TLS private key management tools.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_type()</li>
</ul>
<p>
Example:
</p>
<p>
type mytlsprivkeyfile_t;
tls_privkey_type(mytlsprivkeyfile_t)
allow mydomain_t mytlsprivkeyfile_t:file read_file_perms;
files_search_etc(mydomain_t)
</p>
</desc>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="miscfiles_read_all_certs" lineno="103">
<summary>
Read all SSL/TLS certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_read_generic_certs" lineno="124">
<summary>
Read generic SSL/TLS certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_dontaudit_read_generic_certs" lineno="145">
<summary>
Do not audit attempts to read generic SSL/TLS certificates.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_generic_cert_dirs" lineno="165">
<summary>
Manage generic SSL/TLS certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_generic_cert_files" lineno="184">
<summary>
Manage generic SSL/TLS certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_read_generic_tls_privkey" lineno="205">
<summary>
Read generic SSL/TLS private
keys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_generic_tls_privkey_dirs" lineno="226">
<summary>
Manage generic SSL/TLS private
keys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_generic_tls_privkey_files" lineno="246">
<summary>
Manage generic SSL/TLS private
keys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_generic_tls_privkey_symlinks" lineno="267">
<summary>
Manage generic SSL/TLS private
keys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_read_fonts" lineno="286">
<summary>
Read fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_setattr_fonts_dirs" lineno="317">
<summary>
Set the attributes on a fonts directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_dontaudit_setattr_fonts_dirs" lineno="337">
<summary>
Do not audit attempts to set the attributes
on a fonts directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_dontaudit_write_fonts" lineno="356">
<summary>
Do not audit attempts to write fonts.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_fonts" lineno="376">
<summary>
Create, read, write, and delete fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_watch_fonts_dirs" lineno="401">
<summary>
Watch fonts directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_setattr_fonts_cache_dirs" lineno="419">
<summary>
Set the attributes on a fonts cache directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_dontaudit_setattr_fonts_cache_dirs" lineno="438">
<summary>
Do not audit attempts to set the attributes
on a fonts cache directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_fonts_cache" lineno="457">
<summary>
Create, read, write, and delete fonts cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_read_hwdata" lineno="479">
<summary>
Read hardware identification data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_setattr_localization" lineno="499">
<summary>
Allow process to setattr localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_localization" lineno="531">
<summary>
Allow process to read localization information.
</summary>
<desc>
<p>
Allow the specified domain to read the localization files.
This is typically for time zone configuration files, such as
/etc/localtime and files in /usr/share/zoneinfo.
Typically, any domain which needs to know the GMT/UTC
offset of the current timezone will need access
to these files. Generally, it should be safe for any
domain to read these files.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="miscfiles_rw_localization" lineno="554">
<summary>
Allow process to write localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_relabel_localization" lineno="574">
<summary>
Allow process to relabel localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_legacy_read_localization" lineno="593">
<summary>
Allow process to read legacy time localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_watch_localization" lineno="612">
<summary>
Watch time localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_search_man_pages" lineno="631">
<summary>
Search man pages.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_dontaudit_search_man_pages" lineno="650">
<summary>
Do not audit attempts to search man pages.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="miscfiles_read_man_pages" lineno="669">
<summary>
Read man pages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_delete_man_pages" lineno="691">
<summary>
Delete man pages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_man_pages" lineno="713">
<summary>
Create, read, write, and delete man pages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_man_cache" lineno="734">
<summary>
Read man cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_map_man_cache" lineno="755">
<summary>
Map man cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_man_cache" lineno="774">
<summary>
Create, read, write, and delete
man cache content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_relabel_man_cache" lineno="795">
<summary>
Relabel from and to man cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_public_files" lineno="816">
<summary>
Read public files used for file
transfer services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_public_files" lineno="838">
<summary>
Create, read, write, and delete public files
and directories used for file transfer services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_watch_public_dirs" lineno="858">
<summary>
Watch public files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_tetex_data" lineno="876">
<summary>
Read TeX data
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_exec_tetex_data" lineno="900">
<summary>
Execute TeX data programs in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_domain_entry_test_files" lineno="924">
<summary>
Let test files be an entry point for
a specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_test_files" lineno="942">
<summary>
Read test files and directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_exec_test_files" lineno="961">
<summary>
Execute test files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_etc_filetrans_localization" lineno="981">
<summary>
Create files in etc directories
with localization file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_localization" lineno="1001">
<summary>
Create, read, write, and delete localization
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="modutils" filename="policy/modules/system/modutils.if">
<summary>Policy for kernel module utilities</summary>
<interface name="modutils_getattr_module_deps" lineno="13">
<summary>
Getattr the dependencies of kernel modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_read_module_deps" lineno="32">
<summary>
Read the dependencies of kernel modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_read_module_objects" lineno="51">
<summary>
Read the kernel modules.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_read_module_config" lineno="68">
<summary>
Read the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_rename_module_config" lineno="94">
<summary>
Rename a file with the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_delete_module_config" lineno="113">
<summary>
Unlink a file with the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_manage_module_config" lineno="132">
<summary>
Manage files with the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_domtrans" lineno="152">
<summary>
Execute any modutil,
like insmod, kmod, depmod or updates-modules,
in the kmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="modutils_run" lineno="181">
<summary>
Execute any modutil,
like insmod, kmod, depmod or updates-modules,
in the kmod domain, and allow the specified role
the kmod domain, and use the caller's terminal.
Has a sigchld backchannel.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_exec" lineno="202">
<summary>
Execute any modutil,
like insmod, kmod, depmod or updates-modules,
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mount" filename="policy/modules/system/mount.if">
<summary>Policy for mount.</summary>
<interface name="mount_domtrans" lineno="13">
<summary>
Execute mount in the mount domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mount_run" lineno="40">
<summary>
Execute mount in the mount domain, and
allow the specified role the mount domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mount_exec" lineno="59">
<summary>
Execute mount in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_signal" lineno="82">
<summary>
Send a generic signal to mount.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_use_fds" lineno="100">
<summary>
Use file descriptors for mount.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="mount_domtrans_unconfined" lineno="118">
<summary>
Execute mount in the unconfined mount domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mount_run_unconfined" lineno="144">
<summary>
Execute mount in the unconfined mount domain, and
allow the specified role the unconfined mount domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mount_read_loopback_files" lineno="163">
<summary>
Read loopback filesystem image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_rw_loopback_files" lineno="181">
<summary>
Read and write loopback filesystem image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_list_runtime" lineno="199">
<summary>
List mount runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_watch_runtime_dirs" lineno="217">
<summary>
Watch mount runtime dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_watch_runtime_files" lineno="235">
<summary>
Watch mount runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_watch_reads_runtime_files" lineno="253">
<summary>
Watch reads on mount runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_watch_runtime_files_reads" lineno="271">
<summary>
Watch mount runtime files reads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_getattr_runtime_files" lineno="289">
<summary>
Getattr on mount_runtime_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_read_runtime_files" lineno="307">
<summary>
Read mount runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_rw_runtime_files" lineno="325">
<summary>
Read and write mount runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_mount_anyfile" dftval="false">
<desc>
<p>
Allow the mount command to mount any directory or file.
</p>
</desc>
</tunable>
</module>
<module name="netlabel" filename="policy/modules/system/netlabel.if">
<summary>NetLabel/CIPSO labeled networking management</summary>
<interface name="netlabel_domtrans_mgmt" lineno="13">
<summary>
Execute netlabel_mgmt in the netlabel_mgmt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="netlabel_run_mgmt" lineno="39">
<summary>
Execute netlabel_mgmt in the netlabel_mgmt domain, and
allow the specified role the netlabel_mgmt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="raid" filename="policy/modules/system/raid.if">
<summary>RAID array management tools.</summary>
<interface name="raid_domtrans_mdadm" lineno="14">
<summary>
Execute software raid tools in
the mdadm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="raid_run_mdadm" lineno="40">
<summary>
Execute mdadm in the mdadm
domain, and allow the specified
role the mdadm domain.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="raid_read_mdadm_pid" lineno="59">
<summary>
read mdadm pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="raid_manage_mdadm_pid" lineno="75">
<summary>
Create, read, write, and delete
mdadm pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="raid_read_mdadm_runtime_files" lineno="90">
<summary>
Read mdadm runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="raid_manage_mdadm_runtime_files" lineno="111">
<summary>
Create, read, write, and delete
mdadm runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="raid_admin_mdadm" lineno="137">
<summary>
All of the rules required to
administrate an mdadm environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="selinuxutil" filename="policy/modules/system/selinuxutil.if">
<summary>Policy for SELinux policy and userland applications.</summary>
<interface name="seutil_domtrans_checkpolicy" lineno="13">
<summary>
Execute checkpolicy in the checkpolicy domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_checkpolicy" lineno="41">
<summary>
Execute checkpolicy in the checkpolicy domain, and
allow the specified role the checkpolicy domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_checkpolicy" lineno="61">
<summary>
Execute checkpolicy in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_domtrans_loadpolicy" lineno="81">
<summary>
Execute load_policy in the load_policy domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_loadpolicy" lineno="108">
<summary>
Execute load_policy in the load_policy domain, and
allow the specified role the load_policy domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_loadpolicy" lineno="127">
<summary>
Execute load_policy in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_loadpolicy" lineno="146">
<summary>
Read the load_policy program file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_domtrans_newrole" lineno="165">
<summary>
Execute newrole in the newole domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_newrole" lineno="193">
<summary>
Execute newrole in the newrole domain, and
allow the specified role the newrole domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_newrole" lineno="212">
<summary>
Execute newrole in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_signal_newrole" lineno="233">
<summary>
Do not audit the caller attempts to send
a signal to newrole.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_sigchld_newrole" lineno="261">
<summary>
Send a SIGCHLD signal to newrole.
</summary>
<desc>
<p>
Allow the specified domain to send a SIGCHLD
signal to newrole.  This signal is automatically
sent from a process that is terminating to
its parent.  This may be needed by domains
that are executed from newrole.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="1"/>
</interface>
<interface name="seutil_use_newrole_fds" lineno="279">
<summary>
Inherit and use newrole file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_use_newrole_fds" lineno="298">
<summary>
Do not audit attempts to inherit and use
newrole file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_domtrans_runinit" lineno="316">
<summary>
Execute run_init in the run_init domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_labeled_init_script_domtrans_runinit" lineno="347">
<summary>
Execute file in the run_init domain.
</summary>
<desc>
<p>
Execute file in the run_init domain.
This is used for the Gentoo integrated run_init.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="domain">
<summary>
Type of entry file.
</summary>
</param>
</interface>
<interface name="seutil_init_script_domtrans_runinit" lineno="376">
<summary>
Execute init scripts in the run_init domain.
</summary>
<desc>
<p>
Execute init scripts in the run_init domain.
This is used for the Gentoo integrated run_init.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_runinit" lineno="406">
<summary>
Execute run_init in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_init_script_run_runinit" lineno="442">
<summary>
Execute init scripts in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</summary>
<desc>
<p>
Execute init scripts in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</p>
<p>
This is used for the Gentoo integrated run_init.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="seutil_labeled_init_script_run_runinit" lineno="483">
<summary>
Execute specified file in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</summary>
<desc>
<p>
Execute specified file in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</p>
<p>
This is used for the Gentoo integrated run_init.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Type of init script.
</summary>
</param>
</interface>
<interface name="seutil_use_runinit_fds" lineno="502">
<summary>
Inherit and use run_init file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_domtrans_setfiles" lineno="520">
<summary>
Execute setfiles in the setfiles domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_setfiles" lineno="548">
<summary>
Execute setfiles in the setfiles domain, and
allow the specified role the setfiles domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_setfiles" lineno="567">
<summary>
Execute setfiles in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_search_config" lineno="588">
<summary>
Do not audit attempts to search the SELinux
configuration directory (/etc/selinux).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_read_config" lineno="607">
<summary>
Do not audit attempts to read the SELinux
userland configuration (/etc/selinux).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_read_config" lineno="627">
<summary>
Read the general SELinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_rw_config" lineno="649">
<summary>
Read and write the general SELinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_manage_config" lineno="671">
<summary>
Create, read, write, and delete
the general selinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_manage_config_dirs" lineno="693">
<summary>
Create, read, write, and delete
the general selinux configuration directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_search_default_contexts" lineno="712">
<summary>
Search the policy directory with default_context files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_default_contexts" lineno="732">
<summary>
Read the default_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_manage_default_contexts" lineno="752">
<summary>
Create, read, write, and delete the default_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_file_contexts" lineno="773">
<summary>
Read the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_dontaudit_read_file_contexts" lineno="795">
<summary>
Do not audit attempts to read the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_rw_file_contexts" lineno="815">
<summary>
Read and write the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_file_contexts" lineno="837">
<summary>
Create, read, write, and delete the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_read_bin_policy" lineno="858">
<summary>
Read the SELinux binary policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_create_bin_policy" lineno="879">
<summary>
Create the SELinux binary policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_relabelto_bin_policy" lineno="902">
<summary>
Allow the caller to relabel a file to the binary policy type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_bin_policy" lineno="923">
<summary>
Create, read, write, and delete the SELinux
binary policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_src_policy" lineno="945">
<summary>
Read SELinux policy source files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_src_policy" lineno="967">
<summary>
Create, read, write, and delete SELinux
policy source files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_domtrans_semanage" lineno="988">
<summary>
Execute a domain transition to run semanage.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_semanage" lineno="1016">
<summary>
Execute semanage in the semanage domain, and
allow the specified role the semanage domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_read_module_store" lineno="1035">
<summary>
Read the semanage module store.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_module_store" lineno="1060">
<summary>
Full management of the semanage
module store.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_get_semanage_read_lock" lineno="1084">
<summary>
Get read lock on module store
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_get_semanage_trans_lock" lineno="1103">
<summary>
Get trans lock on module store
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_libselinux_linked" lineno="1131">
<summary>
SELinux-enabled program access for
libselinux-linked programs.
</summary>
<desc>
<p>
SELinux-enabled programs are typically
linked to the libselinux library.  This
interface will allow access required for
the libselinux constructor to function.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_libselinux_linked" lineno="1161">
<summary>
Do not audit SELinux-enabled program access for
libselinux-linked programs.
</summary>
<desc>
<p>
SELinux-enabled programs are typically
linked to the libselinux library.  This
interface will dontaudit access required for
the libselinux constructor to function.
</p>
<p>
Generally this should not be used on anything
but simple SELinux-enabled programs that do not
rely on data initialized by the libselinux
constructor.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="setrans" filename="policy/modules/system/setrans.if">
<summary>SELinux MLS/MCS label translation service.</summary>
<interface name="setrans_initrc_domtrans" lineno="14">
<summary>
Execute setrans server in the setrans domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="setrans_translate_context" lineno="32">
<summary>
Allow a domain to translate contexts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setrans_admin" lineno="58">
<summary>
All of the rules required to
administrate an setrans environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="sysnetwork" filename="policy/modules/system/sysnetwork.if">
<summary>Policy for network configuration: ifconfig and dhcp client.</summary>
<interface name="sysnet_domtrans_dhcpc" lineno="13">
<summary>
Execute dhcp client in dhcpc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sysnet_run_dhcpc" lineno="39">
<summary>
Execute DHCP clients in the dhcpc domain, and
allow the specified role the dhcpc domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_dontaudit_rw_dhcpc_udp_sockets" lineno="59">
<summary>
Do not audit attempts to read and
write dhcpc udp socket descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sysnet_dontaudit_use_dhcpc_fds" lineno="78">
<summary>
Do not audit attempts to use
the dhcp file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sysnet_dontaudit_rw_dhcpc_unix_stream_sockets" lineno="97">
<summary>
Do not audit attempts to read/write to the
dhcp unix stream socket descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sysnet_sigchld_dhcpc" lineno="115">
<summary>
Send a SIGCHLD signal to the dhcp client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_kill_dhcpc" lineno="134">
<summary>
Send a kill signal to the dhcp client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_sigstop_dhcpc" lineno="152">
<summary>
Send a SIGSTOP signal to the dhcp client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_signull_dhcpc" lineno="170">
<summary>
Send a null signal to the dhcp client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_signal_dhcpc" lineno="189">
<summary>
Send a generic signal to the dhcp client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_dbus_chat_dhcpc" lineno="208">
<summary>
Send and receive messages from
dhcpc over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_rw_dhcp_config" lineno="228">
<summary>
Read and write dhcp configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_search_dhcpc_state" lineno="248">
<summary>
Search the DHCP client state
directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_read_dhcpc_state" lineno="267">
<summary>
Read dhcp client state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_delete_dhcpc_state" lineno="285">
<summary>
Delete the dhcp client state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_setattr_config" lineno="303">
<summary>
Set the attributes of network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_read_config" lineno="343">
<summary>
Read network config files.
</summary>
<desc>
<p>
Allow the specified domain to read the
general network configuration files.  A
common example of this is the
/etc/resolv.conf file, which has domain
name system (DNS) server IP addresses.
Typically, most networking processes will
require	the access provided by this interface.
</p>
<p>
Higher-level interfaces which involve
networking will generally call this interface,
for example:
</p>
<ul>
<li>sysnet_dns_name_resolve()</li>
<li>sysnet_use_ldap()</li>
<li>sysnet_use_portmap()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_mmap_config_files" lineno="385">
<summary>
Map network config files.
</summary>
<desc>
<p>
Allow the specified domain to mmap the
general network configuration files.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_mmap_read_config" lineno="410">
<summary>
map network config files.
</summary>
<desc>
<p>
Allow the specified domain to mmap the
general network configuration files.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_dontaudit_read_config" lineno="429">
<summary>
Do not audit attempts to read network config files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sysnet_write_config" lineno="447">
<summary>
Write network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_create_config" lineno="466">
<summary>
Create network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_relabel_config" lineno="485">
<summary>
Relabel network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_etc_filetrans_config" lineno="510">
<summary>
Create files in /etc with the type used for
the network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="sysnet_manage_config" lineno="528">
<summary>
Create, read, write, and delete network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_watch_config_dir" lineno="560">
<summary>
Watch a network config dir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_read_dhcpc_pid" lineno="578">
<summary>
Read the dhcp client pid file.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_delete_dhcpc_pid" lineno="593">
<summary>
Delete the dhcp client pid file.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_read_dhcpc_runtime_files" lineno="608">
<summary>
Read dhcp client runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_delete_dhcpc_runtime_files" lineno="627">
<summary>
Delete the dhcp client runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_domtrans_ifconfig" lineno="645">
<summary>
Execute ifconfig in the ifconfig domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sysnet_run_ifconfig" lineno="672">
<summary>
Execute ifconfig in the ifconfig domain, and
allow the specified role the ifconfig domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_exec_ifconfig" lineno="692">
<summary>
Execute ifconfig in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_signal_ifconfig" lineno="712">
<summary>
Send a generic signal to ifconfig.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_signull_ifconfig" lineno="731">
<summary>
Send null signals to ifconfig.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_read_dhcp_config" lineno="749">
<summary>
Read the DHCP configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_search_dhcp_state" lineno="769">
<summary>
Search the DHCP state data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_dhcp_state_filetrans" lineno="813">
<summary>
Create DHCP state data.
</summary>
<desc>
<p>
Create DHCP state data.
</p>
<p>
This is added for DHCP server, as
the server and client put their state
files in the same directory.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="sysnet_dns_name_resolve" lineno="833">
<summary>
Perform a DNS name resolution.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_use_ldap" lineno="883">
<summary>
Connect and use a LDAP server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_use_portmap" lineno="910">
<summary>
Connect and use remote port mappers.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="dhcpc_manage_samba" dftval="false">
<desc>
<p>
Determine whether DHCP client
can manage samba
</p>
</desc>
</tunable>
</module>
<module name="systemd" filename="policy/modules/system/systemd.if">
<summary>Systemd components (not PID 1)</summary>
<template name="systemd_role_template" lineno="23">
<summary>
Template for systemd --user per-role domains.
</summary>
<param name="prefix">
<summary>
Prefix for generated types
</summary>
</param>
<param name="role">
<summary>
The user role.
</summary>
</param>
<param name="userdomain">
<summary>
The user domain for the role.
</summary>
</param>
</template>
<template name="systemd_user_daemon_domain" lineno="209">
<summary>
Allow the specified domain to be started as a daemon by the
specified systemd user instance.
</summary>
<param name="prefix">
<summary>
Prefix for the user domain.
</summary>
</param>
<param name="entry_point">
<summary>
Entry point file type for the domain.
</summary>
</param>
<param name="domain">
<summary>
Domain to allow the systemd user domain to run.
</summary>
</param>
</template>
<interface name="systemd_user_activated_sock_file" lineno="231">
<summary>
Associate the specified file type to be a type whose sock files
can be managed by systemd user instances for socket activation.
</summary>
<param name="file_type">
<summary>
File type to be associated.
</summary>
</param>
</interface>
<interface name="systemd_user_unix_stream_activated_socket" lineno="256">
<summary>
Associate the specified domain to be a domain whose unix stream
sockets and sock files can be managed by systemd user instances
for socket activation.
</summary>
<param name="domain">
<summary>
Domain to be associated.
</summary>
</param>
<param name="sock_file_type">
<summary>
File type of the domain's sock files to be associated.
</summary>
</param>
</interface>
<interface name="systemd_manage_conf_home_content" lineno="276">
<summary>
Allow the specified domain to manage systemd config home
content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_relabel_conf_home_content" lineno="297">
<summary>
Allow the specified domain to relabel systemd config home
content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_data_home_content" lineno="318">
<summary>
Allow the specified domain to manage systemd data home
content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_relabel_data_home_content" lineno="339">
<summary>
Allow the specified domain to relabel systemd data home
content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_user_runtime_lnk_files" lineno="359">
<summary>
Allow the specified domain to read systemd user runtime lnk files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_user_unit_files" lineno="378">
<summary>
Allow the specified domain to read system-wide systemd
user unit files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_user_runtime_units" lineno="398">
<summary>
Allow the specified domain to read systemd user runtime unit files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_search_user_runtime_unit_dirs" lineno="418">
<summary>
Allow the specified domain to search systemd user runtime unit
directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_list_user_runtime_unit_dirs" lineno="437">
<summary>
Allow the specified domain to list the contents of systemd
user runtime unit directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_status_user_runtime_units" lineno="455">
<summary>
Allow the specified domain to get the status of systemd user runtime units.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_start_user_runtime_units" lineno="474">
<summary>
Allow the specified domain to start systemd user runtime units.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_stop_user_runtime_units" lineno="493">
<summary>
Allow the specified domain to stop systemd user runtime units.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_reload_user_runtime_units" lineno="512">
<summary>
Allow the specified domain to reload systemd user runtime units.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_log_parse_environment" lineno="532">
<summary>
Make the specified type usable as an
log parse environment type.
</summary>
<param name="domain">
<summary>
Type to be used as a log parse environment type.
</summary>
</param>
</interface>
<interface name="systemd_use_nss" lineno="552">
<summary>
Allow domain to use systemd's Name Service Switch (NSS) module.
This module provides UNIX user and group name resolution for dynamic users
and groups allocated through the DynamicUser= option in systemd unit files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="systemd_PrivateDevices" lineno="579">
<summary>
Allow domain to be used as a systemd service with a unit
that uses PrivateDevices=yes in section [Service].
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="systemd_read_hwdb" lineno="596">
<summary>
Allow domain to read udev hwdb file
</summary>
<param name="domain">
<summary>
domain allowed access
</summary>
</param>
</interface>
<interface name="systemd_map_hwdb" lineno="614">
<summary>
Allow domain to map udev hwdb file
</summary>
<param name="domain">
<summary>
domain allowed access
</summary>
</param>
</interface>
<interface name="systemd_read_logind_pids" lineno="632">
<summary>
Read systemd_login PID files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_logind_pid_pipes" lineno="647">
<summary>
Manage systemd_login PID pipes.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_write_logind_pid_pipes" lineno="662">
<summary>
Write systemd_login named pipe.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_logind_runtime_files" lineno="677">
<summary>
Read systemd-logind runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_logind_runtime_pipes" lineno="697">
<summary>
Manage systemd-logind runtime pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_write_logind_runtime_pipes" lineno="716">
<summary>
Write systemd-logind runtime named pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_watch_logind_runtime_dirs" lineno="736">
<summary>
Watch systemd-logind runtime dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_use_logind_fds" lineno="755">
<summary>
Use inherited systemd
logind file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_logind_sessions_files" lineno="773">
<summary>
Read logind sessions files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_write_inherited_logind_sessions_pipes" lineno="794">
<summary>
Write inherited logind sessions pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_watch_logind_sessions_dirs" lineno="814">
<summary>
Watch logind sessions dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_write_inherited_logind_inhibit_pipes" lineno="832">
<summary>
Write inherited logind inhibit pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_dbus_chat_logind" lineno="853">
<summary>
Send and receive messages from
systemd logind over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_status_logind" lineno="873">
<summary>
Get the system status information from systemd_login
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_signull_logind" lineno="892">
<summary>
Send systemd_login a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_userdb_runtime_dirs" lineno="910">
<summary>
Manage systemd userdb runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_userdb_runtime_sock_files" lineno="928">
<summary>
Manage socket files under /run/systemd/userdb .
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_stream_connect_userdb" lineno="946">
<summary>
Connect to /run/systemd/userdb/io.systemd.DynamicUser .
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_machines" lineno="967">
<summary>
Allow reading /run/systemd/machines
</summary>
<param name="domain">
<summary>
Domain that can access the machines files
</summary>
</param>
</interface>
<interface name="systemd_connect_machined" lineno="986">
<summary>
Allow connecting to /run/systemd/userdb/io.systemd.Machine socket
</summary>
<param name="domain">
<summary>
Domain that can access the socket
</summary>
</param>
</interface>
<interface name="systemd_watch_machines_dirs" lineno="1004">
<summary>
Allow watching /run/systemd/machines
</summary>
<param name="domain">
<summary>
Domain that can watch the machines files
</summary>
</param>
</interface>
<interface name="systemd_dbus_chat_hostnamed" lineno="1023">
<summary>
Send and receive messages from
systemd hostnamed over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_use_passwd_agent_fds" lineno="1043">
<summary>
allow systemd_passwd_agent to inherit fds
</summary>
<param name="domain">
<summary>
Domain that owns the fds
</summary>
</param>
</interface>
<interface name="systemd_run_passwd_agent" lineno="1066">
<summary>
allow systemd_passwd_agent to be run by admin
</summary>
<param name="domain">
<summary>
Domain that runs it
</summary>
</param>
<param name="role">
<summary>
role that it runs in
</summary>
</param>
</interface>
<interface name="systemd_use_passwd_agent" lineno="1087">
<summary>
Allow a systemd_passwd_agent_t process to interact with a daemon
that needs a password from the sysadmin.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_filetrans_passwd_runtime_dirs" lineno="1111">
<summary>
Transition to systemd_passwd_runtime_t when creating dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_filetrans_userdb_runtime_dirs" lineno="1132">
<summary>
Transition to systemd_userdb_runtime_t when
creating the userdb directory inside an init runtime
directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_passwd_runtime_symlinks" lineno="1150">
<summary>
Allow to domain to create systemd-passwd symlink
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_watch_passwd_runtime_dirs" lineno="1168">
<summary>
watch systemd_passwd_runtime_t dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_all_units" lineno="1186">
<summary>
manage systemd unit dirs and the files in them  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_list_journal_dirs" lineno="1201">
<summary>
Allow domain to list the contents of systemd_journal_t dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_journal_files" lineno="1219">
<summary>
Allow domain to read systemd_journal_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_journal_files" lineno="1238">
<summary>
Allow domain to create/manage systemd_journal_t files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_relabelto_journal_dirs" lineno="1258">
<summary>
Relabel to systemd-journald directory type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_relabelto_journal_files" lineno="1277">
<summary>
Relabel to systemd-journald file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_networkd_units" lineno="1297">
<summary>
Allow domain to read systemd_networkd_t unit files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_manage_networkd_units" lineno="1317">
<summary>
Allow domain to create/manage systemd_networkd_t unit files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_enabledisable_networkd" lineno="1337">
<summary>
Allow specified domain to enable systemd-networkd units
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_startstop_networkd" lineno="1356">
<summary>
Allow specified domain to start systemd-networkd units
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_status_networkd" lineno="1375">
<summary>
Allow specified domain to get status of systemd-networkd
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_relabelfrom_networkd_tun_sockets" lineno="1394">
<summary>
Relabel systemd_networkd tun socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_rw_networkd_netlink_route_sockets" lineno="1412">
<summary>
Read/Write from systemd_networkd netlink route socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_list_networkd_runtime" lineno="1430">
<summary>
Allow domain to list dirs under /run/systemd/netif
</summary>
<param name="domain">
<summary>
domain permitted the access
</summary>
</param>
</interface>
<interface name="systemd_watch_networkd_runtime_dirs" lineno="1449">
<summary>
Watch directories under /run/systemd/netif
</summary>
<param name="domain">
<summary>
Domain permitted the access
</summary>
</param>
</interface>
<interface name="systemd_read_networkd_runtime" lineno="1468">
<summary>
Allow domain to read files generated by systemd_networkd
</summary>
<param name="domain">
<summary>
domain allowed access
</summary>
</param>
</interface>
<interface name="systemd_read_logind_state" lineno="1487">
<summary>
Allow systemd_logind_t to read process state for cgroup file
</summary>
<param name="domain">
<summary>
Domain systemd_logind_t may access.
</summary>
</param>
</interface>
<interface name="systemd_start_power_units" lineno="1506">
<summary>
Allow specified domain to start power units
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="systemd_status_power_units" lineno="1525">
<summary>
Get the system status information about power units
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_stream_connect_socket_proxyd" lineno="1544">
<summary>
Allows connections to the systemd-socket-proxyd's socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_tmpfiles_conf_file" lineno="1563">
<summary>
Make the specified type usable for
systemd tmpfiles config files.
</summary>
<param name="type">
<summary>
Type to be used for systemd tmpfiles config files.
</summary>
</param>
</interface>
<interface name="systemd_tmpfiles_creator" lineno="1584">
<summary>
Allow the specified domain to create
the tmpfiles config directory with
the correct context.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_tmpfiles_conf_filetrans" lineno="1620">
<summary>
Create an object in the systemd tmpfiles config
directory, with a private type
using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="systemd_list_tmpfiles_conf" lineno="1639">
<summary>
Allow domain to list systemd tmpfiles config directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_relabelto_tmpfiles_conf_dirs" lineno="1657">
<summary>
Allow domain to relabel to systemd tmpfiles config directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_relabelto_tmpfiles_conf_files" lineno="1675">
<summary>
Allow domain to relabel to systemd tmpfiles config files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_tmpfilesd_managed" lineno="1698">
<summary>
Allow systemd_tmpfiles_t to manage filesystem objects
</summary>
<param name="type">
<summary>
type of object to manage
</summary>
</param>
<param name="class">
<summary>
object class to manage
</summary>
</param>
</interface>
<interface name="systemd_dbus_chat_resolved" lineno="1718">
<summary>
Send and receive messages from
systemd resolved over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_read_resolved_runtime" lineno="1738">
<summary>
Allow domain to read resolv.conf file generated by systemd_resolved
</summary>
<param name="domain">
<summary>
domain allowed access
</summary>
</param>
</interface>
<interface name="systemd_getattr_updated_runtime" lineno="1756">
<summary>
Allow domain to getattr on .updated file (generated by systemd-update-done
</summary>
<param name="domain">
<summary>
domain allowed access
</summary>
</param>
</interface>
<interface name="systemd_search_all_user_keys" lineno="1774">
<summary>
Search keys for the all systemd --user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_create_all_user_keys" lineno="1792">
<summary>
Create keys for the all systemd --user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_write_all_user_keys" lineno="1810">
<summary>
Write keys for the all systemd --user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_domtrans_sysusers" lineno="1829">
<summary>
Execute systemd-sysusers in the
systemd sysusers domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_run_sysusers" lineno="1854">
<summary>
Run systemd-sysusers with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_use_inherited_machined_ptys" lineno="1874">
<summary>
receive and use a systemd_machined_devpts_t file handle
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="systemd_run_nspawn" lineno="1898">
<summary>
run systemd-nspawn in systemd_nspawn_t domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role  of the object to create.
</summary>
</param>
</interface>
<interface name="systemd_dgram_nspawn" lineno="1917">
<summary>
send datagrams to systemd_nspawn_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="systemd_search_user_runtime" lineno="1935">
<summary>
search systemd_user_runtime_t dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="systemd_tmpfiles_manage_all" dftval="false">
<desc>
<p>
Enable support for systemd-tmpfiles to manage all non-security files.
</p>
</desc>
</tunable>
<tunable name="systemd_nspawn_labeled_namespace" dftval="false">
<desc>
<p>
Allow systemd-nspawn to create a labelled namespace with the same types
as parent environment
</p>
</desc>
</tunable>
<tunable name="systemd_logind_get_bootloader" dftval="false">
<desc>
<p>
Allow systemd-logind to interact with the bootloader (read which one is
installed on fixed disks, enumerate entries for dbus property
BootLoaderEntries, etc.)
</p>
</desc>
</tunable>
<tunable name="systemd_socket_proxyd_bind_any" dftval="false">
<desc>
<p>
Allow systemd-socket-proxyd to bind any port instead of one labelled
with systemd_socket_proxyd_port_t.
</p>
</desc>
</tunable>
<tunable name="systemd_socket_proxyd_connect_any" dftval="false">
<desc>
<p>
Allow systemd-socket-proxyd to connect to any port instead of
labelled ones.
</p>
</desc>
</tunable>
<tunable name="systemd_tmpfilesd_factory" dftval="false">
<desc>
<p>
Allow systemd-tmpfilesd to populate missing configuration files from factory
template directory.
</p>
</desc>
</tunable>
</module>
<module name="udev" filename="policy/modules/system/udev.if">
<summary>Policy for udev.</summary>
<interface name="udev_signal" lineno="13">
<summary>
Send generic signals to udev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_domtrans" lineno="31">
<summary>
Execute udev in the udev domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="udev_run_domain" lineno="62">
<summary>
Allow udev to execute the specified program in
the specified domain.
</summary>
<desc>
<p>
This is a interface to support the UDEV 'RUN'
command.  This will allow the command run by
udev to be run in a domain other than udev_t.
</p>
</desc>
<param name="domain">
<summary>
Domain to execute in.
</summary>
</param>
<param name="entry_file">
<summary>
Domain entry point file.
</summary>
</param>
</interface>
<interface name="udev_exec" lineno="80">
<summary>
Execute udev in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_helper_domtrans" lineno="98">
<summary>
Execute a udev helper in the udev domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="udev_read_state" lineno="116">
<summary>
Allow process to read udev process state.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_create_kobject_uevent_sockets" lineno="137">
<summary>
Allow domain to create uevent sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_dontaudit_use_fds" lineno="156">
<summary>
Do not audit attempts to inherit a
udev file descriptor.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="udev_dontaudit_rw_dgram_sockets" lineno="175">
<summary>
Do not audit attempts to read or write
to a udev unix datagram socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="udev_manage_rules_files" lineno="193">
<summary>
Manage udev rules files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_read_rules_files" lineno="215">
<summary>
read udev rules files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_dontaudit_search_db" lineno="235">
<summary>
Do not audit search of udev database directories.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="udev_read_db" lineno="255">
<summary>
Read the udev device table.  (Deprecated)
</summary>
<desc>
<p>
Allow the specified domain to read the udev device table.  (Deprecated)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="udev_rw_db" lineno="269">
<summary>
Allow process to modify list of devices.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_relabelto_db" lineno="283">
<summary>
Allow process to relabelto udev database  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_relabelto_db_sockets" lineno="297">
<summary>
Allow process to relabelto sockets in /run/udev  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_search_pids" lineno="311">
<summary>
Search through udev pid content  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_list_pids" lineno="326">
<summary>
list udev pid content  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_manage_pid_dirs" lineno="342">
<summary>
Create, read, write, and delete
udev pid directories  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_read_pid_files" lineno="357">
<summary>
Read udev pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_dontaudit_rw_pid_files" lineno="372">
<summary>
dontaudit attempts to read/write udev pidfiles  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_manage_pid_files" lineno="388">
<summary>
Create, read, write, and delete
udev pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_generic_pid_filetrans_run_dirs" lineno="408">
<summary>
Create directories in the run location with udev_runtime_t type  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
Name of the directory that is created
</summary>
</param>
</interface>
<interface name="udev_search_runtime" lineno="422">
<summary>
Search through udev runtime dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_list_runtime" lineno="441">
<summary>
List udev runtime dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_manage_runtime_dirs" lineno="461">
<summary>
Create, read, write, and delete
udev runtime directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_read_runtime_files" lineno="480">
<summary>
Read udev runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_dontaudit_rw_runtime_files" lineno="499">
<summary>
dontaudit attempts to read/write udev runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_manage_runtime_files" lineno="518">
<summary>
Create, read, write, and delete
udev runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_domtrans_udevadm" lineno="537">
<summary>
Execute udev admin in the udevadm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="udevadm_domtrans" lineno="555">
<summary>
Execute udev admin in the udevadm domain.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="udevadm_run" lineno="577">
<summary>
Execute udevadm in the udevadm domain, and
allow the specified role the udevadm domain.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="udev_run_udevadm" lineno="599">
<summary>
Execute udevadm in the udevadm domain, and
allow the specified role the udevadm domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="udevadm_exec" lineno="618">
<summary>
Execute udevadm in the caller domain.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_exec_udevadm" lineno="633">
<summary>
Execute udevadm in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="unconfined" filename="policy/modules/system/unconfined.if">
<summary>The unconfined domain.</summary>
<interface name="unconfined_stub" lineno="13">
<summary>
Unconfined stub interface.  No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_domain_noaudit" lineno="29">
<summary>
Make the specified domain unconfined.
</summary>
<param name="domain">
<summary>
Domain to make unconfined.
</summary>
</param>
</interface>
<interface name="unconfined_domain" lineno="153">
<summary>
Make the specified domain unconfined and
audit executable heap usage.
</summary>
<desc>
<p>
Make the specified domain unconfined and
audit executable heap usage.  With exception
of memory protections, usage of this interface
will result in the level of access the domain has
is like SELinux	was not being used.
</p>
<p>
Only completely trusted domains should use this interface.
</p>
<p>
Does not allow return communications from confined
domains via message based mechanisms such as dbus or
SysV message queues.
</p>
</desc>
<param name="domain">
<summary>
Domain to make unconfined.
</summary>
</param>
</interface>
<interface name="unconfined_domtrans" lineno="171">
<summary>
Transition to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="unconfined_run" lineno="194">
<summary>
Execute specified programs in the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the unconfined domain.
</summary>
</param>
</interface>
<interface name="unconfined_shell_domtrans" lineno="213">
<summary>
Transition to the unconfined domain by executing a shell.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="unconfined_domtrans_to" lineno="251">
<summary>
Allow unconfined to execute the specified program in
the specified domain.
</summary>
<desc>
<p>
Allow unconfined to execute the specified program in
the specified domain.
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain to execute in.
</summary>
</param>
<param name="entry_file">
<summary>
Domain entry point file.
</summary>
</param>
</interface>
<interface name="unconfined_run_to" lineno="288">
<summary>
Allow unconfined to execute the specified program in
the specified domain.  Allow the specified domain the
unconfined role and use of unconfined user terminals.
</summary>
<desc>
<p>
Allow unconfined to execute the specified program in
the specified domain.  Allow the specified domain the
unconfined role and use of unconfined user terminals.
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain to execute in.
</summary>
</param>
<param name="entry_file">
<summary>
Domain entry point file.
</summary>
</param>
</interface>
<interface name="unconfined_use_fds" lineno="309">
<summary>
Inherit file descriptors from the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_sigchld" lineno="327">
<summary>
Send a SIGCHLD signal to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_signull" lineno="345">
<summary>
Send a SIGNULL signal to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_signal" lineno="363">
<summary>
Send generic signals to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_read_pipes" lineno="381">
<summary>
Read unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_read_pipes" lineno="399">
<summary>
Do not audit attempts to read unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_rw_pipes" lineno="417">
<summary>
Read and write unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_rw_pipes" lineno="436">
<summary>
Do not audit attempts to read and write
unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_stream_connect" lineno="455">
<summary>
Connect to the unconfined domain using
a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_rw_stream_sockets" lineno="474">
<summary>
Do not audit attempts to read and write
unconfined domain stream.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_rw_tcp_sockets" lineno="503">
<summary>
Do not audit attempts to read or write
unconfined domain tcp sockets.
</summary>
<desc>
<p>
Do not audit attempts to read or write
unconfined domain tcp sockets.
</p>
<p>
This interface was added due to a broken
symptom in ldconfig.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_search_keys" lineno="521">
<summary>
Search keys for the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_create_keys" lineno="539">
<summary>
Create keys for the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_write_keys" lineno="557">
<summary>
Write keys for the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dbus_send" lineno="575">
<summary>
Send messages to the unconfined domain over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dbus_chat" lineno="595">
<summary>
Send and receive messages from
unconfined_t over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dbus_connect" lineno="616">
<summary>
Connect to the the unconfined DBUS
for service (acquire_svc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="userdomain" filename="policy/modules/system/userdomain.if">
<summary>Policy for user domains</summary>
<template name="userdom_base_user_template" lineno="24">
<summary>
The template containing the most basic rules common to all users.
</summary>
<desc>
<p>
The template containing the most basic rules common to all users.
</p>
<p>
This template creates a user domain, types, and
rules for the user's tty and pty.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolebase/>
</template>
<template name="userdom_user_content_access_template" lineno="183">
<summary>
Template for handling user content through standard tunables
</summary>
<desc>
<p>
This template generates the tunable blocks for accessing
end user content, either the generic one (user_home_t)
or the complete one (based on user_home_content_type).
</p>
<p>
It calls the *_read_generic_user_content,
*_read_all_user_content, *_manage_generic_user_content, and
*_manage_all_user_content booleans.
</p>
</desc>
<param name="prefix">
<summary>
The application domain prefix to use, meant for the boolean
calls
</summary>
</param>
<param name="domain">
<summary>
The application domain which is granted the necessary privileges
</summary>
</param>
<rolebase/>
</template>
<interface name="userdom_ro_home_role" lineno="274">
<summary>
Allow a home directory for which the
role has read-only access.
</summary>
<desc>
<p>
Allow a home directory for which the
role has read-only access.
</p>
<p>
This does not allow execute access.
</p>
</desc>
<param name="role" unused="true">
<summary>
The user role
</summary>
</param>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_home_role" lineno="351">
<summary>
Allow a home directory for which the
role has full access.
</summary>
<desc>
<p>
Allow a home directory for which the
role has full access.
</p>
<p>
This does not allow execute access.
</p>
</desc>
<param name="role" unused="true">
<summary>
The user role
</summary>
</param>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_tmp_role" lineno="429">
<summary>
Manage user temporary files
</summary>
<param name="role" unused="true">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_exec_user_tmp_files" lineno="456">
<summary>
The execute access user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_tmpfs_role" lineno="492">
<summary>
Role access for the user tmpfs type
that the user has full access.
</summary>
<desc>
<p>
Role access for the user tmpfs type
that the user has full access.
</p>
<p>
This does not allow execute access.
</p>
</desc>
<param name="role" unused="true">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<template name="userdom_basic_networking_template" lineno="518">
<summary>
The template allowing the user basic
network permissions
</summary>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolebase/>
</template>
<template name="userdom_change_password_template" lineno="558">
<summary>
The template for allowing the user to change passwords.
</summary>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolebase/>
</template>
<template name="userdom_common_user_template" lineno="588">
<summary>
The template containing rules common to unprivileged
users and administrative users.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_login_user_template" lineno="906">
<summary>
The template for creating a login user.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_restricted_user_template" lineno="1030">
<summary>
The template for creating a unprivileged login user.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_restricted_xwindows_user_template" lineno="1071">
<summary>
The template for creating a unprivileged xwindows login user.
</summary>
<desc>
<p>
The template for creating a unprivileged xwindows login user.
</p>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_unpriv_user_template" lineno="1154">
<summary>
The template for creating a unprivileged user roughly
equivalent to a regular linux user.
</summary>
<desc>
<p>
The template for creating a unprivileged user roughly
equivalent to a regular linux user.
</p>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_admin_user_template" lineno="1278">
<summary>
The template for creating an administrative user.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
<p>
The privileges given to administrative users are:
<ul>
<li>Raw disk access</li>
<li>Set all sysctls</li>
<li>All kernel ring buffer controls</li>
<li>Create, read, write, and delete all files but shadow</li>
<li>Manage source and binary format SELinux policy</li>
<li>Run insmod</li>
</ul>
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., sysadm
is the prefix for sysadm_t).
</summary>
</param>
</template>
<template name="userdom_security_admin_template" lineno="1439">
<summary>
Allow user to run as a secadm
</summary>
<desc>
<p>
Create objects in a user home directory
with an automatic type transition to
a specified private type.
</p>
<p>
This is a templated interface, and should only
be called from a per-userdomain template.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role  of the object to create.
</summary>
</param>
</template>
<template name="userdom_xdg_user_template" lineno="1532">
<summary>
Allow user to interact with xdg content types
</summary>
<desc>
<p>
Create rules to allow a user to manage xdg
content in a user home directory with an
automatic type transition to those types.
</p>
<p>
This is a templated interface, and should only
be called from a per-userdomain template.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<interface name="userdom_user_application_type" lineno="1583">
<summary>
Make the specified type usable as
a user application domain type.
</summary>
<param name="type">
<summary>
Type to be used as a user application domain.
</summary>
</param>
</interface>
<interface name="userdom_user_application_domain" lineno="1604">
<summary>
Make the specified type usable as
a user application domain.
</summary>
<param name="type">
<summary>
Type to be used as a user application domain.
</summary>
</param>
<param name="type">
<summary>
Type to be used as the domain entry point.
</summary>
</param>
</interface>
<interface name="userdom_user_home_content" lineno="1621">
<summary>
Make the specified type usable in a
user home directory.
</summary>
<param name="type">
<summary>
Type to be used as a file in the
user home directory.
</summary>
</param>
</interface>
<interface name="userdom_user_tmp_file" lineno="1647">
<summary>
Make the specified type usable as a
user temporary file.
</summary>
<param name="type">
<summary>
Type to be used as a file in the
temporary directories.
</summary>
</param>
</interface>
<interface name="userdom_user_tmpfs_file" lineno="1664">
<summary>
Make the specified type usable as a
user tmpfs file.
</summary>
<param name="type">
<summary>
Type to be used as a file in
tmpfs directories.
</summary>
</param>
</interface>
<interface name="userdom_attach_admin_tun_iface" lineno="1679">
<summary>
Allow domain to attach to TUN devices created by administrative users.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_setattr_user_ptys" lineno="1698">
<summary>
Set the attributes of a user pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_create_user_pty" lineno="1716">
<summary>
Create a user pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_getattr_user_home_dirs" lineno="1734">
<summary>
Get the attributes of user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_getattr_user_home_dirs" lineno="1753">
<summary>
Do not audit attempts to get the attributes of user home directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_search_user_home_dirs" lineno="1771">
<summary>
Search user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_search_user_home_dirs" lineno="1798">
<summary>
Do not audit attempts to search user home directories.
</summary>
<desc>
<p>
Do not audit attempts to search user home directories.
This will suppress SELinux denial messages when the specified
domain is denied the permission to search these directories.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="userdom_list_user_home_dirs" lineno="1816">
<summary>
List user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_list_user_home_dirs" lineno="1835">
<summary>
Do not audit attempts to list user home subdirectories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_create_user_home_dirs" lineno="1853">
<summary>
Create user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_dirs" lineno="1871">
<summary>
Manage user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabelto_user_home_dirs" lineno="1889">
<summary>
Relabel to user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_home_filetrans_user_home_dir" lineno="1913">
<summary>
Create directories in the home dir root with
the user home directory type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_user_home_domtrans" lineno="1950">
<summary>
Do a domain transition to the specified
domain when executing a program in the
user home directory.
</summary>
<desc>
<p>
Do a domain transition to the specified
domain when executing a program in the
user home directory.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_search_user_home_content" lineno="1970">
<summary>
Do not audit attempts to search user home content directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_list_all_user_home_content" lineno="1988">
<summary>
List all users home content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_list_user_home_content" lineno="2007">
<summary>
List contents of users home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_dirs" lineno="2026">
<summary>
Create, read, write, and delete directories
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_home_content_dirs" lineno="2045">
<summary>
Delete all user home content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_home_content_dirs" lineno="2065">
<summary>
Delete directories in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_setattr_all_user_home_content_dirs" lineno="2083">
<summary>
Set attributes of all user home content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_setattr_user_home_content_files" lineno="2103">
<summary>
Do not audit attempts to set the
attributes of user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_map_user_home_content_files" lineno="2121">
<summary>
Map user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_mmap_user_home_content_files" lineno="2139">
<summary>
Mmap user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_user_home_content_files" lineno="2158">
<summary>
Read user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_user_home_content_files" lineno="2177">
<summary>
Do not audit attempts to read user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_all_user_home_content" lineno="2196">
<summary>
Read all user home content, including application-specific resources.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="userdom_manage_all_user_home_content" lineno="2218">
<summary>
Manage all user home content, including application-specific resources.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_append_user_home_content_files" lineno="2240">
<summary>
Do not audit attempts to append user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_append_inherited_user_home_content_files" lineno="2258">
<summary>
Allow append on inherited user home files.
</summary>
<param name="domain">
<summary>
Domain to allow.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_write_user_home_content_files" lineno="2276">
<summary>
Do not audit attempts to write user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_home_content_files" lineno="2294">
<summary>
Delete all user home content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_home_content_files" lineno="2314">
<summary>
Delete files in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_relabel_user_home_content_files" lineno="2332">
<summary>
Do not audit attempts to relabel user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_user_home_content_symlinks" lineno="2350">
<summary>
Read user home subdirectory symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_exec_user_home_content_files" lineno="2370">
<summary>
Execute user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_dontaudit_exec_user_home_content_files" lineno="2397">
<summary>
Do not audit attempts to execute user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_files" lineno="2416">
<summary>
Create, read, write, and delete files
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_user_home_content_dirs" lineno="2437">
<summary>
Do not audit attempts to create, read, write, and delete directories
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_symlinks" lineno="2456">
<summary>
Create, read, write, and delete symbolic links
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_home_content_symlinks" lineno="2476">
<summary>
Delete all user home content symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_home_content_symlinks" lineno="2496">
<summary>
Delete symbolic links in a user home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_pipes" lineno="2515">
<summary>
Create, read, write, and delete named pipes
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_sockets" lineno="2536">
<summary>
Create, read, write, and delete named sockets
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_user_home_dir_filetrans" lineno="2573">
<summary>
Create objects in a user home directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_user_home_content_filetrans" lineno="2610">
<summary>
Create objects in a directory located
in a user home directory with an
automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_user_home_dir_filetrans_user_cert" lineno="2641">
<summary>
Automatically use the user_cert_t label for selected resources
created in a users home directory
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="class">
<summary>
Resource type(s) for which the label should be used
</summary>
</param>
<param name="filename" optional="true">
<summary>
Name of the resource that is being created
</summary>
</param>
</interface>
<interface name="userdom_user_home_dir_filetrans_user_home_content" lineno="2671">
<summary>
Create objects in a user home directory
with an automatic type transition to
the user home file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_read_user_certs" lineno="2691">
<summary>
Read user SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_dontaudit_manage_user_certs" lineno="2714">
<summary>
Do not audit attempts to manage
the user SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_manage_user_certs" lineno="2734">
<summary>
Manage user SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_write_user_tmp_sockets" lineno="2755">
<summary>
Write to user temporary named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_list_user_tmp" lineno="2775">
<summary>
List user temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_list_user_tmp" lineno="2797">
<summary>
Do not audit attempts to list user
temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_tmp_dirs" lineno="2815">
<summary>
Delete users temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_user_tmp_dirs" lineno="2834">
<summary>
Do not audit attempts to manage users
temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_user_tmp_files" lineno="2852">
<summary>
Read user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_map_user_tmp_files" lineno="2873">
<summary>
Map user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_user_tmp_files" lineno="2892">
<summary>
Do not audit attempts to read users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_append_user_tmp_files" lineno="2911">
<summary>
Do not audit attempts to append users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_rw_user_tmp_files" lineno="2929">
<summary>
Read and write user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_tmp_files" lineno="2950">
<summary>
Delete users temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_user_tmp_files" lineno="2969">
<summary>
Do not audit attempts to manage users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_user_tmp_symlinks" lineno="2987">
<summary>
Read user temporary symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_tmp_symlinks" lineno="3008">
<summary>
Delete users temporary symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_dirs" lineno="3027">
<summary>
Create, read, write, and delete user
temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_tmp_named_pipes" lineno="3047">
<summary>
Delete users temporary named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_files" lineno="3066">
<summary>
Create, read, write, and delete user
temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_tmp_named_sockets" lineno="3086">
<summary>
Delete users temporary named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_symlinks" lineno="3105">
<summary>
Create, read, write, and delete user
temporary symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_pipes" lineno="3126">
<summary>
Create, read, write, and delete user
temporary named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_sockets" lineno="3147">
<summary>
Create, read, write, and delete user
temporary named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_user_tmp_filetrans" lineno="3184">
<summary>
Create objects in a user temporary directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_tmp_filetrans_user_tmp" lineno="3216">
<summary>
Create objects in the temporary directory
with an automatic type transition to
the user temporary type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_map_user_tmpfs_files" lineno="3234">
<summary>
Map user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_user_tmpfs_files" lineno="3252">
<summary>
Read user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_user_tmpfs_files" lineno="3272">
<summary>
dontaudit Read attempts of user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabel_user_tmpfs_dirs" lineno="3291">
<summary>
relabel to/from user tmpfs dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabel_user_tmpfs_files" lineno="3310">
<summary>
relabel to/from user tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_user_runtime_content" lineno="3332">
<summary>
Make the specified type usable in
the directory /run/user/%{USERID}/.
</summary>
<param name="type">
<summary>
Type to be used as a file in the
user_runtime_content_dir_t.
</summary>
</param>
</interface>
<interface name="userdom_search_user_runtime" lineno="3352">
<summary>
Search users runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_search_user_runtime_root" lineno="3371">
<summary>
Search user runtime root directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_runtime_root_dirs" lineno="3391">
<summary>
Create, read, write, and delete user
runtime root dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabel_user_runtime_root_dirs" lineno="3410">
<summary>
Relabel to and from user runtime root dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_runtime_dirs" lineno="3429">
<summary>
Create, read, write, and delete user
runtime dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_mounton_user_runtime_dirs" lineno="3449">
<summary>
Mount a filesystem on user runtime dir
directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabelto_user_runtime_dirs" lineno="3467">
<summary>
Relabel to user runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabelfrom_user_runtime_dirs" lineno="3485">
<summary>
Relabel from user runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_runtime_files" lineno="3503">
<summary>
delete user runtime files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_write_user_runtime_sockets" lineno="3522">
<summary>
write user runtime sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_search_all_user_runtime" lineno="3540">
<summary>
Search users runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_list_all_user_runtime" lineno="3559">
<summary>
List user runtime directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_runtime_dirs" lineno="3578">
<summary>
delete user runtime directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_write_all_user_runtime_named_sockets" lineno="3596">
<summary>
write user runtime socket files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_runtime_files" lineno="3615">
<summary>
delete user runtime files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_runtime_symlinks" lineno="3634">
<summary>
delete user runtime symlink files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_runtime_named_pipes" lineno="3653">
<summary>
delete user runtime fifo files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_runtime_named_sockets" lineno="3672">
<summary>
delete user runtime socket files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_runtime_blk_files" lineno="3691">
<summary>
delete user runtime blk files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_runtime_chr_files" lineno="3709">
<summary>
delete user runtime chr files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_pid_filetrans_user_runtime_root" lineno="3739">
<summary>
Create objects in the pid directory
with an automatic type transition to
the user runtime root type.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_runtime_filetrans_user_runtime_root" lineno="3766">
<summary>
Create objects in the runtime directory
with an automatic type transition to
the user runtime root type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_user_runtime_filetrans" lineno="3802">
<summary>
Create objects in a user runtime
directory with an automatic type
transition to a specified private
type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_user_runtime_filetrans_user_tmp" lineno="3833">
<summary>
Create objects in the user runtime directory
with an automatic type transition to
the user temporary type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_user_runtime_root_filetrans_user_runtime" lineno="3863">
<summary>
Create objects in the user runtime root
directory with an automatic type transition
to the user runtime dir type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_user_run_filetrans_user_runtime" lineno="3894">
<summary>
Create objects in the user runtime root
directory with an automatic type transition
to the user runtime dir type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="userdom_rw_user_tmpfs_files" lineno="3912">
<summary>
Read and write user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_tmpfs_files" lineno="3933">
<summary>
Delete user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmpfs_files" lineno="3952">
<summary>
Create, read, write, and delete user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_execmod_user_tmpfs_files" lineno="3972">
<summary>
execute and execmod user tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_getattr_user_ttys" lineno="3990">
<summary>
Get the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_getattr_user_ttys" lineno="4008">
<summary>
Do not audit attempts to get the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_setattr_user_ttys" lineno="4026">
<summary>
Set the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_setattr_user_ttys" lineno="4044">
<summary>
Do not audit attempts to set the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_use_user_ttys" lineno="4062">
<summary>
Read and write a user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_user_ptys" lineno="4080">
<summary>
Read and write a user domain pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_inherited_user_terminals" lineno="4115">
<summary>
Read and write a user TTYs and PTYs.
</summary>
<desc>
<p>
Allow the specified domain to read and write user
TTYs and PTYs. This will allow the domain to
interact with the user via the terminal. Typically
all interactive applications will require this
access.
</p>
<p>
However, this also allows the applications to spy
on user sessions or inject information into the
user session.  Thus, this access should likely
not be allowed for non-interactive domains.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="userdom_use_user_terminals" lineno="4156">
<summary>
Read, write and open a user TTYs and PTYs.
</summary>
<desc>
<p>
Allow the specified domain to read and write user
TTYs and PTYs. This will allow the domain to
interact with the user via the terminal. Typically
all interactive applications will require this
access.
</p>
<p>
This interface will also allow to open these user
terminals, which should not be necessary in general
and userdom_use_inherited_user_terminals() should
be sufficient.
</p>
<p>
However, this also allows the applications to spy
on user sessions or inject information into the
user session.  Thus, this access should likely
not be allowed for non-interactive domains.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="userdom_dontaudit_use_user_terminals" lineno="4172">
<summary>
Do not audit attempts to read and write
a user domain tty and pty.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_spec_domtrans_all_users" lineno="4193">
<summary>
Execute a shell in all user domains.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_xsession_spec_domtrans_all_users" lineno="4216">
<summary>
Execute an Xserver session in all user domains.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_spec_domtrans_unpriv_users" lineno="4239">
<summary>
Execute a shell in all unprivileged user domains.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_xsession_spec_domtrans_unpriv_users" lineno="4262">
<summary>
Execute an Xserver session in all unprivileged user domains.  This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_rw_unpriv_user_semaphores" lineno="4283">
<summary>
Read and write unpriviledged user SysV sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_unpriv_user_semaphores" lineno="4301">
<summary>
Manage unpriviledged user SysV sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_unpriv_user_shared_mem" lineno="4320">
<summary>
Read and write unpriviledged user SysV shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_unpriv_user_shared_mem" lineno="4339">
<summary>
Manage unpriviledged user SysV shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_bin_spec_domtrans_unpriv_users" lineno="4359">
<summary>
Execute bin_t in the unprivileged user domains. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="userdom_entry_spec_domtrans_unpriv_users" lineno="4382">
<summary>
Execute all entrypoint files in unprivileged user
domains. This is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_search_user_home_content" lineno="4403">
<summary>
Search users home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_watch_user_home_dirs" lineno="4422">
<summary>
watch users home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_signull_unpriv_users" lineno="4440">
<summary>
Send signull to unprivileged user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_signal_unpriv_users" lineno="4458">
<summary>
Send general signals to unprivileged user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_unpriv_users_fds" lineno="4476">
<summary>
Inherit the file descriptors from unprivileged user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_use_unpriv_user_fds" lineno="4504">
<summary>
Do not audit attempts to inherit the file descriptors
from unprivileged user domains.
</summary>
<desc>
<p>
Do not audit attempts to inherit the file descriptors
from unprivileged user domains. This will suppress
SELinux denial messages when the specified domain is denied
the permission to inherit these file descriptors.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="userdom_dontaudit_use_user_ptys" lineno="4522">
<summary>
Do not audit attempts to use user ptys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_relabelto_user_ptys" lineno="4540">
<summary>
Relabel files to unprivileged user pty types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_relabelfrom_user_ptys" lineno="4559">
<summary>
Do not audit attempts to relabel files from
user pty types.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_write_user_tmp_files" lineno="4577">
<summary>
Write all users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_write_user_tmp_files" lineno="4596">
<summary>
Do not audit attempts to write users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_unlink_user_tmp_devices" lineno="4615">
<summary>
Delete user_tmp_t device nodes (probably should not have been
created in the first place)
</summary>
<param name="domain">
<summary>
Domain to allow deleting
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_use_user_ttys" lineno="4633">
<summary>
Do not audit attempts to use user ttys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_all_users_state" lineno="4651">
<summary>
Read the process state of all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_getattr_all_users" lineno="4671">
<summary>
Get the attributes of all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_all_users_fds" lineno="4689">
<summary>
Inherit the file descriptors from all user domains
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_use_all_users_fds" lineno="4708">
<summary>
Do not audit attempts to inherit the file
descriptors from any user domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_signal_all_users" lineno="4726">
<summary>
Send general signals to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_sigchld_all_users" lineno="4744">
<summary>
Send a SIGCHLD signal to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_all_users_keys" lineno="4762">
<summary>
Read keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_write_all_users_keys" lineno="4780">
<summary>
Write keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_all_users_keys" lineno="4798">
<summary>
Read and write keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_create_all_users_keys" lineno="4816">
<summary>
Create keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_all_users_keys" lineno="4834">
<summary>
Manage keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dbus_send_all_users" lineno="4852">
<summary>
Send a dbus message to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_rw_all_users_stream_sockets" lineno="4872">
<summary>
Do not audit attempts to read and write
unserdomain stream.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<tunable name="allow_user_mysql_connect" dftval="false">
<desc>
<p>
Allow users to connect to mysql
</p>
</desc>
</tunable>
<tunable name="allow_user_postgresql_connect" dftval="false">
<desc>
<p>
Allow users to connect to PostgreSQL
</p>
</desc>
</tunable>
<tunable name="user_direct_mouse" dftval="false">
<desc>
<p>
Allow regular users direct mouse access
</p>
</desc>
</tunable>
<tunable name="user_dmesg" dftval="false">
<desc>
<p>
Allow users to read system messages.
</p>
</desc>
</tunable>
<tunable name="user_rw_noexattrfile" dftval="false">
<desc>
<p>
Allow user to r/w files on filesystems
that do not have extended attributes (FAT, CDROM, FLOPPY)
</p>
</desc>
</tunable>
<tunable name="user_exec_noexattrfile" dftval="false">
<desc>
<p>
Allow user to execute files on filesystems
that do not have extended attributes (FAT, CDROM, FLOPPY)
</p>
</desc>
</tunable>
<tunable name="user_write_removable" dftval="false">
<desc>
<p>
Allow user to write files on removable
devices (e.g. external USB memory
devices or floppies)
</p>
</desc>
</tunable>
<tunable name="user_ttyfile_stat" dftval="false">
<desc>
<p>
Allow w to display everyone
</p>
</desc>
</tunable>
</module>
<module name="xdg" filename="policy/modules/system/xdg.if">
<summary>
Freedesktop standard locations (formerly known as X Desktop Group)
</summary>
<interface name="xdg_cache_content" lineno="16">
<summary>
Mark the selected type as an xdg_cache_type
</summary>
<param name="type">
<summary>
Type to give the xdg_cache_type attribute to
</summary>
</param>
</interface>
<interface name="xdg_config_content" lineno="36">
<summary>
Mark the selected type as an xdg_config_type
</summary>
<param name="type">
<summary>
Type to give the xdg_config_type attribute to
</summary>
</param>
</interface>
<interface name="xdg_data_content" lineno="56">
<summary>
Mark the selected type as an xdg_data_type
</summary>
<param name="type">
<summary>
Type to give the xdg_data_type attribute to
</summary>
</param>
</interface>
<interface name="xdg_search_cache_dirs" lineno="76">
<summary>
Search through the xdg cache home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_cache_dirs" lineno="96">
<summary>
Watch the xdg cache home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_all_cache_dirs" lineno="114">
<summary>
Watch all the xdg cache home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_read_cache_files" lineno="132">
<summary>
Read the xdg cache home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_read_all_cache_files" lineno="155">
<summary>
Read all xdg_cache_type files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_cache_filetrans" lineno="195">
<summary>
Create objects in an xdg_cache directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Name of the file or directory created
</summary>
</param>
</interface>
<interface name="xdg_generic_user_home_dir_filetrans_cache" lineno="228">
<summary>
Create objects in the user home dir with an automatic type transition to
the xdg_cache_t type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Name of the directory created
</summary>
</param>
</interface>
<interface name="xdg_create_cache_dirs" lineno="246">
<summary>
Create xdg cache home directories
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_manage_cache" lineno="264">
<summary>
Manage the xdg cache home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_manage_all_cache" lineno="289">
<summary>
Manage all the xdg cache home files regardless of their specific type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_relabel_cache" lineno="314">
<summary>
Allow relabeling the xdg cache home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_relabel_all_cache" lineno="338">
<summary>
Allow relabeling the xdg cache home files, regardless of their specific type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_search_config_dirs" lineno="362">
<summary>
Search through the xdg config home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_config_dirs" lineno="382">
<summary>
Watch the xdg config home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_config_files" lineno="400">
<summary>
Watch the xdg config home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_all_config_dirs" lineno="418">
<summary>
Watch all the xdg config home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_read_config_files" lineno="436">
<summary>
Read the xdg config home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_read_all_config_files" lineno="459">
<summary>
Read all xdg_config_type files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_config_filetrans" lineno="499">
<summary>
Create objects in an xdg_config directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Name of the file or directory created
</summary>
</param>
</interface>
<interface name="xdg_generic_user_home_dir_filetrans_config" lineno="532">
<summary>
Create objects in the user home dir with an automatic type transition to
the xdg_config_t type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Name of the directory created
</summary>
</param>
</interface>
<interface name="xdg_create_config_dirs" lineno="550">
<summary>
Create xdg config home directories
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_manage_config" lineno="568">
<summary>
Manage the xdg config home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_manage_all_config" lineno="593">
<summary>
Manage all the xdg config home files regardless of their specific type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_relabel_config" lineno="618">
<summary>
Allow relabeling the xdg config home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_relabel_all_config" lineno="642">
<summary>
Allow relabeling the xdg config home files, regardless of their specific type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_data_dirs" lineno="666">
<summary>
Watch the xdg data home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_data_files" lineno="684">
<summary>
Watch the xdg data home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_all_data_dirs" lineno="702">
<summary>
Watch all the xdg data home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_all_data_files" lineno="720">
<summary>
Watch all the xdg data home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_read_data_files" lineno="738">
<summary>
Read the xdg data home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_read_all_data_files" lineno="761">
<summary>
Read all xdg_data_type files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_data_filetrans" lineno="801">
<summary>
Create objects in an xdg_data directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Optional name of the file or directory created
</summary>
</param>
</interface>
<interface name="xdg_generic_user_home_dir_filetrans_data" lineno="834">
<summary>
Create objects in the user home dir with an automatic type transition to
the xdg_data_t type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Name of the directory created
</summary>
</param>
</interface>
<interface name="xdg_create_data_dirs" lineno="852">
<summary>
Create xdg data home directories
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_manage_data" lineno="870">
<summary>
Manage the xdg data home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_manage_all_data" lineno="895">
<summary>
Manage all the xdg data home files, regardless of their specific type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_relabel_data" lineno="920">
<summary>
Allow relabeling the xdg data home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_exec_data" lineno="944">
<summary>
Allow domain to execute xdg_data_t, for some application config in kde
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_relabel_all_data" lineno="962">
<summary>
Allow relabeling the xdg data home files, regardless of their type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_documents_dirs" lineno="986">
<summary>
Watch the xdg documents home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_generic_user_home_dir_filetrans_documents" lineno="1015">
<summary>
Create objects in the user home dir with an automatic type transition to
the xdg_documents_t type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Name of the directory created
</summary>
</param>
</interface>
<interface name="xdg_manage_documents" lineno="1033">
<summary>
Manage documents content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_relabel_documents" lineno="1054">
<summary>
Allow relabeling the documents resources
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_downloads_dirs" lineno="1076">
<summary>
Watch the xdg downloads home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_read_downloads" lineno="1094">
<summary>
Read downloaded content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_create_downloads" lineno="1117">
<summary>
Create downloaded content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_write_downloads" lineno="1140">
<summary>
Write downloaded content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_generic_user_home_dir_filetrans_downloads" lineno="1174">
<summary>
Create objects in the user home dir with an automatic type transition to
the xdg_downloads_t type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Name of the directory created
</summary>
</param>
</interface>
<interface name="xdg_manage_downloads" lineno="1192">
<summary>
Manage downloaded content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_relabel_downloads" lineno="1213">
<summary>
Allow relabeling the downloads resources
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_pictures_dirs" lineno="1235">
<summary>
Watch the xdg pictures home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_read_pictures" lineno="1253">
<summary>
Read user pictures content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_generic_user_home_dir_filetrans_pictures" lineno="1287">
<summary>
Create objects in the user home dir with an automatic type transition to
the xdg_pictures_t type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Name of the directory created
</summary>
</param>
</interface>
<interface name="xdg_manage_pictures" lineno="1305">
<summary>
Manage pictures content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_relabel_pictures" lineno="1326">
<summary>
Allow relabeling the pictures resources
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_music_dirs" lineno="1348">
<summary>
Watch the xdg music home directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_read_music" lineno="1366">
<summary>
Read user music content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_generic_user_home_dir_filetrans_music" lineno="1400">
<summary>
Create objects in the user home dir with an automatic type transition to
the xdg_pictures_t type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Name of the directory created
</summary>
</param>
</interface>
<interface name="xdg_manage_music" lineno="1418">
<summary>
Manage music content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_relabel_music" lineno="1439">
<summary>
Allow relabeling the music resources
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_watch_videos_dirs" lineno="1461">
<summary>
Watch the xdg video content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xdg_read_videos" lineno="1479">
<summary>
Read user video content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_generic_user_home_dir_filetrans_videos" lineno="1513">
<summary>
Create objects in the user home dir with an automatic type transition to
the xdg_videos_t type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
<param name="filename" optional="true">
<summary>
Name of the directory created
</summary>
</param>
</interface>
<interface name="xdg_manage_videos" lineno="1531">
<summary>
Manage video content
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="xdg_relabel_videos" lineno="1552">
<summary>
Allow relabeling the videos resources
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="xen" filename="policy/modules/system/xen.if">
<summary>Xen hypervisor.</summary>
<interface name="xen_domtrans" lineno="13">
<summary>
Execute a domain transition to run xend.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xen_exec" lineno="32">
<summary>
Execute xend in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_use_fds" lineno="51">
<summary>
Inherit and use xen file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_dontaudit_use_fds" lineno="70">
<summary>
Do not audit attempts to inherit
xen file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xen_manage_image_dirs" lineno="89">
<summary>
Create, read, write, and delete
xend image directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_read_image_files" lineno="108">
<summary>
Read xend image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_rw_image_files" lineno="128">
<summary>
Read and write xend image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_append_log" lineno="148">
<summary>
Append xend log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_manage_log" lineno="169">
<summary>
Create, read, write, and delete
xend log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_read_xenstored_pid_files" lineno="189">
<summary>
Read xenstored pid files.  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_read_xenstored_runtime_files" lineno="204">
<summary>
Read xenstored runtime files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_dontaudit_rw_unix_stream_sockets" lineno="224">
<summary>
Do not audit attempts to read and write
Xen unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xen_stream_connect_xenstore" lineno="243">
<summary>
Connect to xenstored with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_stream_connect" lineno="263">
<summary>
Connect to xend with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_pid_filetrans" lineno="295">
<summary>
Create in a xend_runtime_t directory  (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="xen_runtime_filetrans" lineno="320">
<summary>
Create in a xend_runtime_t directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="xen_domtrans_xm" lineno="338">
<summary>
Execute a domain transition to run xm.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xen_stream_connect_xm" lineno="358">
<summary>
Connect to xm with a unix
domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="xend_run_blktap" dftval="false">
<desc>
<p>
Determine whether xend can
run blktapctrl and tapdisk.
</p>
</desc>
</tunable>
<tunable name="xen_use_fusefs" dftval="false">
<desc>
<p>
Determine whether xen can
use fusefs file systems.
</p>
</desc>
</tunable>
<tunable name="xen_use_nfs" dftval="false">
<desc>
<p>
Determine whether xen can
use nfs file systems.
</p>
</desc>
</tunable>
<tunable name="xen_use_samba" dftval="false">
<desc>
<p>
Determine whether xen can
use samba file systems.
</p>
</desc>
</tunable>
</module>
</layer>
<tunable name="allow_execheap" dftval="false">
<desc>
<p>
Allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
</p>
</desc>
</tunable>
<tunable name="allow_execmem" dftval="false">
<desc>
<p>
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
</p>
</desc>
</tunable>
<tunable name="allow_execmod" dftval="false">
<desc>
<p>
Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
</p>
</desc>
</tunable>
<tunable name="allow_execstack" dftval="false">
<desc>
<p>
Allow unconfined executables to make their stack executable.  This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
</p>
</desc>
</tunable>
<tunable name="allow_raw_memory_access" dftval="false">
<desc>
<p>
Allow raw memory device (/dev/mem, /dev/kmem, /dev/mergemem,
dev/oldmem, /dev/port) access for confined executables.  This is
extremely dangerous as it can bypass the SELinux protections, and
should only be used by trusted domains.
</p>
</desc>
</tunable>
<tunable name="allow_polyinstantiation" dftval="false">
<desc>
<p>
Enable polyinstantiated directory support.
</p>
</desc>
</tunable>
<tunable name="allow_ypbind" dftval="false">
<desc>
<p>
Allow system to run with NIS
</p>
</desc>
</tunable>
<tunable name="console_login" dftval="true">
<desc>
<p>
Allow logging in and using the system from /dev/console.
</p>
</desc>
</tunable>
<tunable name="global_ssp" dftval="false">
<desc>
<p>
Enable reading of urandom for all domains.
</p>
<p>
This should be enabled when all programs
are compiled with ProPolice/SSP
stack smashing protection.  All domains will
be allowed to read from /dev/urandom.
</p>
</desc>
</tunable>
<tunable name="mail_read_content" dftval="false">
<desc>
<p>
Allow email client to various content.
nfs, samba, removable devices, and user temp
files
</p>
</desc>
</tunable>
<tunable name="nfs_export_all_rw" dftval="false">
<desc>
<p>
Allow any files/directories to be exported read/write via NFS.
</p>
</desc>
</tunable>
<tunable name="nfs_export_all_ro" dftval="false">
<desc>
<p>
Allow any files/directories to be exported read/only via NFS.
</p>
</desc>
</tunable>
<tunable name="use_nfs_home_dirs" dftval="false">
<desc>
<p>
Support NFS home directories
</p>
</desc>
</tunable>
<tunable name="use_samba_home_dirs" dftval="false">
<desc>
<p>
Support SAMBA home directories
</p>
</desc>
</tunable>
<tunable name="user_tcp_server" dftval="false">
<desc>
<p>
Allow users to run TCP servers (bind to ports and accept connection from
the same domain and outside users)  disabling this forces FTP passive mode
and may change other protocols.
</p>
</desc>
</tunable>
<tunable name="user_udp_server" dftval="false">
<desc>
<p>
Allow users to run UDP servers (bind to ports and accept connection from
the same domain and outside users)
</p>
</desc>
</tunable>
<bool name="secure_mode" dftval="false">
<desc>
<p>
Enabling secure mode disallows programs, such as
newrole, from transitioning to administrative
user domains.
</p>
</desc>
</bool>
</policy>