PAL.C.T MINI SHELL
<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<!DOCTYPE policy SYSTEM "policy.dtd">
<policy>
<layer name="admin">
<summary>
Policy modules for administrative functions, such as package management.
</summary>
<module name="accountsd" filename="policy/modules/admin/accountsd.if">
<summary>policy for accountsd</summary>
<interface name="accountsd_domtrans" lineno="13">
<summary>
Execute a domain transition to run accountsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="accountsd_search_lib" lineno="31">
<summary>
Search accountsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_read_lib_files" lineno="50">
<summary>
Read accountsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_manage_lib_files" lineno="70">
<summary>
Create, read, write, and delete
accountsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_manage_var_lib" lineno="89">
<summary>
Manage accountsd var_lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_dbus_chat" lineno="110">
<summary>
Send and receive messages from
accountsd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_dontaudit_rw_fifo_file" lineno="131">
<summary>
Do not audit attempts to read and write Accounts Daemon
fifo file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="accountsd_admin" lineno="150">
<summary>
All of the rules required to administrate
an accountsd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="acct" filename="policy/modules/admin/acct.if">
<summary>Berkeley process accounting</summary>
<interface name="acct_domtrans" lineno="13">
<summary>
Transition to the accounting management domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="acct_exec" lineno="32">
<summary>
Execute accounting management tools in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="acct_exec_data" lineno="53">
<summary>
Execute accounting management data in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="acct_manage_data" lineno="72">
<summary>
Create, read, write, and delete process accounting data.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="alsa" filename="policy/modules/admin/alsa.if">
<summary>Ainit ALSA configuration tool</summary>
<interface name="alsa_domtrans" lineno="13">
<summary>
Domain transition to alsa
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_rw_semaphores" lineno="31">
<summary>
Allow read and write access to alsa semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_rw_shared_mem" lineno="49">
<summary>
Allow read and write access to alsa shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_read_rw_config" lineno="67">
<summary>
Read alsa writable config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_manage_rw_config" lineno="87">
<summary>
Manage alsa writable config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="alsa_read_lib" lineno="107">
<summary>
Read alsa lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="amanda" filename="policy/modules/admin/amanda.if">
<summary>Automated backup program.</summary>
<interface name="amanda_domtrans_recover" lineno="13">
<summary>
Execute amrecover in the amanda_recover domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="amanda_run_recover" lineno="38">
<summary>
Execute amrecover in the amanda_recover domain, and
allow the specified role the amanda_recover domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the amanda_recover domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="amanda_search_lib" lineno="57">
<summary>
Search amanda library directories.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="amanda_append_lib_files" lineno="76">
<summary>
Allow append amanda lib files.
</summary>
<param name="domain">
<summary>
Domain to allow
</summary>
</param>
</interface>
<interface name="amanda_dontaudit_read_dumpdates" lineno="94">
<summary>
Do not audit attempts to read /etc/dumpdates.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="amanda_rw_dumpdates_files" lineno="112">
<summary>
Allow read/writing /etc/dumpdates.
</summary>
<param name="domain">
<summary>
Domain to allow
</summary>
</param>
</interface>
<interface name="amanda_manage_lib" lineno="130">
<summary>
Search amanda library directories.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="amanda_append_log_files" lineno="149">
<summary>
Allow read/writing amanda logs
</summary>
<param name="domain">
<summary>
Domain to allow
</summary>
</param>
</interface>
<interface name="amanda_search_var_lib" lineno="167">
<summary>
Search amanda var library directories.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="amtu" filename="policy/modules/admin/amtu.if">
<summary>Abstract Machine Test Utility</summary>
<interface name="amtu_domtrans" lineno="13">
<summary>
Execute amtu in the amtu domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amtu_run" lineno="38">
<summary>
Execute amtu in the amtu domain, and
allow the specified role the amtu domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the amtu domain.
</summary>
</param>
</interface>
</module>
<module name="anaconda" filename="policy/modules/admin/anaconda.if">
<summary>Policy for the Anaconda installer.</summary>
<interface name="anaconda_exec_preupgrade" lineno="13">
<summary>
Execute preupgrade in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="anaconda_domtrans_preupgrade" lineno="32">
<summary>
Execute a domain transition to run preupgrade.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="anaconda_read_lib_files_preupgrade" lineno="51">
<summary>
Read preupgrade lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="anaconda_manage_lib_files_preupgrade" lineno="71">
<summary>
Manage preupgrade lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="apt" filename="policy/modules/admin/apt.if">
<summary>APT advanced package tool.</summary>
<interface name="apt_domtrans" lineno="13">
<summary>
Execute apt programs in the apt domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="apt_run" lineno="39">
<summary>
Execute apt programs in the apt domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to allow the apt domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apt_use_fds" lineno="59">
<summary>
Inherit and use file descriptors from apt.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="apt_dontaudit_use_fds" lineno="79">
<summary>
Do not audit attempts to use file descriptors from apt.
</summary>
<param name="domain">
<summary>
The type of the process attempting performing this action
which should not be audited.
</summary>
</param>
</interface>
<interface name="apt_read_pipes" lineno="97">
<summary>
Read from an unnamed apt pipe.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="apt_rw_pipes" lineno="116">
<summary>
Read and write an unnamed apt pipe.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="apt_use_ptys" lineno="135">
<summary>
Read from and write to apt ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apt_read_cache" lineno="153">
<summary>
Read the apt package cache.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="apt_read_db" lineno="174">
<summary>
Read the apt package database.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="apt_manage_db" lineno="195">
<summary>
Create, read, write, and delete the apt package database.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="apt_dontaudit_manage_db" lineno="218">
<summary>
Do not audit attempts to create, read,
write, and delete the apt package database.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="backup" filename="policy/modules/admin/backup.if">
<summary>System backup scripts</summary>
<interface name="backup_domtrans" lineno="13">
<summary>
Execute backup in the backup domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="backup_run" lineno="38">
<summary>
Execute backup in the backup domain, and
allow the specified role the backup domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the backup domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bootloader" filename="policy/modules/admin/bootloader.if">
<summary>Policy for the kernel modules, kernel image, and bootloader.</summary>
<interface name="bootloader_domtrans" lineno="13">
<summary>
Execute bootloader in the bootloader domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="bootloader_exec" lineno="31">
<summary>
Execute bootloader in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="bootloader_run" lineno="56">
<summary>
Execute bootloader interactively and do
a domain transition to the bootloader domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the bootloader domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bootloader_read_config" lineno="81">
<summary>
Read the bootloader configuration file.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="bootloader_rw_config" lineno="102">
<summary>
Read and write the bootloader
configuration file.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bootloader_manage_config" lineno="121">
<summary>
Manage the bootloader
configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bootloader_rw_tmp_files" lineno="140">
<summary>
Read and write the bootloader
temporary data in /tmp.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="bootloader_create_runtime_file" lineno="160">
<summary>
Read and write the bootloader
temporary data in /tmp.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="brctl" filename="policy/modules/admin/brctl.if">
<summary>Utilities for configuring the linux ethernet bridge</summary>
<interface name="brctl_domtrans" lineno="13">
<summary>
Execute a domain transition to run brctl.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="brctl_exec" lineno="31">
<summary>
Execute a domain transition to run brctl.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="brctl_run" lineno="55">
<summary>
Execute brctl in the brctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="certwatch" filename="policy/modules/admin/certwatch.if">
<summary>Digital Certificate Tracking</summary>
<interface name="certwatch_domtrans" lineno="13">
<summary>
Domain transition to certwatch.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certwatch_run" lineno="42">
<summary>
Execute certwatch in the certwatch domain, and
allow the specified role the certwatch domain,
and use the caller's terminal. Has a sigchld
backchannel.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the certwatch domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="certwatach_run" lineno="75">
<summary>
Execute certwatch in the certwatch domain, and
allow the specified role the certwatch domain,
and use the caller's terminal. Has a sigchld
backchannel. (Deprecated)
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the certwatch domain.
</summary>
</param>
<param name="terminal">
<summary>
The type of the terminal allow the certwatch domain to use.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="consoletype" filename="policy/modules/admin/consoletype.if">
<summary>
Determine of the console connected to the controlling terminal.
</summary>
<interface name="consoletype_domtrans" lineno="15">
<summary>
Execute consoletype in the consoletype domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="consoletype_run" lineno="43">
<summary>
Execute consoletype in the consoletype domain, and
allow the specified role the consoletype domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the consoletype domain.
</summary>
</param>
</interface>
<interface name="consoletype_exec" lineno="63">
<summary>
Execute consoletype in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ddcprobe" filename="policy/modules/admin/ddcprobe.if">
<summary>ddcprobe retrieves monitor and graphics card information</summary>
<interface name="ddcprobe_domtrans" lineno="13">
<summary>
Execute ddcprobe in the ddcprobe domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ddcprobe_run" lineno="38">
<summary>
Execute ddcprobe in the ddcprobe domain, and
allow the specified role the ddcprobe domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
Role to be authenticated for ddcprobe domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dmesg" filename="policy/modules/admin/dmesg.if">
<summary>Policy for dmesg.</summary>
<interface name="dmesg_domtrans" lineno="13">
<summary>
Execute dmesg in the dmesg domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dmesg_exec" lineno="33">
<summary>
Execute dmesg in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dmidecode" filename="policy/modules/admin/dmidecode.if">
<summary>Decode DMI data for x86/ia64 bioses.</summary>
<interface name="dmidecode_domtrans" lineno="13">
<summary>
Execute dmidecode in the dmidecode domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dmidecode_run" lineno="43">
<summary>
Execute dmidecode in the dmidecode domain, and
allow the specified role the dmidecode domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the dmidecode domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dmidecode_exec" lineno="62">
<summary>
Execute dmidecode in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dpkg" filename="policy/modules/admin/dpkg.if">
<summary>Policy for the Debian package manager.</summary>
<interface name="dpkg_domtrans" lineno="15">
<summary>
Execute dpkg programs in the dpkg domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dpkg_domtrans_script" lineno="35">
<summary>
Execute dpkg_script programs in the dpkg_script domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dpkg_run" lineno="63">
<summary>
Execute dpkg programs in the dpkg domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to allow the dpkg domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dpkg_use_fds" lineno="84">
<summary>
Inherit and use file descriptors from dpkg.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dpkg_read_pipes" lineno="102">
<summary>
Read from an unnamed dpkg pipe.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dpkg_rw_pipes" lineno="120">
<summary>
Read and write an unnamed dpkg pipe.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dpkg_use_script_fds" lineno="138">
<summary>
Inherit and use file descriptors from dpkg scripts.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dpkg_read_db" lineno="156">
<summary>
Read the dpkg package database.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dpkg_manage_db" lineno="177">
<summary>
Create, read, write, and delete the dpkg package database.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dpkg_dontaudit_manage_db" lineno="198">
<summary>
Do not audit attempts to create, read,
write, and delete the dpkg package database.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dpkg_lock_db" lineno="218">
<summary>
Lock the dpkg package database.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="firstboot" filename="policy/modules/admin/firstboot.if">
<summary>
Final system configuration run during the first boot
after installation of Red Hat/Fedora systems.
</summary>
<interface name="firstboot_domtrans" lineno="16">
<summary>
Execute firstboot in the firstboot domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="firstboot_run" lineno="40">
<summary>
Execute firstboot in the firstboot domain, and
allow the specified role the firstboot domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the firstboot domain.
</summary>
</param>
</interface>
<interface name="firstboot_use_fds" lineno="59">
<summary>
Inherit and use a file descriptor from firstboot.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="firstboot_dontaudit_use_fds" lineno="78">
<summary>
Do not audit attempts to inherit a
file descriptor from firstboot.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="firstboot_write_pipes" lineno="96">
<summary>
Write to a firstboot unnamed pipe.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="firstboot_rw_pipes" lineno="114">
<summary>
Read and Write to a firstboot unnamed pipe.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="firstboot_dontaudit_rw_pipes" lineno="132">
<summary>
Do not audit attemps to read and write to a firstboot unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="firstboot_dontaudit_rw_stream_sockets" lineno="151">
<summary>
Do not audit attemps to read and write to a firstboot
unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="firstboot_dontaudit_leaks" lineno="169">
<summary>
dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="kismet" filename="policy/modules/admin/kismet.if">
<summary>Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.</summary>
<interface name="kismet_domtrans" lineno="13">
<summary>
Execute a domain transition to run kismet.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kismet_run" lineno="38">
<summary>
Execute kismet in the kismet domain, and
allow the specified role the kismet domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the kismet domain.
</summary>
</param>
</interface>
<interface name="kismet_read_pid_files" lineno="57">
<summary>
Read kismet PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_pid_files" lineno="76">
<summary>
Manage kismet var_run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_search_lib" lineno="95">
<summary>
Search kismet lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_read_lib_files" lineno="114">
<summary>
Read kismet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_lib_files" lineno="135">
<summary>
Create, read, write, and delete
kismet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_manage_lib" lineno="154">
<summary>
Manage kismet var_lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kismet_read_log" lineno="175">
<summary>
Allow the specified domain to read kismet's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kismet_append_log" lineno="195">
<summary>
Allow the specified domain to append
kismet log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kismet_manage_log" lineno="214">
<summary>
Allow domain to manage kismet log files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kismet_admin" lineno="236">
<summary>
All of the rules required to administrate an kismet environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="kudzu" filename="policy/modules/admin/kudzu.if">
<summary>Hardware detection and configuration tools</summary>
<interface name="kudzu_domtrans" lineno="13">
<summary>
Execute kudzu in the kudzu domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="kudzu_run" lineno="38">
<summary>
Execute kudzu in the kudzu domain, and
allow the specified role the kudzu domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the kudzu domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kudzu_getattr_exec_files" lineno="58">
<summary>
Get attributes of kudzu executable.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="logrotate" filename="policy/modules/admin/logrotate.if">
<summary>Rotate and archive system logs</summary>
<interface name="logrotate_domtrans" lineno="13">
<summary>
Execute logrotate in the logrotate domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="logrotate_run" lineno="38">
<summary>
Execute logrotate in the logrotate domain, and
allow the specified role the logrotate domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the logrotate domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logrotate_exec" lineno="57">
<summary>
Execute logrotate in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="logrotate_use_fds" lineno="75">
<summary>
Inherit and use logrotate file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logrotate_dontaudit_use_fds" lineno="93">
<summary>
Do not audit attempts to inherit logrotate file descriptors.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="logrotate_read_tmp_files" lineno="111">
<summary>
Read a logrotate temporary files.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<tunable name="logrotate_use_nfs" dftval="false">
<desc>
<p>
Allow logrotate to manage nfs files
</p>
</desc>
</tunable>
</module>
<module name="logwatch" filename="policy/modules/admin/logwatch.if">
<summary>System log analyzer and reporter</summary>
<interface name="logwatch_read_tmp_files" lineno="13">
<summary>
Read logwatch temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logwatch_search_cache_dir" lineno="32">
<summary>
Search logwatch cache directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mcelog" filename="policy/modules/admin/mcelog.if">
<summary>policy for mcelog</summary>
<interface name="mcelog_domtrans" lineno="13">
<summary>
Execute a domain transition to run mcelog.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mcelog_read_log" lineno="31">
<summary>
Read mcelog logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="mcelog_foreground" dftval="false">
<desc>
<p>
Determine whether mcelog can use all
the user ttys.
</p>
</desc>
</tunable>
</module>
<module name="mrtg" filename="policy/modules/admin/mrtg.if">
<summary>Network traffic graphing</summary>
<interface name="mrtg_append_create_logs" lineno="13">
<summary>
Create and append mrtg logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ncftool" filename="policy/modules/admin/ncftool.if">
<summary>policy for ncftool</summary>
<interface name="ncftool_domtrans" lineno="13">
<summary>
Execute a domain transition to run ncftool.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ncftool_run" lineno="37">
<summary>
Execute ncftool in the ncftool domain, and
allow the specified role the ncftool domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the ncftool domain.
</summary>
</param>
</interface>
<interface name="ncftool_role" lineno="65">
<summary>
Role access for ncftool
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<tunable name="ncftool_read_user_content" dftval="false">
<desc>
<p>
Allow ncftool to read user content.
</p>
</desc>
</tunable>
</module>
<module name="netutils" filename="policy/modules/admin/netutils.if">
<summary>Network analysis utilities</summary>
<interface name="netutils_domtrans" lineno="13">
<summary>
Execute network utilities in the netutils domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_run" lineno="38">
<summary>
Execute network utilities in the netutils domain, and
allow the specified role the netutils domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the netutils domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_exec" lineno="58">
<summary>
Execute network utilities in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_signal" lineno="76">
<summary>
Send generic signals to network utilities.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_domtrans_ping" lineno="94">
<summary>
Execute ping in the ping domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_kill_ping" lineno="112">
<summary>
Send a kill (SIGKILL) signal to ping.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_signal_ping" lineno="130">
<summary>
Send generic signals to ping.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_run_ping" lineno="155">
<summary>
Execute ping in the ping domain, and
allow the specified role the ping domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the ping domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_run_ping_cond" lineno="182">
<summary>
Conditionally execute ping in the ping domain, and
allow the specified role the ping domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the ping domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_exec_ping" lineno="206">
<summary>
Execute ping in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_domtrans_traceroute" lineno="224">
<summary>
Execute traceroute in the traceroute domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netutils_run_traceroute" lineno="249">
<summary>
Execute traceroute in the traceroute domain, and
allow the specified role the traceroute domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the traceroute domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_run_traceroute_cond" lineno="276">
<summary>
Conditionally execute traceroute in the traceroute domain, and
allow the specified role the traceroute domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the traceroute domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="netutils_exec_traceroute" lineno="300">
<summary>
Execute traceroute in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="user_ping" dftval="false">
<desc>
<p>
Control users use of ping and traceroute
</p>
</desc>
</tunable>
</module>
<module name="permissivedomains" filename="policy/modules/admin/permissivedomains.if">
<summary>No Interfaces</summary>
</module>
<module name="portage" filename="policy/modules/admin/portage.if">
<summary>
Portage Package Management System. The primary package management and
distribution system for Gentoo.
</summary>
<interface name="portage_domtrans" lineno="16">
<summary>
Execute emerge in the portage domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="portage_run" lineno="45">
<summary>
Execute emerge in the portage domain, and
allow the specified role the portage domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the portage domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portage_compile_domain" lineno="70">
<summary>
Template for portage sandbox.
</summary>
<desc>
<p>
Template for portage sandbox. Portage
does all compiling in the sandbox.
</p>
</desc>
<param name="domain">
<summary>
Domain Allowed Access
</summary>
</param>
</interface>
<interface name="portage_domtrans_gcc_config" lineno="210">
<summary>
Execute gcc-config in the gcc_config domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="portage_run_gcc_config" lineno="238">
<summary>
Execute gcc-config in the gcc_config domain, and
allow the specified role the gcc_config domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the gcc_config domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portage_dontaudit_search_tmp" lineno="258">
<summary>
Do not audit attempts to search the
portage temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="portage_dontaudit_rw_tmp_files" lineno="277">
<summary>
Do not audit attempts to read and write
the portage temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="prelink" filename="policy/modules/admin/prelink.if">
<summary>Prelink ELF shared library mappings.</summary>
<interface name="prelink_transition_domain_attribute" lineno="13">
<summary>
Execute the prelink program in the prelink domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_domtrans_mask" lineno="31">
<summary>
Execute the prelink program in the prelink domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_role_access_mask" lineno="58">
<summary>
Execute the prelink program in the prelink domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_domtrans" lineno="75">
<summary>
Execute the prelink program in the prelink domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_exec" lineno="101">
<summary>
Execute the prelink program in the current domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_exec_getattr" lineno="120">
<summary>
Getattr the prelink program in the current domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_run" lineno="144">
<summary>
Execute the prelink program in the prelink domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the prelink domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="prelink_object_file" lineno="164">
<summary>
Make the specified file type prelinkable.
</summary>
<param name="file_type">
<summary>
File type to be prelinked.
</summary>
</param>
</interface>
<interface name="prelink_read_cache" lineno="182">
<summary>
Read the prelink cache.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_delete_cache" lineno="201">
<summary>
Delete the prelink cache.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_manage_log" lineno="221">
<summary>
Create, read, write, and delete
prelink log files.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_manage_lib" lineno="241">
<summary>
Create, read, write, and delete
prelink var_lib files.
</summary>
<param name="file_type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelink_relabel_lib" lineno="260">
<summary>
Relabel from files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="quota" filename="policy/modules/admin/quota.if">
<summary>File system quota management</summary>
<interface name="quota_domtrans" lineno="13">
<summary>
Execute quota management tools in the quota domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="quota_run" lineno="38">
<summary>
Execute quota management tools in the quota domain, and
allow the specified role the quota domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the quota domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="quota_dontaudit_getattr_db" lineno="58">
<summary>
Do not audit attempts to get the attributes
of filesystem quota data files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="quota_read_db" lineno="76">
<summary>
Alow to read of filesystem quota data files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="quota_manage_flags" lineno="95">
<summary>
Create, read, write, and delete quota
flag files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="readahead" filename="policy/modules/admin/readahead.if">
<summary>Readahead, read files into page cache for improved performance</summary>
</module>
<module name="rpm" filename="policy/modules/admin/rpm.if">
<summary>Policy for the RPM package manager.</summary>
<interface name="rpm_domtrans" lineno="13">
<summary>
Execute rpm programs in the rpm domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_domtrans_debuginfo" lineno="37">
<summary>
Execute debuginfo_install programs in the rpm domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_domtrans_script" lineno="58">
<summary>
Execute rpm_script programs in the rpm_script domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_run" lineno="86">
<summary>
Execute RPM programs in the RPM domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to allow the RPM domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpm_exec" lineno="114">
<summary>
Execute the rpm client in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_use_fds" lineno="133">
<summary>
Inherit and use file descriptors from RPM.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_read_pipes" lineno="151">
<summary>
Read from an unnamed RPM pipe.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_rw_pipes" lineno="169">
<summary>
Read and write an unnamed RPM pipe.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_leaks" lineno="187">
<summary>
dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_dbus_chat" lineno="223">
<summary>
Send and receive messages from
rpm over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_dbus_chat" lineno="244">
<summary>
dontaudit attempts to Send and receive messages from
rpm over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_script_dbus_chat" lineno="265">
<summary>
Send and receive messages from
rpm_script over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_append_log" lineno="286">
<summary>
Allow the specified domain to append
to rpm log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_log" lineno="305">
<summary>
Create, read, write, and delete the RPM log.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_search_log" lineno="324">
<summary>
Search RPM log directory.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_use_script_fds" lineno="342">
<summary>
Inherit and use file descriptors from RPM scripts.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_manage_script_tmp_files" lineno="361">
<summary>
Create, read, write, and delete RPM
script temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_append_tmp" lineno="383">
<summary>
Allow the specified domain to append
to rpm tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_tmp_files" lineno="403">
<summary>
Create, read, write, and delete RPM
temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_script_tmp_files" lineno="425">
<summary>
read, RPM
script temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_db" lineno="444">
<summary>
Read the RPM package database.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_delete_db" lineno="466">
<summary>
Delete the RPM package database.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_manage_db" lineno="484">
<summary>
Create, read, write, and delete the RPM package database.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_read_db" lineno="504">
<summary>
Do not audit attempts to create, read,the RPM package database.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rpm_read_cache" lineno="524">
<summary>
Read the RPM cache.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_manage_cache" lineno="545">
<summary>
Create, read, write, and delete the RPM package database.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_manage_db" lineno="567">
<summary>
Do not audit attempts to create, read,
write, and delete the RPM package database.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="rpm_dontaudit_search_db" lineno="587">
<summary>
Dontaudit search the RPM package database.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_read_pid_files" lineno="605">
<summary>
Read rpm pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_manage_pid_files" lineno="623">
<summary>
Create, read, write, and delete rpm pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_pid_filetrans" lineno="641">
<summary>
Create files in /var/run with the rpm pid file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_transition_script" lineno="659">
<summary>
Allow application to transition to rpm_script domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_signull" lineno="684">
<summary>
Send a null signal to rpm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpm_inherited_fifo" lineno="702">
<summary>
Send a null signal to rpm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sectoolm" filename="policy/modules/admin/sectoolm.if">
<summary>Sectool security audit tool</summary>
</module>
<module name="shorewall" filename="policy/modules/admin/shorewall.if">
<summary>Shoreline Firewall high-level tool for configuring netfilter</summary>
<interface name="shorewall_domtrans" lineno="13">
<summary>
Execute a domain transition to run shorewall.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="shorewall_domtrans_lib" lineno="31">
<summary>
Execute a domain transition to run shorewall.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="shorewall_read_config" lineno="49">
<summary>
Read shorewall etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_read_lib_files" lineno="68">
<summary>
Read shorewall /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_rw_lib_files" lineno="88">
<summary>
Read and write shorewall /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_read_tmp_files" lineno="108">
<summary>
Read shorewall tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shorewall_admin" lineno="134">
<summary>
All of the rules required to administrate
an shorewall environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the syslog domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="shutdown" filename="policy/modules/admin/shutdown.if">
<summary>policy for shutdown</summary>
<interface name="shutdown_domtrans" lineno="13">
<summary>
Execute a domain transition to run shutdown.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="shutdown_run" lineno="43">
<summary>
Execute shutdown in the shutdown domain, and
allow the specified role the shutdown domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the shutdown domain.
</summary>
</param>
</interface>
<interface name="shutdown_role" lineno="67">
<summary>
Role access for shutdown
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="shutdown_send_sigchld" lineno="90">
<summary>
Recieve sigchld from shutdown
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="shutdown_dbus_chat" lineno="109">
<summary>
Send and receive messages from
shutdown over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="shutdown_getattr_exec_files" lineno="129">
<summary>
Get attributes of shutdown executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="smoltclient" filename="policy/modules/admin/smoltclient.if">
<summary>The Fedora hardware profiler client</summary>
</module>
<module name="su" filename="policy/modules/admin/su.if">
<summary>Run shells with substitute user and group</summary>
<template name="su_restricted_domain_template" lineno="31">
<summary>
Restricted su domain template.
</summary>
<desc>
<p>
This template creates a derived domain which is allowed
to change the linux user id, to run shells as a different
user.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
</template>
<template name="su_role_template" lineno="165">
<summary>
The role template for the su module.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="su_exec" lineno="332">
<summary>
Execute su in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sudo" filename="policy/modules/admin/sudo.if">
<summary>Execute a command with a substitute user</summary>
<template name="sudo_role_template" lineno="31">
<summary>
The role template for the sudo module.
</summary>
<desc>
<p>
This template creates a derived domain which is allowed
to change the linux user id, to run commands as a different
user.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The user role.
</summary>
</param>
<param name="user_domain">
<summary>
The user domain associated with the role.
</summary>
</param>
</template>
<interface name="sudo_sigchld" lineno="186">
<summary>
Send a SIGCHLD signal to the sudo domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sudo_exec" lineno="205">
<summary>
Allow execute sudo in called domain.
This interfaces is added for nova-stack policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sxid" filename="policy/modules/admin/sxid.if">
<summary>SUID/SGID program monitoring</summary>
<interface name="sxid_read_log" lineno="15">
<summary>
Allow the specified domain to read
sxid log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="tmpreaper" filename="policy/modules/admin/tmpreaper.if">
<summary>Manage temporary directory sizes and file ages</summary>
<interface name="tmpreaper_exec" lineno="13">
<summary>
Execute tmpreaper in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="tripwire" filename="policy/modules/admin/tripwire.if">
<summary>Tripwire file integrity checker.</summary>
<desc>
<p>
Tripwire file integrity checker.
</p>
<p>
NOTE: Tripwire creates temp file in its current working directory.
This policy does not allow write access to home directories, so
users will need to either cd to a directory where they have write
permission, or set the TEMPDIRECTORY variable in the tripwire config
file. The latter is preferable, as then the file_type_auto_trans
rules will kick in and label the files as private to tripwire.
</p>
</desc>
<interface name="tripwire_domtrans_tripwire" lineno="26">
<summary>
Execute tripwire in the tripwire domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tripwire_run_tripwire" lineno="51">
<summary>
Execute tripwire in the tripwire domain, and
allow the specified role the tripwire domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the tripwire domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tripwire_domtrans_twadmin" lineno="70">
<summary>
Execute twadmin in the twadmin domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tripwire_run_twadmin" lineno="95">
<summary>
Execute twadmin in the twadmin domain, and
allow the specified role the twadmin domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the twadmin domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tripwire_domtrans_twprint" lineno="114">
<summary>
Execute twprint in the twprint domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tripwire_run_twprint" lineno="139">
<summary>
Execute twprint in the twprint domain, and
allow the specified role the twprint domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the twprint domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tripwire_domtrans_siggen" lineno="158">
<summary>
Execute siggen in the siggen domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tripwire_run_siggen" lineno="183">
<summary>
Execute siggen in the siggen domain, and
allow the specified role the siggen domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the siggen domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="tzdata" filename="policy/modules/admin/tzdata.if">
<summary>Time zone updater</summary>
<interface name="tzdata_domtrans" lineno="13">
<summary>
Execute a domain transition to run tzdata.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tzdata_run" lineno="37">
<summary>
Execute the tzdata program in the tzdata domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the tzdata domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="updfstab" filename="policy/modules/admin/updfstab.if">
<summary>Red Hat utility to change /etc/fstab.</summary>
<interface name="updfstab_domtrans" lineno="13">
<summary>
Execute updfstab in the updfstab domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="usbmodules" filename="policy/modules/admin/usbmodules.if">
<summary>List kernel modules of USB devices</summary>
<interface name="usbmodules_domtrans" lineno="13">
<summary>
Execute usbmodules in the usbmodules domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usbmodules_run" lineno="39">
<summary>
Execute usbmodules in the usbmodules domain, and
allow the specified role the usbmodules domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the usbmodules domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="usermanage" filename="policy/modules/admin/usermanage.if">
<summary>Policy for managing user accounts.</summary>
<interface name="usermanage_domtrans_chfn" lineno="13">
<summary>
Execute chfn in the chfn domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="usermanage_run_chfn" lineno="43">
<summary>
Execute chfn in the chfn domain, and
allow the specified role the chfn domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the chfn domain.
</summary>
</param>
</interface>
<interface name="usermanage_domtrans_groupadd" lineno="62">
<summary>
Execute groupadd in the groupadd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="usermanage_access_check_groupadd" lineno="86">
<summary>
Check access to the groupadd executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_run_groupadd" lineno="114">
<summary>
Execute groupadd in the groupadd domain, and
allow the specified role the groupadd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the groupadd domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="usermanage_domtrans_passwd" lineno="137">
<summary>
Execute passwd in the passwd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="usermanage_kill_passwd" lineno="161">
<summary>
Send sigkills to passwd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_run_passwd" lineno="185">
<summary>
Execute passwd in the passwd domain, and
allow the specified role the passwd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the passwd domain.
</summary>
</param>
</interface>
<interface name="usermanage_access_check_passwd" lineno="205">
<summary>
Check access to the passwd executable
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_domtrans_admin_passwd" lineno="225">
<summary>
Execute password admin functions in
the admin passwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_run_admin_passwd" lineno="253">
<summary>
Execute passwd admin functions in the admin
passwd domain, and allow the specified role
the admin passwd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the admin passwd domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="usermanage_dontaudit_use_useradd_fds" lineno="276">
<summary>
Dontaudit attempts to use useradd fds
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="usermanage_domtrans_useradd" lineno="294">
<summary>
Execute useradd in the useradd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="usermanage_run_useradd" lineno="324">
<summary>
Execute useradd in the useradd domain, and
allow the specified role the useradd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the useradd domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="usermanage_access_check_useradd" lineno="352">
<summary>
Check access to the useradd executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usermanage_read_crack_db" lineno="372">
<summary>
Read the crack database.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="vbetool" filename="policy/modules/admin/vbetool.if">
<summary>run real-mode video BIOS code to alter hardware state</summary>
<interface name="vbetool_domtrans" lineno="13">
<summary>
Execute vbetool application in the vbetool domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vbetool_run" lineno="38">
<summary>
Execute vbetool in the vbetool domain, and
allow the specified role the vbetool domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the vbetool domain.
</summary>
</param>
</interface>
<tunable name="vbetool_mmap_zero_ignore" dftval="false">
<desc>
<p>
Ignore vbetool mmap_zero errors.
</p>
</desc>
</tunable>
</module>
<module name="vpn" filename="policy/modules/admin/vpn.if">
<summary>Virtual Private Networking client</summary>
<interface name="vpn_domtrans" lineno="13">
<summary>
Execute VPN clients in the vpnc domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_run" lineno="38">
<summary>
Execute VPN clients in the vpnc domain, and
allow the specified role the vpnc domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the vpnc domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="vpn_kill" lineno="58">
<summary>
Send VPN clients the kill signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_signal" lineno="76">
<summary>
Send generic signals to VPN clients.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_signull" lineno="94">
<summary>
Send signull to VPN clients.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_dbus_chat" lineno="113">
<summary>
Send and receive messages from
Vpnc over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vpn_relabelfrom_tun_socket" lineno="133">
<summary>
Relabelfrom from vpnc socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
</layer>
<layer name="apps">
<summary>Policy modules for applications</summary>
<module name="ada" filename="policy/modules/apps/ada.if">
<summary>GNAT Ada95 compiler</summary>
<interface name="ada_domtrans" lineno="13">
<summary>
Execute the ada program in the ada domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ada_run" lineno="38">
<summary>
Execute ada in the ada domain, and
allow the specified role the ada domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the ada domain.
</summary>
</param>
</interface>
</module>
<module name="authbind" filename="policy/modules/apps/authbind.if">
<summary>Tool for non-root processes to bind to reserved ports</summary>
<interface name="authbind_domtrans" lineno="13">
<summary>
Use authbind to bind to a reserved port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="awstats" filename="policy/modules/apps/awstats.if">
<summary>
AWStats is a free powerful and featureful tool that generates advanced
web, streaming, ftp or mail server statistics, graphically.
</summary>
<interface name="awstats_rw_pipes" lineno="16">
<summary>
Read and write awstats unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="awstats_cgi_exec" lineno="34">
<summary>
Execute awstats cgi scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="awstats_purge_apache_log_files" dftval="false">
<desc>
<p>
Determine whether awstats can
purge httpd log files.
</p>
</desc>
</tunable>
</module>
<module name="calamaris" filename="policy/modules/apps/calamaris.if">
<summary>Squid log analysis</summary>
<interface name="calamaris_read_www_files" lineno="13">
<summary>
Allow domain to read calamaris www files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cdrecord" filename="policy/modules/apps/cdrecord.if">
<summary>Policy for cdrecord</summary>
<interface name="cdrecord_role" lineno="18">
<summary>
Role access for cdrecord
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<tunable name="cdrecord_read_content" dftval="false">
<desc>
<p>
Allow cdrecord to read various content.
nfs, samba, removable devices, user temp
and untrusted content files
</p>
</desc>
</tunable>
</module>
<module name="chrome" filename="policy/modules/apps/chrome.if">
<summary>policy for chrome</summary>
<interface name="chrome_domtrans_sandbox" lineno="13">
<summary>
Execute a domain transition to run chrome_sandbox.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="chrome_run_sandbox" lineno="45">
<summary>
Execute chrome_sandbox in the chrome_sandbox domain, and
allow the specified role the chrome_sandbox domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the chrome_sandbox domain.
</summary>
</param>
</interface>
<interface name="chrome_role_notrans" lineno="71">
<summary>
Role access for chrome sandbox
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="chrome_role" lineno="111">
<summary>
Role access for chrome sandbox
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="chrome_dontaudit_sandbox_leaks" lineno="126">
<summary>
Dontaudit read/write to a chrome_sandbox leaks
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="cpufreqselector" filename="policy/modules/apps/cpufreqselector.if">
<summary>Command-line CPU frequency settings.</summary>
</module>
<module name="ethereal" filename="policy/modules/apps/ethereal.if">
<summary>Ethereal packet capture tool.</summary>
<interface name="ethereal_role" lineno="18">
<summary>
Role access for ethereal
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="ethereal_domtrans" lineno="47">
<summary>
Run ethereal in ethereal domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ethereal_domtrans_tethereal" lineno="65">
<summary>
Run tethereal in the tethereal domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ethereal_run_tethereal" lineno="89">
<summary>
Execute tethereal in the tethereal domain, and
allow the specified role the tethereal domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the tethereal domain.
</summary>
</param>
</interface>
</module>
<module name="evolution" filename="policy/modules/apps/evolution.if">
<summary>Evolution email client</summary>
<interface name="evolution_role" lineno="18">
<summary>
Role access for evolution
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="evolution_home_filetrans" lineno="85">
<summary>
Create objects in users evolution home folders.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
Private file type.
</summary>
</param>
<param name="class">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="evolution_stream_connect" lineno="104">
<summary>
Connect to evolution unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="evolution_dbus_chat" lineno="124">
<summary>
Send and receive messages from
evolution over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="evolution_alarm_dbus_chat" lineno="145">
<summary>
Send and receive messages from
evolution_alarm over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="execmem" filename="policy/modules/apps/execmem.if">
<summary>execmem domain</summary>
<interface name="execmem_exec" lineno="13">
<summary>
Execute the execmem program in the execmem domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="execmem_role_template" lineno="48">
<summary>
The role template for the execmem module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for execmem applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="execmem_domtrans" lineno="107">
<summary>
Execute a execmem_exec file
in the specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="execmem_execmod" lineno="125">
<summary>
Execmod the execmem_exec applications
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="firewallgui" filename="policy/modules/apps/firewallgui.if">
<summary>policy for firewallgui</summary>
<interface name="firewallgui_dbus_chat" lineno="14">
<summary>
Send and receive messages from
firewallgui over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="games" filename="policy/modules/apps/games.if">
<summary>Games</summary>
<interface name="games_role" lineno="18">
<summary>
Role access for games
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="games_rw_data" lineno="45">
<summary>
Allow the specified domain to read/write
games data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="gift" filename="policy/modules/apps/gift.if">
<summary>giFT peer to peer file sharing tool</summary>
<interface name="gift_role" lineno="18">
<summary>
Role access for gift
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
</module>
<module name="gitosis" filename="policy/modules/apps/gitosis.if">
<summary>Tools for managing and hosting git repositories.</summary>
<interface name="gitosis_domtrans" lineno="13">
<summary>
Execute a domain transition to run gitosis.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gitosis_run" lineno="37">
<summary>
Execute gitosis-serve in the gitosis domain, and
allow the specified role the gitosis domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="gitosis_read_lib_files" lineno="57">
<summary>
Allow the specified domain to read
gitosis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gitosis_manage_lib_files" lineno="79">
<summary>
Allow the specified domain to manage
gitosis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="gnome" filename="policy/modules/apps/gnome.if">
<summary>GNU network object model environment (GNOME)</summary>
<interface name="gnome_role" lineno="18">
<summary>
Role access for gnome
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="gnome_stream_connect_gconf" lineno="48">
<summary>
gconf connection template.
</summary>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="gnome_domtrans_gconfd" lineno="67">
<summary>
Run gconfd in gconfd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_dontaudit_search_config" lineno="85">
<summary>
Dontaudit search gnome homedir content (.config)
</summary>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="gnome_manage_config" lineno="103">
<summary>
manage gnome homedir content (.config)
</summary>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="gnome_signal_all" lineno="124">
<summary>
Send general signals to all gconf domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_cache_filetrans" lineno="154">
<summary>
Create objects in a Gnome cache home directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="gnome_read_generic_cache_files" lineno="173">
<summary>
Read generic cache home files (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_setattr_cache_home_dir" lineno="192">
<summary>
Set attributes of cache home dir (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_write_generic_cache_files" lineno="211">
<summary>
write to generic cache home files (.cache)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="gnome_read_config" lineno="230">
<summary>
read gnome homedir content (.config)
</summary>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="gnome_setattr_config_dirs" lineno="250">
<summary>
Set attributes of Gnome config dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_data_filetrans" lineno="281">
<summary>
Create objects in a Gnome gconf home directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="gnome_read_generic_data_home_files" lineno="300">
<summary>
Read generic data home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_admin_home_gconf_filetrans" lineno="323">
<summary>
Create gconf_home_t objects in the /root directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<template name="gnome_read_gconf_config" lineno="341">
<summary>
read gconf config files
</summary>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="gnome_manage_gconf_config" lineno="360">
<summary>
Manage gconf config files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_exec_gconf" lineno="380">
<summary>
Execute gconf programs in
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_gconf_home_files" lineno="398">
<summary>
Read gconf home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_search_gconf" lineno="420">
<summary>
search gconf homedir (.local)
</summary>
<param name="user_domain">
<summary>
The type of the domain.
</summary>
</param>
</interface>
<interface name="gnome_append_gconf_home_files" lineno="439">
<summary>
Append gconf home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_manage_gconf_home_files" lineno="457">
<summary>
manage gconf home files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_stream_connect" lineno="481">
<summary>
Connect to gnome over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<template name="gnome_list_home_config" lineno="500">
<summary>
read gnome homedir content (.config)
</summary>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="gnome_rw_inherited_config" lineno="518">
<summary>
Read/Write all inherited gnome home config
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_read_home_config" lineno="536">
<summary>
read gnome homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnome_dbus_chat_gconfdefault" lineno="556">
<summary>
Send and receive messages from
gconf system service over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="gpg" filename="policy/modules/apps/gpg.if">
<summary>Policy for GNU Privacy Guard and related programs.</summary>
<interface name="gpg_role" lineno="18">
<summary>
Role access for gpg
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="gpg_domtrans" lineno="82">
<summary>
Transition to a user gpg domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_domtrans_web" lineno="100">
<summary>
Transition to a gpg web domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_entry_type" lineno="119">
<summary>
Make gpg an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which cifs_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="gpg_signal" lineno="137">
<summary>
Send generic signals to user gpg processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_agent_rw_named_pipes" lineno="155">
<summary>
Read and write GPG named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_pinentry_dbus_chat" lineno="175">
<summary>
Send messages to and from GPG
Pinentry over DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpg_list_user_content_dirs" lineno="197">
<summary>
List Gnu Privacy Guard user
content dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="gpg_agent_env_file" dftval="false">
<desc>
<p>
Allow usage of the gpg-agent --write-env-file option.
This also allows gpg-agent to manage user files.
</p>
</desc>
</tunable>
<tunable name="gpg_web_anon_write" dftval="false">
<desc>
<p>
Allow gpg web domain to modify public files
used for public file transfer services.
</p>
</desc>
</tunable>
</module>
<module name="irc" filename="policy/modules/apps/irc.if">
<summary>IRC client policy</summary>
<interface name="irc_role" lineno="18">
<summary>
Role access for IRC
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<tunable name="irssi_use_full_network" dftval="false">
<desc>
<p>
Allow the Irssi IRC Client to connect to any port,
and to bind to any unreserved port.
</p>
</desc>
</tunable>
</module>
<module name="java" filename="policy/modules/apps/java.if">
<summary>Java virtual machine</summary>
<interface name="java_role" lineno="18">
<summary>
Role access for java
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<template name="java_role_template" lineno="63">
<summary>
The role template for the java module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for java applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<template name="java_domtrans" lineno="109">
<summary>
Run java in javaplugin domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<interface name="java_run" lineno="133">
<summary>
Execute java in the java domain, and
allow the specified role the java domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the java domain.
</summary>
</param>
</interface>
<interface name="java_domtrans_unconfined" lineno="152">
<summary>
Execute the java program in the unconfined java domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="java_run_unconfined" lineno="176">
<summary>
Execute the java program in the unconfined java domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<interface name="java_rw_shared_mem_unconfined" lineno="197">
<summary>
Allow read and write access to unconfined java shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="java_exec" lineno="215">
<summary>
Execute the java program in the java domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_java_execstack" dftval="false">
<desc>
<p>
Allow java executable stack
</p>
</desc>
</tunable>
</module>
<module name="kdumpgui" filename="policy/modules/apps/kdumpgui.if">
<summary>system-config-kdump policy</summary>
<tunable name="kdumpgui_run_bootloader" dftval="false">
<desc>
<p>
Allow s-c-kdump to run bootloader in bootloader_t.
</p>
</desc>
</tunable>
</module>
<module name="livecd" filename="policy/modules/apps/livecd.if">
<summary>policy for livecd</summary>
<interface name="livecd_domtrans" lineno="13">
<summary>
Execute a domain transition to run livecd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="livecd_run" lineno="38">
<summary>
Execute livecd in the livecd domain, and
allow the specified role the livecd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the livecd domain.
</summary>
</param>
</interface>
<interface name="livecd_dontaudit_leaks" lineno="63">
<summary>
Dontaudit read/write to a livecd leaks
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="livecd_read_tmp_files" lineno="81">
<summary>
Read livecd temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="livecd_rw_tmp_files" lineno="100">
<summary>
Read and write livecd temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="livecd_rw_semaphores" lineno="119">
<summary>
Allow read and write access to livecd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="loadkeys" filename="policy/modules/apps/loadkeys.if">
<summary>Load keyboard mappings.</summary>
<interface name="loadkeys_domtrans" lineno="13">
<summary>
Execute the loadkeys program in the loadkeys domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="loadkeys_run" lineno="41">
<summary>
Execute the loadkeys program in the loadkeys domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to allow the loadkeys domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="loadkeys_exec" lineno="60">
<summary>
Execute the loadkeys program in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="lockdev" filename="policy/modules/apps/lockdev.if">
<summary>device locking policy for lockdev</summary>
<interface name="lockdev_role" lineno="18">
<summary>
Role access for lockdev
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
</module>
<module name="mediawiki" filename="policy/modules/apps/mediawiki.if">
<summary>Mediawiki policy</summary>
<interface name="mediawiki_read_tmp_files" lineno="14">
<summary>
Allow the specified domain to read
mediawiki tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mediawiki_delete_tmp_files" lineno="34">
<summary>
Delete mediawiki tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mono" filename="policy/modules/apps/mono.if">
<summary>Run .NET server and client applications on Linux.</summary>
<template name="mono_role_template" lineno="30">
<summary>
The role template for the mono module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for mono applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="mono_domtrans" lineno="72">
<summary>
Execute the mono program in the mono domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mono_run" lineno="97">
<summary>
Execute mono in the mono domain, and
allow the specified role the mono domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the mono domain.
</summary>
</param>
</interface>
<interface name="mono_exec" lineno="116">
<summary>
Execute the mono program in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mono_rw_shm" lineno="135">
<summary>
Read and write to mono shared memory.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="mozilla" filename="policy/modules/apps/mozilla.if">
<summary>Policy for Mozilla and related web browsers</summary>
<interface name="mozilla_role" lineno="18">
<summary>
Role access for mozilla
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="mozilla_read_user_home_files" lineno="73">
<summary>
Read mozilla home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_write_user_home_files" lineno="94">
<summary>
Write mozilla home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_dontaudit_rw_user_home_files" lineno="113">
<summary>
Dontaudit attempts to read/write mozilla home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_dontaudit_manage_user_home_files" lineno="131">
<summary>
Dontaudit attempts to write mozilla home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_domtrans" lineno="150">
<summary>
Run mozilla in the mozilla domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_dbus_chat" lineno="169">
<summary>
Send and receive messages from
mozilla over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_execmod_user_home_files" lineno="189">
<summary>
Write mozilla home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_exec_domtrans" lineno="224">
<summary>
Execute mozilla_exec_t
in the specified domain.
</summary>
<desc>
<p>
Execute a mozilla_exec_t
in the specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="mozilla_domtrans_plugin" lineno="243">
<summary>
Execute a domain transition to run mozilla_plugin.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_run_plugin" lineno="278">
<summary>
Execute mozilla_plugin in the mozilla_plugin domain, and
allow the specified role the mozilla_plugin domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the mozilla_plugin domain.
</summary>
</param>
</interface>
<interface name="mozilla_role_plugin" lineno="298">
<summary>
Execute qemu unconfined programs in the role.
</summary>
<param name="role">
<summary>
The role to allow the mozilla_plugin domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mozilla_rw_tcp_sockets" lineno="316">
<summary>
read/write mozilla per user tcp_socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mozilla_plugin_read_tmpfs_files" lineno="334">
<summary>
Read mozilla_plugin tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="mozilla_plugin_delete_tmpfs_files" lineno="352">
<summary>
Delete mozilla_plugin tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="mozilla_plugin_dontaudit_leaks" lineno="370">
<summary>
Dontaudit read/write to a mozilla_plugin leaks
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mozilla_exec_user_home_files" lineno="388">
<summary>
Execute mozilla home directory content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="mozilla_read_content" dftval="false">
<desc>
<p>
Control mozilla content access
</p>
</desc>
</tunable>
</module>
<module name="mplayer" filename="policy/modules/apps/mplayer.if">
<summary>Mplayer media player and encoder</summary>
<interface name="mplayer_role" lineno="18">
<summary>
Role access for mplayer
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="mplayer_domtrans" lineno="60">
<summary>
Run mplayer in mplayer domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mplayer_exec" lineno="79">
<summary>
Execute mplayer in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mplayer_read_user_home_files" lineno="97">
<summary>
Read mplayer per user homedir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mplayer_exec_domtrans" lineno="133">
<summary>
Execute mplayer_exec_t
in the specified domain.
</summary>
<desc>
<p>
Execute a mplayer_exec_t
in the specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<tunable name="allow_mplayer_execstack" dftval="false">
<desc>
<p>
Allow mplayer executable stack
</p>
</desc>
</tunable>
</module>
<module name="namespace" filename="policy/modules/apps/namespace.if">
<summary>policy for namespace</summary>
<interface name="namespace_init_domtrans" lineno="13">
<summary>
Execute a domain transition to run namespace_init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="namespace_init_run" lineno="38">
<summary>
Execute namespace_init in the namespace_init domain, and
allow the specified role the namespace_init domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the namespace_init domain.
</summary>
</param>
</interface>
</module>
<module name="nsplugin" filename="policy/modules/apps/nsplugin.if">
<summary>policy for nsplugin</summary>
<interface name="nsplugin_manage_rw_files" lineno="14">
<summary>
Create, read, write, and delete
nsplugin rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsplugin_manage_rw" lineno="33">
<summary>
Manage nsplugin rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsplugin_role_notrans" lineno="69">
<summary>
The per role template for the nsplugin module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for nsplugin web browser.
</p>
<p>
This template is invoked automatically for each user, and
generally does not need to be invoked directly
by policy writers.
</p>
</desc>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="nsplugin_role" lineno="142">
<summary>
Role access for nsplugin
</summary>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="nsplugin_domtrans" lineno="167">
<summary>
The per role template for the nsplugin module.
</summary>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="nsplugin_domtrans_config" lineno="187">
<summary>
The per role template for the nsplugin module.
</summary>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="nsplugin_search_rw_dir" lineno="206">
<summary>
Search nsplugin rw directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsplugin_read_rw_files" lineno="224">
<summary>
Read nsplugin rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsplugin_read_home" lineno="244">
<summary>
Read nsplugin home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsplugin_rw_exec" lineno="264">
<summary>
Exec nsplugin rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsplugin_manage_home_files" lineno="283">
<summary>
Create, read, write, and delete
nsplugin home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsplugin_manage_home_dirs" lineno="301">
<summary>
manage nnsplugin home dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsplugin_rw_pipes" lineno="320">
<summary>
Allow attempts to read and write to
nsplugin named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="nsplugin_rw_shm" lineno="338">
<summary>
Read and write to nsplugin shared memory.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="nsplugin_rw_semaphores" lineno="356">
<summary>
Allow read and write access to nsplugin semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsplugin_exec_domtrans" lineno="391">
<summary>
Execute nsplugin_exec_t
in the specified domain.
</summary>
<desc>
<p>
Execute a nsplugin_exec_t
in the specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="nsplugin_user_home_dir_filetrans" lineno="417">
<summary>
Create objects in a user home directory
with an automatic type transition to
the nsplugin home file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="nsplugin_user_home_filetrans" lineno="442">
<summary>
Create objects in a user home directory
with an automatic type transition to
the nsplugin home file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="nsplugin_signull" lineno="461">
<summary>
Send signull signal to nsplugin
processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsplugin_signal" lineno="479">
<summary>
Send generic signals to user nsplugin processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_nsplugin_execmem" dftval="false">
<desc>
<p>
Allow nsplugin code to execmem/execstack
</p>
</desc>
</tunable>
<tunable name="nsplugin_can_network" dftval="true">
<desc>
<p>
Allow nsplugin code to connect to unreserved ports
</p>
</desc>
</tunable>
</module>
<module name="openoffice" filename="policy/modules/apps/openoffice.if">
<summary>Openoffice</summary>
<interface name="openoffice_plugin_role" lineno="13">
<summary>
The per role template for the openoffice module.
</summary>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="openoffice_role_template" lineno="55">
<summary>
role for openoffice
</summary>
<desc>
<p>
This template creates a derived domains which are used
for java applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="openoffice_exec_domtrans" lineno="117">
<summary>
Execute openoffice_exec_t
in the specified domain.
</summary>
<desc>
<p>
Execute a openoffice_exec_t
in the specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
</module>
<module name="podsleuth" filename="policy/modules/apps/podsleuth.if">
<summary>Podsleuth is a tool to get information about an Apple (TM) iPod (TM)</summary>
<interface name="podsleuth_domtrans" lineno="13">
<summary>
Execute a domain transition to run podsleuth.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="podsleuth_run" lineno="38">
<summary>
Execute podsleuth in the podsleuth domain, and
allow the specified role the podsleuth domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the podsleuth domain.
</summary>
</param>
</interface>
</module>
<module name="ptchown" filename="policy/modules/apps/ptchown.if">
<summary>helper function for grantpt(3), changes ownship and permissions of pseudotty</summary>
<interface name="ptchown_domtrans" lineno="13">
<summary>
Execute a domain transition to run ptchown.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ptchown_run" lineno="37">
<summary>
Execute ptchown in the ptchown domain, and
allow the specified role the ptchown domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the ptchown domain.
</summary>
</param>
</interface>
</module>
<module name="pulseaudio" filename="policy/modules/apps/pulseaudio.if">
<summary>Pulseaudio network sound server.</summary>
<interface name="pulseaudio_role" lineno="18">
<summary>
Role access for pulseaudio
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="pulseaudio_domtrans" lineno="56">
<summary>
Execute a domain transition to run pulseaudio.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pulseaudio_run" lineno="80">
<summary>
Execute pulseaudio in the pulseaudio domain, and
allow the specified role the pulseaudio domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the pulseaudio domain.
</summary>
</param>
</interface>
<interface name="pulseaudio_exec" lineno="99">
<summary>
Execute a pulseaudio in the current domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pulseaudio_dontaudit_exec" lineno="117">
<summary>
dontaudit attempts to execute a pulseaudio in the current domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pulseaudio_stream_connect" lineno="136">
<summary>
Connect to pulseaudio over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_dbus_chat" lineno="158">
<summary>
Send and receive messages from
pulseaudio over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_setattr_home_dir" lineno="178">
<summary>
Set the attributes of the pulseaudio homedir.
</summary>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_read_home_files" lineno="196">
<summary>
Read pulseaudio homedir files.
</summary>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_rw_home_files" lineno="215">
<summary>
Read and write Pulse Audio files.
</summary>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_manage_home_files" lineno="235">
<summary>
Create, read, write, and delete pulseaudio
home directory files.
</summary>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_signull" lineno="256">
<summary>
Send signull signal to pulseaudio
processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pulseaudio_manage_home_symlinks" lineno="275">
<summary>
Create, read, write, and delete pulseaudio
home directory symlinks.
</summary>
<param name="user_domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="qemu" filename="policy/modules/apps/qemu.if">
<summary>QEMU machine emulator and virtualizer</summary>
<template name="qemu_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
qemu process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<template name="qemu_role" lineno="127">
<summary>
The per role template for the qemu module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for qemu web browser.
</p>
<p>
This template is invoked automatically for each user, and
generally does not need to be invoked directly
by policy writers.
</p>
</desc>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="qemu_domtrans" lineno="150">
<summary>
Execute a domain transition to run qemu.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qemu_exec" lineno="168">
<summary>
Execute a qemu in the callers domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_run" lineno="192">
<summary>
Execute qemu in the qemu domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the qemu domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="qemu_read_state" lineno="211">
<summary>
Allow the domain to read state files in /proc.
</summary>
<param name="domain">
<summary>
Domain to allow access.
</summary>
</param>
</interface>
<interface name="qemu_setsched" lineno="229">
<summary>
Set the schedule on qemu.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_signal" lineno="247">
<summary>
Send a signal to qemu.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_kill" lineno="265">
<summary>
Send a sigill to qemu
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_spec_domtrans" lineno="300">
<summary>
Execute qemu_exec_t
in the specified domain but do not
do it automatically. This is an explicit
transition, requiring the caller to use setexeccon().
</summary>
<desc>
<p>
Execute qemu_exec_t
in the specified domain. This allows
the specified domain to qemu programs
on these filesystems in the specified
domain.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="qemu_manage_tmp_dirs" lineno="325">
<summary>
Manage qemu temporary dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_manage_tmp_files" lineno="343">
<summary>
Manage qemu temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qemu_entry_type" lineno="362">
<summary>
Make qemu_exec_t an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which qemu_exec_t is an entrypoint.
</summary>
</param>
</interface>
<tunable name="qemu_full_network" dftval="false">
<desc>
<p>
Allow qemu to connect fully to the network
</p>
</desc>
</tunable>
<tunable name="qemu_use_cifs" dftval="true">
<desc>
<p>
Allow qemu to use cifs/Samba file systems
</p>
</desc>
</tunable>
<tunable name="qemu_use_comm" dftval="false">
<desc>
<p>
Allow qemu to user serial/parallel communication ports
</p>
</desc>
</tunable>
<tunable name="qemu_use_nfs" dftval="true">
<desc>
<p>
Allow qemu to use nfs file systems
</p>
</desc>
</tunable>
<tunable name="qemu_use_usb" dftval="true">
<desc>
<p>
Allow qemu to use usb devices
</p>
</desc>
</tunable>
</module>
<module name="rssh" filename="policy/modules/apps/rssh.if">
<summary>Restricted (scp/sftp) only shell</summary>
<interface name="rssh_role" lineno="18">
<summary>
Role access for rssh
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="rssh_spec_domtrans" lineno="40">
<summary>
Transition to all user rssh domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rssh_exec" lineno="59">
<summary>
Execute the rssh program
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rssh_read_ro_content" lineno="77">
<summary>
Read all users rssh read-only content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sambagui" filename="policy/modules/apps/sambagui.if">
<summary>system-config-samba policy</summary>
</module>
<module name="sandbox" filename="policy/modules/apps/sandbox.if">
<summary>policy for sandbox</summary>
<interface name="sandbox_transition" lineno="19">
<summary>
Execute sandbox in the sandbox domain, and
allow the specified role the sandbox domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the sandbox domain.
</summary>
</param>
</interface>
<template name="sandbox_domain_template" lineno="81">
<summary>
Creates types and rules for a basic
sandbox process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<template name="sandbox_x_domain_template" lineno="107">
<summary>
Creates types and rules for a basic
sandbox process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="sandbox_rw_xserver_tmpfs_files" lineno="169">
<summary>
allow domain to read,
write sandbox_xserver tmp files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_read_tmpfs_files" lineno="188">
<summary>
allow domain to read
sandbox tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_manage_tmpfs_files" lineno="207">
<summary>
allow domain to manage
sandbox tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_delete_files" lineno="225">
<summary>
Delete sandbox files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_delete_sock_files" lineno="243">
<summary>
Delete sandbox sock files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_setattr_dirs" lineno="262">
<summary>
Allow domain to set the attributes
of the sandbox directory.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_delete_dirs" lineno="280">
<summary>
allow domain to delete sandbox files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_list" lineno="298">
<summary>
allow domain to list sandbox dirs
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="sandbox_use_ptys" lineno="316">
<summary>
Read and write a sandbox domain pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="screen" filename="policy/modules/apps/screen.if">
<summary>GNU terminal multiplexer</summary>
<template name="screen_role_template" lineno="24">
<summary>
The role template for the screen module.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="screen_exec" lineno="176">
<summary>
Execute the rssh program
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="seunshare" filename="policy/modules/apps/seunshare.if">
<summary>Filesystem namespacing/polyinstantiation application.</summary>
<interface name="seunshare_role_template" lineno="24">
<summary>
The role template for the seunshare module.
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</interface>
</module>
<module name="slocate" filename="policy/modules/apps/slocate.if">
<summary>Update database for mlocate</summary>
<interface name="slocate_create_append_log" lineno="13">
<summary>
Create the locate log with append mode.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locate_read_lib_files" lineno="33">
<summary>
Read locate lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="telepathy" filename="policy/modules/apps/telepathy.if">
<summary>Telepathy framework.</summary>
<template name="telepathy_domain_template" lineno="15">
<summary>
Creates basic types for telepathy
domain
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<template name="telepathy_dbus_session_role" lineno="48">
<summary>
Role access for telepathy domains
</summary>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="telepathy_dbus_chat" lineno="96">
<summary>
Send DBus messages to and from
all Telepathy domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_gabble_dbus_chat" lineno="117">
<summary>
Send DBus messages to and from
Telepathy Gabble.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_gabble_stream_connect" lineno="137">
<summary>
Stream connect to Telepathy Gabble
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_msn_stream_connect" lineno="156">
<summary>
Stream connect to telepathy MSN managers
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="telepathy_salut_stream_connect" lineno="176">
<summary>
Stream connect to Telepathy Salut
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="telepathy_tcp_connect_generic_network_ports" dftval="false">
<desc>
<p>
Allow the Telepathy connection managers
to connect to any generic TCP port.
</p>
</desc>
</tunable>
</module>
<module name="thunderbird" filename="policy/modules/apps/thunderbird.if">
<summary>Thunderbird email client</summary>
<interface name="thunderbird_role" lineno="18">
<summary>
Role access for thunderbird
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="thunderbird_domtrans" lineno="57">
<summary>
Run thunderbird in the user thunderbird domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="tvtime" filename="policy/modules/apps/tvtime.if">
<summary> tvtime - a high quality television application </summary>
<interface name="tvtime_role" lineno="18">
<summary>
Role access for tvtime
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
</module>
<module name="uml" filename="policy/modules/apps/uml.if">
<summary>Policy for UML</summary>
<interface name="uml_role" lineno="18">
<summary>
Role access for uml
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="uml_setattr_util_sockets" lineno="74">
<summary>
Set attributes on uml utility socket files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uml_manage_util_files" lineno="92">
<summary>
Manage uml utility files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="userhelper" filename="policy/modules/apps/userhelper.if">
<summary>SELinux utility to run a shell with a new role</summary>
<template name="userhelper_role_template" lineno="24">
<summary>
The role template for the userhelper module.
</summary>
<param name="userrole_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="user_role">
<summary>
The user role.
</summary>
</param>
<param name="user_domain">
<summary>
The user domain associated with the role.
</summary>
</param>
</template>
<interface name="userhelper_search_config" lineno="184">
<summary>
Search the userhelper configuration directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userhelper_dontaudit_search_config" lineno="203">
<summary>
Do not audit attempts to search
the userhelper configuration directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userhelper_use_fd" lineno="221">
<summary>
Allow domain to use userhelper file descriptor.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userhelper_sigchld" lineno="239">
<summary>
Allow domain to send sigchld to userhelper.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userhelper_exec" lineno="257">
<summary>
Execute the userhelper program in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<template name="userhelper_console_role_template" lineno="292">
<summary>
The role template for the consolehelper module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for consolehelper applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
</module>
<module name="usernetctl" filename="policy/modules/apps/usernetctl.if">
<summary>User network interface configuration helper</summary>
<interface name="usernetctl_domtrans" lineno="13">
<summary>
Execute usernetctl in the usernetctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="usernetctl_run" lineno="38">
<summary>
Execute usernetctl in the usernetctl domain, and
allow the specified role the usernetctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the usernetctl domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="vmware" filename="policy/modules/apps/vmware.if">
<summary>VMWare Workstation virtual machines</summary>
<interface name="vmware_role" lineno="18">
<summary>
Role access for vmware
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="vmware_read_system_config" lineno="43">
<summary>
Read VMWare system configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vmware_append_system_config" lineno="61">
<summary>
Append to VMWare system configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vmware_append_log" lineno="79">
<summary>
Append to VMWare log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vmware_exec_host" lineno="98">
<summary>
Execute vmware host executables
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="webalizer" filename="policy/modules/apps/webalizer.if">
<summary>Web server log analysis</summary>
<interface name="webalizer_domtrans" lineno="13">
<summary>
Execute webalizer in the webalizer domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="webalizer_run" lineno="38">
<summary>
Execute webalizer in the webalizer domain, and
allow the specified role the webalizer domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the webalizer domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="wine" filename="policy/modules/apps/wine.if">
<summary>Wine Is Not an Emulator. Run Windows programs in Linux.</summary>
<template name="wine_role" lineno="24">
<summary>
The per role template for the wine module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for wine applications.
</p>
</desc>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<template name="wine_role_template" lineno="83">
<summary>
The role template for the wine module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for wine applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="wine_domtrans" lineno="126">
<summary>
Execute the wine program in the wine domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wine_run" lineno="151">
<summary>
Execute wine in the wine domain, and
allow the specified role the wine domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the wine domain.
</summary>
</param>
</interface>
<tunable name="wine_mmap_zero_ignore" dftval="false">
<desc>
<p>
Ignore wine mmap_zero errors
</p>
</desc>
</tunable>
</module>
<module name="wireshark" filename="policy/modules/apps/wireshark.if">
<summary>Wireshark packet capture tool.</summary>
<interface name="wireshark_role" lineno="18">
<summary>
Role access for wireshark
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="wireshark_domtrans" lineno="49">
<summary>
Run wireshark in wireshark domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="wm" filename="policy/modules/apps/wm.if">
<summary>X Window Managers</summary>
<template name="wm_role_template" lineno="30">
<summary>
The role template for the wm module.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for window manager applications.
</p>
</desc>
<param name="role_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</template>
<interface name="wm_exec" lineno="86">
<summary>
Execute the wm program in the wm domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="xscreensaver" filename="policy/modules/apps/xscreensaver.if">
<summary>X Screensaver</summary>
<interface name="xscreensaver_role" lineno="18">
<summary>
Role access for xscreensaver
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
</module>
<module name="yam" filename="policy/modules/apps/yam.if">
<summary>Yum/Apt Mirroring</summary>
<interface name="yam_domtrans" lineno="13">
<summary>
Execute yam in the yam domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="yam_run" lineno="39">
<summary>
Execute yam in the yam domain, and
allow the specified role the yam domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the yam domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="yam_read_content" lineno="58">
<summary>
Read yam content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
</layer>
<layer name="kernel">
<summary>Policy modules for kernel resources.</summary>
<module name="corecommands" filename="policy/modules/kernel/corecommands.if">
<summary>
Core policy for shells, and generic programs
in /bin, /sbin, /usr/bin, and /usr/sbin.
</summary>
<required val="true">
Contains the base bin and sbin directory types
which need to be searched for the kernel to
run init.
</required>
<interface name="corecmd_executable_file" lineno="23">
<summary>
Make the specified type usable for files
that are exectuables, such as binary programs.
This does not include shared libraries.
</summary>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
</interface>
<interface name="corecmd_bin_alias" lineno="53">
<summary>
Create a aliased type to generic bin files. (Deprecated)
</summary>
<desc>
<p>
Create a aliased type to generic bin files. (Deprecated)
</p>
<p>
This is added to support targeted policy. Its
use should be limited. It has no effect
on the strict policy.
</p>
</desc>
<param name="domain">
<summary>
Alias type for bin_t.
</summary>
</param>
</interface>
<interface name="corecmd_bin_entry_type" lineno="68">
<summary>
Make general progams in bin an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which bin_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="corecmd_sbin_entry_type" lineno="87">
<summary>
Make general progams in sbin an entrypoint for
the specified domain. (Deprecated)
</summary>
<param name="domain">
<summary>
The domain for which sbin programs are an entrypoint.
</summary>
</param>
</interface>
<interface name="corecmd_shell_entry_type" lineno="102">
<summary>
Make the shell an entrypoint for the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which the shell is an entrypoint.
</summary>
</param>
</interface>
<interface name="corecmd_search_bin" lineno="120">
<summary>
Search the contents of bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_search_bin" lineno="138">
<summary>
Do not audit attempts to search the contents of bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_list_bin" lineno="156">
<summary>
List the contents of bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_write_bin_dirs" lineno="174">
<summary>
Do not auidt attempts to write bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_write_bin_files" lineno="192">
<summary>
Do not audit attempts to write bin files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_getattr_bin_files" lineno="210">
<summary>
Get the attributes of files in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_getattr_bin_files" lineno="228">
<summary>
Get the attributes of files in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_bin_files" lineno="247">
<summary>
Read files in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_bin_symlinks" lineno="265">
<summary>
Read symbolic links in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_bin_pipes" lineno="283">
<summary>
Read pipes in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_bin_sockets" lineno="301">
<summary>
Read named sockets in bin directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_exec_bin" lineno="340">
<summary>
Execute generic programs in bin directories,
in the caller domain.
</summary>
<desc>
<p>
Allow the specified domain to execute generic programs
in system bin directories (/bin, /sbin, /usr/bin,
/usr/sbin) a without domain transition.
</p>
<p>
Typically, this interface should be used when the domain
executes general system progams within the privileges
of the source domain. Some examples of these programs
are ls, cp, sed, python, and tar. This does not include
shells, such as bash.
</p>
<p>
Related interface:
</p>
<ul>
<li>corecmd_exec_shell()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_manage_bin_files" lineno="360">
<summary>
Create, read, write, and delete bin files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_relabel_bin_files" lineno="378">
<summary>
Relabel to and from the bin type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_mmap_bin_files" lineno="396">
<summary>
Mmap a bin file as executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_bin_spec_domtrans" lineno="440">
<summary>
Execute a file in a bin directory
in the specified domain but do not
do it automatically. This is an explicit
transition, requiring the caller to use setexeccon().
</summary>
<desc>
<p>
Execute a file in a bin directory
in the specified domain. This allows
the specified domain to execute any file
on these filesystems in the specified
domain. This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
the userhelper policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="corecmd_bin_domtrans" lineno="483">
<summary>
Execute a file in a bin directory
in the specified domain.
</summary>
<desc>
<p>
Execute a file in a bin directory
in the specified domain. This allows
the specified domain to execute any file
on these filesystems in the specified
domain. This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="corecmd_search_sbin" lineno="502">
<summary>
Search the contents of sbin directories. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_search_sbin" lineno="518">
<summary>
Do not audit attempts to search
sbin directories. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_list_sbin" lineno="533">
<summary>
List the contents of sbin directories. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_write_sbin_dirs" lineno="549">
<summary>
Do not audit attempts to write
sbin directories. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_getattr_sbin_files" lineno="564">
<summary>
Get the attributes of sbin files. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_dontaudit_getattr_sbin_files" lineno="580">
<summary>
Do not audit attempts to get the attibutes
of sbin files. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corecmd_read_sbin_files" lineno="595">
<summary>
Read files in sbin directories. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_sbin_symlinks" lineno="610">
<summary>
Read symbolic links in sbin directories. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_sbin_pipes" lineno="625">
<summary>
Read named pipes in sbin directories. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_read_sbin_sockets" lineno="640">
<summary>
Read named sockets in sbin directories. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_exec_sbin" lineno="656">
<summary>
Execute generic programs in sbin directories,
in the caller domain. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_manage_sbin_files" lineno="672">
<summary>
Create, read, write, and delete sbin files. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_relabel_sbin_files" lineno="688">
<summary>
Relabel to and from the sbin type. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_mmap_sbin_files" lineno="704">
<summary>
Mmap a sbin file as executable. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_sbin_domtrans" lineno="743">
<summary>
Execute a file in a sbin directory
in the specified domain. (Deprecated)
</summary>
<desc>
<p>
Execute a file in a sbin directory
in the specified domain. This allows
the specified domain to execute any file
on these filesystems in the specified
domain. This is not suggested. (Deprecated)
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="corecmd_sbin_spec_domtrans" lineno="784">
<summary>
Execute a file in a sbin directory
in the specified domain but do not
do it automatically. This is an explicit
transition, requiring the caller to use setexeccon(). (Deprecated)
</summary>
<desc>
<p>
Execute a file in a sbin directory
in the specified domain. This allows
the specified domain to execute any file
on these filesystems in the specified
domain. This is not suggested. (Deprecated)
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
the userhelper policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="corecmd_check_exec_shell" lineno="799">
<summary>
Check if a shell is executable (DAC-wise).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_exec_shell" lineno="837">
<summary>
Execute shells in the caller domain.
</summary>
<desc>
<p>
Allow the specified domain to execute shells without
a domain transition.
</p>
<p>
Typically, this interface should be used when the domain
executes shells within the privileges
of the source domain. Some examples of these programs
are bash, tcsh, and zsh.
</p>
<p>
Related interface:
</p>
<ul>
<li>corecmd_exec_bin()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_exec_ls" lineno="857">
<summary>
Execute ls in the caller domain. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_shell_spec_domtrans" lineno="891">
<summary>
Execute a shell in the target domain. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<desc>
<p>
Execute a shell in the target domain. This
is an explicit transition, requiring the
caller to use setexeccon().
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the shell process.
</summary>
</param>
</interface>
<interface name="corecmd_shell_domtrans" lineno="926">
<summary>
Execute a shell in the specified domain.
</summary>
<desc>
<p>
Execute a shell in the specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the shell process.
</summary>
</param>
</interface>
<interface name="corecmd_exec_chroot" lineno="945">
<summary>
Execute chroot in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_getattr_all_executables" lineno="966">
<summary>
Get the attributes of all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_read_all_executables" lineno="987">
<summary>
Read all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_exec_all_executables" lineno="1006">
<summary>
Execute all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_dontaudit_exec_all_executables" lineno="1027">
<summary>
Do not audit attempts to execute all executables.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corecmd_manage_all_executables" lineno="1046">
<summary>
Create, read, write, and all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_relabel_all_executables" lineno="1068">
<summary>
Relabel to and from the bin type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="corecmd_mmap_all_executables" lineno="1087">
<summary>
Mmap all executables as executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="corenetwork" filename="policy/modules/kernel/corenetwork.if">
<summary>Policy controlling access to network objects</summary>
<required val="true">
Contains the initial SIDs for network objects.
</required>
<interface name="corenet_packet" lineno="29">
<summary>
Define type to be a network packet type
</summary>
<desc>
<p>
Define type to be a network packet type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for a network packet.
</summary>
</param>
</interface>
<interface name="corenet_port" lineno="56">
<summary>
Define type to be a network port type
</summary>
<desc>
<p>
Define type to be a network port type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for network ports.
</summary>
</param>
</interface>
<interface name="corenet_reserved_port" lineno="83">
<summary>
Define network type to be a reserved port (lt 1024)
</summary>
<desc>
<p>
Define network type to be a reserved port (lt 1024)
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for network ports.
</summary>
</param>
</interface>
<interface name="corenet_rpc_port" lineno="110">
<summary>
Define network type to be a rpc port ( 512 lt PORT lt 1024)
</summary>
<desc>
<p>
Define network type to be a rpc port ( 512 lt PORT lt 1024)
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for network ports.
</summary>
</param>
</interface>
<interface name="corenet_client_packet" lineno="137">
<summary>
Define type to be a network client packet type
</summary>
<desc>
<p>
Define type to be a network client packet type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for a network client packet.
</summary>
</param>
</interface>
<interface name="corenet_server_packet" lineno="164">
<summary>
Define type to be a network server packet type
</summary>
<desc>
<p>
Define type to be a network server packet type
</p>
<p>
This is for supporting third party modules and its
use is not allowed in upstream reference policy.
</p>
</desc>
<param name="domain">
<summary>
Type to be used for a network server packet.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_generic_if" lineno="210">
<summary>
Send and receive TCP network traffic on generic interfaces.
</summary>
<desc>
<p>
Allow the specified domain to send and receive TCP network
traffic on generic network interfaces.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_node()</li>
<li>corenet_tcp_sendrecv_all_ports()</li>
<li>corenet_tcp_connect_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_tcp_sendrecv_loopback_if" lineno="227">
<summary>
Send and receive TCP network traffic on loopback interface.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_generic_if" lineno="246">
<summary>
Send UDP network traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_send_generic_if" lineno="265">
<summary>
Dontaudit attempts to send UDP network traffic
on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_generic_if" lineno="283">
<summary>
Receive UDP network traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_receive_generic_if" lineno="302">
<summary>
Do not audit attempts to receive UDP network
traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_generic_if" lineno="346">
<summary>
Send and receive UDP network traffic on generic interfaces.
</summary>
<desc>
<p>
Allow the specified domain to send and receive UDP network
traffic on generic network interfaces.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_udp_sendrecv_generic_node()</li>
<li>corenet_udp_sendrecv_all_ports()</li>
</ul>
<p>
Example client being able to send to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:udp_socket create_socket_perms;
corenet_udp_sendrecv_generic_if(myclient_t)
corenet_udp_sendrecv_generic_node(myclient_t)
corenet_udp_sendrecv_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_generic_if" lineno="362">
<summary>
Do not audit attempts to send and receive UDP network
traffic on generic interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_raw_send_generic_if" lineno="377">
<summary>
Send raw IP packets on generic interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_generic_if" lineno="395">
<summary>
Receive raw IP packets on generic interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_generic_if" lineno="413">
<summary>
Send and receive raw IP packets on generic interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_out_generic_if" lineno="429">
<summary>
Allow outgoing network traffic on the generic interfaces.
</summary>
<param name="domain">
<summary>
The peer label of the outgoing network traffic.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_in_generic_if" lineno="448">
<summary>
Allow incoming traffic on the generic interfaces.
</summary>
<param name="domain">
<summary>
The peer label of the incoming network traffic.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_inout_generic_if" lineno="467">
<summary>
Allow incoming and outgoing network traffic on the generic interfaces.
</summary>
<param name="domain">
<summary>
The peer label of the network traffic.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_tcp_sendrecv_all_if" lineno="482">
<summary>
Send and receive TCP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_all_if" lineno="500">
<summary>
Send UDP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_if" lineno="518">
<summary>
Receive UDP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_if" lineno="536">
<summary>
Send and receive UDP network traffic on all interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_raw_send_all_if" lineno="551">
<summary>
Send raw IP packets on all interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_all_if" lineno="569">
<summary>
Receive raw IP packets on all interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_all_if" lineno="587">
<summary>
Send and receive raw IP packets on all interfaces.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_generic_node" lineno="630">
<summary>
Send and receive TCP network traffic on generic nodes.
</summary>
<desc>
<p>
Allow the specified domain to send and receive TCP network
traffic to/from generic network nodes (hostnames/networks).
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_if()</li>
<li>corenet_tcp_sendrecv_all_ports()</li>
<li>corenet_tcp_connect_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_generic_node" lineno="648">
<summary>
Send UDP network traffic on generic nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_generic_node" lineno="666">
<summary>
Receive UDP network traffic on generic nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_generic_node" lineno="710">
<summary>
Send and receive UDP network traffic on generic nodes.
</summary>
<desc>
<p>
Allow the specified domain to send and receive UDP network
traffic to/from generic network nodes (hostnames/networks).
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_udp_sendrecv_generic_if()</li>
<li>corenet_udp_sendrecv_all_ports()</li>
</ul>
<p>
Example client being able to send to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:udp_socket create_socket_perms;
corenet_udp_sendrecv_generic_if(myclient_t)
corenet_udp_sendrecv_generic_node(myclient_t)
corenet_udp_sendrecv_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_raw_send_generic_node" lineno="725">
<summary>
Send raw IP packets on generic nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_generic_node" lineno="743">
<summary>
Receive raw IP packets on generic nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_generic_node" lineno="761">
<summary>
Send and receive raw IP packets on generic nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_generic_node" lineno="791">
<summary>
Bind TCP sockets to generic nodes.
</summary>
<desc>
<p>
Bind TCP sockets to generic nodes. This is
necessary for binding a socket so it
can be used for servers to listen
for incoming connections.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_udp_bind_generic_node()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="corenet_udp_bind_generic_node" lineno="824">
<summary>
Bind UDP sockets to generic nodes.
</summary>
<desc>
<p>
Bind UDP sockets to generic nodes. This is
necessary for binding a socket so it
can be used for servers to listen
for incoming connections.
</p>
<p>
Related interface:
</p>
<ul>
<li>corenet_tcp_bind_generic_node()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="corenet_raw_bind_generic_node" lineno="843">
<summary>
Bind raw sockets to genric nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_out_generic_node" lineno="862">
<summary>
Allow outgoing network traffic to generic nodes.
</summary>
<param name="domain">
<summary>
The peer label of the outgoing network traffic.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_in_generic_node" lineno="881">
<summary>
Allow incoming network traffic from generic nodes.
</summary>
<param name="domain">
<summary>
The peer label of the incoming network traffic.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_inout_generic_node" lineno="900">
<summary>
Allow incoming and outgoing network traffic with generic nodes.
</summary>
<param name="domain">
<summary>
The peer label of the network traffic.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_tcp_sendrecv_all_nodes" lineno="915">
<summary>
Send and receive TCP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_all_nodes" lineno="933">
<summary>
Send UDP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_send_all_nodes" lineno="952">
<summary>
Do not audit attempts to send UDP network
traffic on any nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_nodes" lineno="970">
<summary>
Receive UDP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_receive_all_nodes" lineno="989">
<summary>
Do not audit attempts to receive UDP
network traffic on all nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_nodes" lineno="1007">
<summary>
Send and receive UDP network traffic on all nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_all_nodes" lineno="1023">
<summary>
Do not audit attempts to send and receive UDP
network traffic on any nodes nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_raw_send_all_nodes" lineno="1038">
<summary>
Send raw IP packets on all nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_raw_receive_all_nodes" lineno="1056">
<summary>
Receive raw IP packets on all nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_raw_sendrecv_all_nodes" lineno="1074">
<summary>
Send and receive raw IP packets on all nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_nodes" lineno="1089">
<summary>
Bind TCP sockets to all nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_nodes" lineno="1107">
<summary>
Bind UDP sockets to all nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_raw_bind_all_nodes" lineno="1126">
<summary>
Bind raw sockets to all nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_generic_port" lineno="1144">
<summary>
Send and receive TCP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_sendrecv_generic_port" lineno="1162">
<summary>
Do not audit send and receive TCP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_generic_port" lineno="1180">
<summary>
Send UDP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_generic_port" lineno="1198">
<summary>
Receive UDP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_generic_port" lineno="1216">
<summary>
Send and receive UDP network traffic on generic ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_generic_port" lineno="1231">
<summary>
Bind TCP sockets to generic ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_generic_port" lineno="1251">
<summary>
Do not audit bind TCP sockets to generic ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_generic_port" lineno="1269">
<summary>
Bind UDP sockets to generic ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_generic_port" lineno="1289">
<summary>
Connect TCP sockets to generic ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_all_ports" lineno="1333">
<summary>
Send and receive TCP network traffic on all ports.
</summary>
<desc>
<p>
Send and receive TCP network traffic on all ports.
Related interfaces:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_if()</li>
<li>corenet_tcp_sendrecv_generic_node()</li>
<li>corenet_tcp_connect_all_ports()</li>
<li>corenet_tcp_bind_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_all_ports" lineno="1351">
<summary>
Send UDP network traffic on all ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_ports" lineno="1369">
<summary>
Receive UDP network traffic on all ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_ports" lineno="1411">
<summary>
Send and receive UDP network traffic on all ports.
</summary>
<desc>
<p>
Send and receive UDP network traffic on all ports.
Related interfaces:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_udp_sendrecv_generic_if()</li>
<li>corenet_udp_sendrecv_generic_node()</li>
<li>corenet_udp_bind_all_ports()</li>
</ul>
<p>
Example client being able to send to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:udp_socket create_socket_perms;
corenet_udp_sendrecv_generic_if(myclient_t)
corenet_udp_sendrecv_generic_node(myclient_t)
corenet_udp_sendrecv_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_tcp_bind_all_ports" lineno="1426">
<summary>
Bind TCP sockets to all ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_all_ports" lineno="1445">
<summary>
Do not audit attepts to bind TCP sockets to any ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_ports" lineno="1463">
<summary>
Bind UDP sockets to all ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_bind_all_ports" lineno="1482">
<summary>
Do not audit attepts to bind UDP sockets to any ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_ports" lineno="1528">
<summary>
Connect TCP sockets to all ports.
</summary>
<desc>
<p>
Connect TCP sockets to all ports
</p>
<p>
Related interfaces:
</p>
<ul>
<li>corenet_all_recvfrom_unlabeled()</li>
<li>corenet_tcp_sendrecv_generic_if()</li>
<li>corenet_tcp_sendrecv_generic_node()</li>
<li>corenet_tcp_sendrecv_all_ports()</li>
<li>corenet_tcp_bind_all_ports()</li>
</ul>
<p>
Example client being able to connect to all ports over
generic nodes, without labeled networking:
</p>
<p>
allow myclient_t self:tcp_socket create_stream_socket_perms;
corenet_tcp_sendrecv_generic_if(myclient_t)
corenet_tcp_sendrecv_generic_node(myclient_t)
corenet_tcp_sendrecv_all_ports(myclient_t)
corenet_tcp_connect_all_ports(myclient_t)
corenet_all_recvfrom_unlabeled(myclient_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="1"/>
</interface>
<interface name="corenet_dontaudit_tcp_connect_all_ports" lineno="1547">
<summary>
Do not audit attempts to connect TCP sockets
to all ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_reserved_port" lineno="1565">
<summary>
Send and receive TCP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_reserved_port" lineno="1583">
<summary>
Send UDP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_reserved_port" lineno="1601">
<summary>
Receive UDP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_reserved_port" lineno="1619">
<summary>
Send and receive UDP network traffic on generic reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_reserved_port" lineno="1634">
<summary>
Bind TCP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_reserved_port" lineno="1653">
<summary>
Bind UDP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_reserved_port" lineno="1672">
<summary>
Connect TCP sockets to generic reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_all_reserved_ports" lineno="1690">
<summary>
Send and receive TCP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_send_all_reserved_ports" lineno="1708">
<summary>
Send UDP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_receive_all_reserved_ports" lineno="1726">
<summary>
Receive UDP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_sendrecv_all_reserved_ports" lineno="1744">
<summary>
Send and receive UDP network traffic on all reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_reserved_ports" lineno="1759">
<summary>
Bind TCP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_all_reserved_ports" lineno="1778">
<summary>
Do not audit attempts to bind TCP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_reserved_ports" lineno="1796">
<summary>
Bind UDP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_bind_all_reserved_ports" lineno="1815">
<summary>
Do not audit attempts to bind UDP sockets to all reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_unreserved_ports" lineno="1833">
<summary>
Bind TCP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_unreserved_ports" lineno="1851">
<summary>
Bind UDP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_reserved_ports" lineno="1869">
<summary>
Connect TCP sockets to reserved ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_unreserved_ports" lineno="1887">
<summary>
Connect TCP sockets to all ports > 1024.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_all_reserved_ports" lineno="1906">
<summary>
Do not audit attempts to connect TCP sockets
all reserved ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_connect_all_rpc_ports" lineno="1924">
<summary>
Connect TCP sockets to rpc ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_connect_all_rpc_ports" lineno="1943">
<summary>
Do not audit attempts to connect TCP sockets
all rpc ports.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_rw_tun_tap_dev" lineno="1961">
<summary>
Read and write the TUN/TAP virtual network device.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_rw_tun_tap_dev" lineno="1981">
<summary>
Do not audit attempts to read or write the TUN/TAP
virtual network device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_getattr_ppp_dev" lineno="1999">
<summary>
Getattr the point-to-point device.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_rw_ppp_dev" lineno="2017">
<summary>
Read and write the point-to-point device.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_bind_all_rpc_ports" lineno="2036">
<summary>
Bind TCP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_bind_all_rpc_ports" lineno="2055">
<summary>
Do not audit attempts to bind TCP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_bind_all_rpc_ports" lineno="2073">
<summary>
Bind UDP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_bind_all_rpc_ports" lineno="2092">
<summary>
Do not audit attempts to bind UDP sockets to all RPC ports.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="corenet_non_ipsec_sendrecv" lineno="2123">
<summary>
Send and receive messages on a
non-encrypted (no IPSEC) network
session.
</summary>
<desc>
<p>
Send and receive messages on a
non-encrypted (no IPSEC) network
session. (Deprecated)
</p>
<p>
The corenet_all_recvfrom_unlabeled() interface should be used instead
of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_non_ipsec_sendrecv" lineno="2151">
<summary>
Do not audit attempts to send and receive
messages on a non-encrypted (no IPSEC) network
session.
</summary>
<desc>
<p>
Do not audit attempts to send and receive
messages on a non-encrypted (no IPSEC) network
session.
</p>
<p>
The corenet_dontaudit_all_recvfrom_unlabeled() interface should be
used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_recv_netlabel" lineno="2166">
<summary>
Receive TCP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_recvfrom_netlabel" lineno="2181">
<summary>
Receive TCP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_recvfrom_unlabeled" lineno="2200">
<summary>
Receive TCP packets from an unlabled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_recv_netlabel" lineno="2226">
<summary>
Do not audit attempts to receive TCP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_recvfrom_netlabel" lineno="2242">
<summary>
Do not audit attempts to receive TCP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_tcp_recvfrom_unlabeled" lineno="2262">
<summary>
Do not audit attempts to receive TCP packets from an unlabeled
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_udp_recv_netlabel" lineno="2282">
<summary>
Receive UDP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_recvfrom_netlabel" lineno="2297">
<summary>
Receive UDP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_udp_recvfrom_unlabeled" lineno="2316">
<summary>
Receive UDP packets from an unlabeled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_recv_netlabel" lineno="2337">
<summary>
Do not audit attempts to receive UDP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_recvfrom_netlabel" lineno="2353">
<summary>
Do not audit attempts to receive UDP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_udp_recvfrom_unlabeled" lineno="2373">
<summary>
Do not audit attempts to receive UDP packets from an unlabeled
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_raw_recv_netlabel" lineno="2393">
<summary>
Receive Raw IP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_recvfrom_netlabel" lineno="2408">
<summary>
Receive Raw IP packets from a NetLabel connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_raw_recvfrom_unlabeled" lineno="2427">
<summary>
Receive Raw IP packets from an unlabeled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_raw_recv_netlabel" lineno="2448">
<summary>
Do not audit attempts to receive Raw IP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_raw_recvfrom_netlabel" lineno="2464">
<summary>
Do not audit attempts to receive Raw IP packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_raw_recvfrom_unlabeled" lineno="2484">
<summary>
Do not audit attempts to receive Raw IP packets from an unlabeled
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_all_recvfrom_unlabeled" lineno="2516">
<summary>
Receive packets from an unlabeled connection.
</summary>
<desc>
<p>
Allow the specified domain to receive packets from an
unlabeled connection. On machines that do not utilize
labeled networking, this will be required on all
networking domains. On machines tha do utilize
labeled networking, this will be required for any
networking domain that is allowed to receive
network traffic that does not have a label.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_all_recvfrom_netlabel" lineno="2549">
<summary>
Receive packets from a NetLabel connection.
</summary>
<desc>
<p>
Allow the specified domain to receive NetLabel
network traffic, which utilizes the Commercial IP
Security Option (CIPSO) to set the MLS level
of the network packets. This is required for
all networking domains that receive NetLabel
network traffic.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_enable_unlabeled_packets" lineno="2574">
<summary>
Enable unlabeled net packets
</summary>
<desc>
<p>
Allow unlabeled_packet_t to be used by all domains that use the network
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_all_recvfrom_unlabeled" lineno="2592">
<summary>
Do not audit attempts to receive packets from an unlabeled connection.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_dontaudit_all_recvfrom_netlabel" lineno="2615">
<summary>
Do not audit attempts to receive packets from a NetLabel
connection.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="corenet_tcp_recvfrom_labeled" lineno="2647">
<summary>
Rules for receiving labeled TCP packets.
</summary>
<desc>
<p>
Rules for receiving labeled TCP packets.
</p>
<p>
Due to the nature of TCP, this is bidirectional.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_udp_recvfrom_labeled" lineno="2675">
<summary>
Rules for receiving labeled UDP packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_raw_recvfrom_labeled" lineno="2700">
<summary>
Rules for receiving labeled raw IP packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_all_recvfrom_labeled" lineno="2734">
<summary>
Rules for receiving labeled packets via TCP, UDP and raw IP.
</summary>
<desc>
<p>
Rules for receiving labeled packets via TCP, UDP and raw IP.
</p>
<p>
Due to the nature of TCP, the rules (for TCP
networking only) are bidirectional.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="peer_domain">
<summary>
Peer domain.
</summary>
</param>
</interface>
<interface name="corenet_send_generic_client_packets" lineno="2750">
<summary>
Send generic client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_generic_client_packets" lineno="2768">
<summary>
Receive generic client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_generic_client_packets" lineno="2786">
<summary>
Send and receive generic client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_generic_client_packets" lineno="2801">
<summary>
Relabel packets to the generic client packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_generic_server_packets" lineno="2819">
<summary>
Send generic server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_generic_server_packets" lineno="2837">
<summary>
Receive generic server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_generic_server_packets" lineno="2855">
<summary>
Send and receive generic server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_generic_server_packets" lineno="2870">
<summary>
Relabel packets to the generic server packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_unlabeled_packets" lineno="2895">
<summary>
Send and receive unlabeled packets.
</summary>
<desc>
<p>
Send and receive unlabeled packets.
These packets do not match any netfilter
SECMARK rules.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_all_client_packets" lineno="2909">
<summary>
Send all client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_all_client_packets" lineno="2927">
<summary>
Receive all client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_all_client_packets" lineno="2945">
<summary>
Send and receive all client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_all_client_packets" lineno="2960">
<summary>
Relabel packets to any client packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_all_server_packets" lineno="2978">
<summary>
Send all server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_all_server_packets" lineno="2996">
<summary>
Receive all server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_all_server_packets" lineno="3014">
<summary>
Send and receive all server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_all_server_packets" lineno="3029">
<summary>
Relabel packets to any server packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_all_packets" lineno="3047">
<summary>
Send all packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_receive_all_packets" lineno="3065">
<summary>
Receive all packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_sendrecv_all_packets" lineno="3083">
<summary>
Send and receive all packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_relabelto_all_packets" lineno="3098">
<summary>
Relabel packets to any packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_unconfined" lineno="3116">
<summary>
Unconfined access to network objects.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_bos_port" lineno="3211">
<summary>
Send and receive TCP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_bos_port" lineno="3230">
<summary>
Send UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_bos_port" lineno="3249">
<summary>
Do not audit attempts to send UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_bos_port" lineno="3268">
<summary>
Receive UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_bos_port" lineno="3287">
<summary>
Do not audit attempts to receive UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_bos_port" lineno="3306">
<summary>
Send and receive UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_bos_port" lineno="3323">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_bos_port" lineno="3339">
<summary>
Bind TCP sockets to the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_bos_port" lineno="3359">
<summary>
Bind UDP sockets to the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_bos_port" lineno="3378">
<summary>
Make a TCP connection to the afs_bos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_bos_client_packets" lineno="3398">
<summary>
Send afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_bos_client_packets" lineno="3417">
<summary>
Do not audit attempts to send afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_bos_client_packets" lineno="3436">
<summary>
Receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_bos_client_packets" lineno="3455">
<summary>
Do not audit attempts to receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_bos_client_packets" lineno="3474">
<summary>
Send and receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_bos_client_packets" lineno="3490">
<summary>
Do not audit attempts to send and receive afs_bos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_bos_client_packets" lineno="3505">
<summary>
Relabel packets to afs_bos_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_bos_server_packets" lineno="3525">
<summary>
Send afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_bos_server_packets" lineno="3544">
<summary>
Do not audit attempts to send afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_bos_server_packets" lineno="3563">
<summary>
Receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_bos_server_packets" lineno="3582">
<summary>
Do not audit attempts to receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_bos_server_packets" lineno="3601">
<summary>
Send and receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_bos_server_packets" lineno="3617">
<summary>
Do not audit attempts to send and receive afs_bos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_bos_server_packets" lineno="3632">
<summary>
Relabel packets to afs_bos_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_client_port" lineno="3654">
<summary>
Send and receive TCP traffic on the afs_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_client_port" lineno="3673">
<summary>
Send UDP traffic on the afs_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_client_port" lineno="3692">
<summary>
Do not audit attempts to send UDP traffic on the afs_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_client_port" lineno="3711">
<summary>
Receive UDP traffic on the afs_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_client_port" lineno="3730">
<summary>
Do not audit attempts to receive UDP traffic on the afs_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_client_port" lineno="3749">
<summary>
Send and receive UDP traffic on the afs_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_client_port" lineno="3766">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_client_port" lineno="3782">
<summary>
Bind TCP sockets to the afs_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_client_port" lineno="3802">
<summary>
Bind UDP sockets to the afs_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_client_port" lineno="3821">
<summary>
Make a TCP connection to the afs_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_client_client_packets" lineno="3841">
<summary>
Send afs_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_client_client_packets" lineno="3860">
<summary>
Do not audit attempts to send afs_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_client_client_packets" lineno="3879">
<summary>
Receive afs_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_client_client_packets" lineno="3898">
<summary>
Do not audit attempts to receive afs_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_client_client_packets" lineno="3917">
<summary>
Send and receive afs_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_client_client_packets" lineno="3933">
<summary>
Do not audit attempts to send and receive afs_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_client_client_packets" lineno="3948">
<summary>
Relabel packets to afs_client_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_client_server_packets" lineno="3968">
<summary>
Send afs_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_client_server_packets" lineno="3987">
<summary>
Do not audit attempts to send afs_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_client_server_packets" lineno="4006">
<summary>
Receive afs_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_client_server_packets" lineno="4025">
<summary>
Do not audit attempts to receive afs_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_client_server_packets" lineno="4044">
<summary>
Send and receive afs_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_client_server_packets" lineno="4060">
<summary>
Do not audit attempts to send and receive afs_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_client_server_packets" lineno="4075">
<summary>
Relabel packets to afs_client_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_fs_port" lineno="4097">
<summary>
Send and receive TCP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_fs_port" lineno="4116">
<summary>
Send UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_fs_port" lineno="4135">
<summary>
Do not audit attempts to send UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_fs_port" lineno="4154">
<summary>
Receive UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_fs_port" lineno="4173">
<summary>
Do not audit attempts to receive UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_fs_port" lineno="4192">
<summary>
Send and receive UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_fs_port" lineno="4209">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_fs_port" lineno="4225">
<summary>
Bind TCP sockets to the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_fs_port" lineno="4245">
<summary>
Bind UDP sockets to the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_fs_port" lineno="4264">
<summary>
Make a TCP connection to the afs_fs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_fs_client_packets" lineno="4284">
<summary>
Send afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_fs_client_packets" lineno="4303">
<summary>
Do not audit attempts to send afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_fs_client_packets" lineno="4322">
<summary>
Receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_fs_client_packets" lineno="4341">
<summary>
Do not audit attempts to receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_fs_client_packets" lineno="4360">
<summary>
Send and receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_fs_client_packets" lineno="4376">
<summary>
Do not audit attempts to send and receive afs_fs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_fs_client_packets" lineno="4391">
<summary>
Relabel packets to afs_fs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_fs_server_packets" lineno="4411">
<summary>
Send afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_fs_server_packets" lineno="4430">
<summary>
Do not audit attempts to send afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_fs_server_packets" lineno="4449">
<summary>
Receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_fs_server_packets" lineno="4468">
<summary>
Do not audit attempts to receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_fs_server_packets" lineno="4487">
<summary>
Send and receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_fs_server_packets" lineno="4503">
<summary>
Do not audit attempts to send and receive afs_fs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_fs_server_packets" lineno="4518">
<summary>
Relabel packets to afs_fs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_ka_port" lineno="4540">
<summary>
Send and receive TCP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_ka_port" lineno="4559">
<summary>
Send UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_ka_port" lineno="4578">
<summary>
Do not audit attempts to send UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_ka_port" lineno="4597">
<summary>
Receive UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_ka_port" lineno="4616">
<summary>
Do not audit attempts to receive UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_ka_port" lineno="4635">
<summary>
Send and receive UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_ka_port" lineno="4652">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_ka_port" lineno="4668">
<summary>
Bind TCP sockets to the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_ka_port" lineno="4688">
<summary>
Bind UDP sockets to the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_ka_port" lineno="4707">
<summary>
Make a TCP connection to the afs_ka port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_ka_client_packets" lineno="4727">
<summary>
Send afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_ka_client_packets" lineno="4746">
<summary>
Do not audit attempts to send afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_ka_client_packets" lineno="4765">
<summary>
Receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_ka_client_packets" lineno="4784">
<summary>
Do not audit attempts to receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_ka_client_packets" lineno="4803">
<summary>
Send and receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_ka_client_packets" lineno="4819">
<summary>
Do not audit attempts to send and receive afs_ka_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_ka_client_packets" lineno="4834">
<summary>
Relabel packets to afs_ka_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_ka_server_packets" lineno="4854">
<summary>
Send afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_ka_server_packets" lineno="4873">
<summary>
Do not audit attempts to send afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_ka_server_packets" lineno="4892">
<summary>
Receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_ka_server_packets" lineno="4911">
<summary>
Do not audit attempts to receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_ka_server_packets" lineno="4930">
<summary>
Send and receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_ka_server_packets" lineno="4946">
<summary>
Do not audit attempts to send and receive afs_ka_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_ka_server_packets" lineno="4961">
<summary>
Relabel packets to afs_ka_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_pt_port" lineno="4983">
<summary>
Send and receive TCP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_pt_port" lineno="5002">
<summary>
Send UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_pt_port" lineno="5021">
<summary>
Do not audit attempts to send UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_pt_port" lineno="5040">
<summary>
Receive UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_pt_port" lineno="5059">
<summary>
Do not audit attempts to receive UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_pt_port" lineno="5078">
<summary>
Send and receive UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_pt_port" lineno="5095">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_pt_port" lineno="5111">
<summary>
Bind TCP sockets to the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_pt_port" lineno="5131">
<summary>
Bind UDP sockets to the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_pt_port" lineno="5150">
<summary>
Make a TCP connection to the afs_pt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_pt_client_packets" lineno="5170">
<summary>
Send afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_pt_client_packets" lineno="5189">
<summary>
Do not audit attempts to send afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_pt_client_packets" lineno="5208">
<summary>
Receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_pt_client_packets" lineno="5227">
<summary>
Do not audit attempts to receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_pt_client_packets" lineno="5246">
<summary>
Send and receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_pt_client_packets" lineno="5262">
<summary>
Do not audit attempts to send and receive afs_pt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_pt_client_packets" lineno="5277">
<summary>
Relabel packets to afs_pt_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_pt_server_packets" lineno="5297">
<summary>
Send afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_pt_server_packets" lineno="5316">
<summary>
Do not audit attempts to send afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_pt_server_packets" lineno="5335">
<summary>
Receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_pt_server_packets" lineno="5354">
<summary>
Do not audit attempts to receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_pt_server_packets" lineno="5373">
<summary>
Send and receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_pt_server_packets" lineno="5389">
<summary>
Do not audit attempts to send and receive afs_pt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_pt_server_packets" lineno="5404">
<summary>
Relabel packets to afs_pt_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_afs_vl_port" lineno="5426">
<summary>
Send and receive TCP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_afs_vl_port" lineno="5445">
<summary>
Send UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_afs_vl_port" lineno="5464">
<summary>
Do not audit attempts to send UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_afs_vl_port" lineno="5483">
<summary>
Receive UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_afs_vl_port" lineno="5502">
<summary>
Do not audit attempts to receive UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_afs_vl_port" lineno="5521">
<summary>
Send and receive UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_afs_vl_port" lineno="5538">
<summary>
Do not audit attempts to send and receive
UDP traffic on the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_afs_vl_port" lineno="5554">
<summary>
Bind TCP sockets to the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_afs_vl_port" lineno="5574">
<summary>
Bind UDP sockets to the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_afs_vl_port" lineno="5593">
<summary>
Make a TCP connection to the afs_vl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_vl_client_packets" lineno="5613">
<summary>
Send afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_vl_client_packets" lineno="5632">
<summary>
Do not audit attempts to send afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_vl_client_packets" lineno="5651">
<summary>
Receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_vl_client_packets" lineno="5670">
<summary>
Do not audit attempts to receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_vl_client_packets" lineno="5689">
<summary>
Send and receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_vl_client_packets" lineno="5705">
<summary>
Do not audit attempts to send and receive afs_vl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_vl_client_packets" lineno="5720">
<summary>
Relabel packets to afs_vl_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_afs_vl_server_packets" lineno="5740">
<summary>
Send afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_afs_vl_server_packets" lineno="5759">
<summary>
Do not audit attempts to send afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_afs_vl_server_packets" lineno="5778">
<summary>
Receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_afs_vl_server_packets" lineno="5797">
<summary>
Do not audit attempts to receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_afs_vl_server_packets" lineno="5816">
<summary>
Send and receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_afs_vl_server_packets" lineno="5832">
<summary>
Do not audit attempts to send and receive afs_vl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_afs_vl_server_packets" lineno="5847">
<summary>
Relabel packets to afs_vl_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_agentx_port" lineno="5869">
<summary>
Send and receive TCP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_agentx_port" lineno="5888">
<summary>
Send UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_agentx_port" lineno="5907">
<summary>
Do not audit attempts to send UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_agentx_port" lineno="5926">
<summary>
Receive UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_agentx_port" lineno="5945">
<summary>
Do not audit attempts to receive UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_agentx_port" lineno="5964">
<summary>
Send and receive UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_agentx_port" lineno="5981">
<summary>
Do not audit attempts to send and receive
UDP traffic on the agentx port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_agentx_port" lineno="5997">
<summary>
Bind TCP sockets to the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_agentx_port" lineno="6017">
<summary>
Bind UDP sockets to the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_agentx_port" lineno="6036">
<summary>
Make a TCP connection to the agentx port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_agentx_client_packets" lineno="6056">
<summary>
Send agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_agentx_client_packets" lineno="6075">
<summary>
Do not audit attempts to send agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_agentx_client_packets" lineno="6094">
<summary>
Receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_agentx_client_packets" lineno="6113">
<summary>
Do not audit attempts to receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_agentx_client_packets" lineno="6132">
<summary>
Send and receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_agentx_client_packets" lineno="6148">
<summary>
Do not audit attempts to send and receive agentx_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_agentx_client_packets" lineno="6163">
<summary>
Relabel packets to agentx_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_agentx_server_packets" lineno="6183">
<summary>
Send agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_agentx_server_packets" lineno="6202">
<summary>
Do not audit attempts to send agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_agentx_server_packets" lineno="6221">
<summary>
Receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_agentx_server_packets" lineno="6240">
<summary>
Do not audit attempts to receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_agentx_server_packets" lineno="6259">
<summary>
Send and receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_agentx_server_packets" lineno="6275">
<summary>
Do not audit attempts to send and receive agentx_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_agentx_server_packets" lineno="6290">
<summary>
Relabel packets to agentx_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amanda_port" lineno="6312">
<summary>
Send and receive TCP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amanda_port" lineno="6331">
<summary>
Send UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amanda_port" lineno="6350">
<summary>
Do not audit attempts to send UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amanda_port" lineno="6369">
<summary>
Receive UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amanda_port" lineno="6388">
<summary>
Do not audit attempts to receive UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amanda_port" lineno="6407">
<summary>
Send and receive UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amanda_port" lineno="6424">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amanda port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amanda_port" lineno="6440">
<summary>
Bind TCP sockets to the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amanda_port" lineno="6460">
<summary>
Bind UDP sockets to the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amanda_port" lineno="6479">
<summary>
Make a TCP connection to the amanda port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amanda_client_packets" lineno="6499">
<summary>
Send amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amanda_client_packets" lineno="6518">
<summary>
Do not audit attempts to send amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amanda_client_packets" lineno="6537">
<summary>
Receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amanda_client_packets" lineno="6556">
<summary>
Do not audit attempts to receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amanda_client_packets" lineno="6575">
<summary>
Send and receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amanda_client_packets" lineno="6591">
<summary>
Do not audit attempts to send and receive amanda_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amanda_client_packets" lineno="6606">
<summary>
Relabel packets to amanda_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amanda_server_packets" lineno="6626">
<summary>
Send amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amanda_server_packets" lineno="6645">
<summary>
Do not audit attempts to send amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amanda_server_packets" lineno="6664">
<summary>
Receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amanda_server_packets" lineno="6683">
<summary>
Do not audit attempts to receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amanda_server_packets" lineno="6702">
<summary>
Send and receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amanda_server_packets" lineno="6718">
<summary>
Do not audit attempts to send and receive amanda_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amanda_server_packets" lineno="6733">
<summary>
Relabel packets to amanda_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amavisd_recv_port" lineno="6755">
<summary>
Send and receive TCP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amavisd_recv_port" lineno="6774">
<summary>
Send UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amavisd_recv_port" lineno="6793">
<summary>
Do not audit attempts to send UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amavisd_recv_port" lineno="6812">
<summary>
Receive UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amavisd_recv_port" lineno="6831">
<summary>
Do not audit attempts to receive UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amavisd_recv_port" lineno="6850">
<summary>
Send and receive UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amavisd_recv_port" lineno="6867">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amavisd_recv_port" lineno="6883">
<summary>
Bind TCP sockets to the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amavisd_recv_port" lineno="6903">
<summary>
Bind UDP sockets to the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amavisd_recv_port" lineno="6922">
<summary>
Make a TCP connection to the amavisd_recv port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_recv_client_packets" lineno="6942">
<summary>
Send amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_recv_client_packets" lineno="6961">
<summary>
Do not audit attempts to send amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_recv_client_packets" lineno="6980">
<summary>
Receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_recv_client_packets" lineno="6999">
<summary>
Do not audit attempts to receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_recv_client_packets" lineno="7018">
<summary>
Send and receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_recv_client_packets" lineno="7034">
<summary>
Do not audit attempts to send and receive amavisd_recv_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_recv_client_packets" lineno="7049">
<summary>
Relabel packets to amavisd_recv_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_recv_server_packets" lineno="7069">
<summary>
Send amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_recv_server_packets" lineno="7088">
<summary>
Do not audit attempts to send amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_recv_server_packets" lineno="7107">
<summary>
Receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_recv_server_packets" lineno="7126">
<summary>
Do not audit attempts to receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_recv_server_packets" lineno="7145">
<summary>
Send and receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_recv_server_packets" lineno="7161">
<summary>
Do not audit attempts to send and receive amavisd_recv_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_recv_server_packets" lineno="7176">
<summary>
Relabel packets to amavisd_recv_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amavisd_send_port" lineno="7198">
<summary>
Send and receive TCP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amavisd_send_port" lineno="7217">
<summary>
Send UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amavisd_send_port" lineno="7236">
<summary>
Do not audit attempts to send UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amavisd_send_port" lineno="7255">
<summary>
Receive UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amavisd_send_port" lineno="7274">
<summary>
Do not audit attempts to receive UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amavisd_send_port" lineno="7293">
<summary>
Send and receive UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amavisd_send_port" lineno="7310">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amavisd_send_port" lineno="7326">
<summary>
Bind TCP sockets to the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amavisd_send_port" lineno="7346">
<summary>
Bind UDP sockets to the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amavisd_send_port" lineno="7365">
<summary>
Make a TCP connection to the amavisd_send port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_send_client_packets" lineno="7385">
<summary>
Send amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_send_client_packets" lineno="7404">
<summary>
Do not audit attempts to send amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_send_client_packets" lineno="7423">
<summary>
Receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_send_client_packets" lineno="7442">
<summary>
Do not audit attempts to receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_send_client_packets" lineno="7461">
<summary>
Send and receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_send_client_packets" lineno="7477">
<summary>
Do not audit attempts to send and receive amavisd_send_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_send_client_packets" lineno="7492">
<summary>
Relabel packets to amavisd_send_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amavisd_send_server_packets" lineno="7512">
<summary>
Send amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amavisd_send_server_packets" lineno="7531">
<summary>
Do not audit attempts to send amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amavisd_send_server_packets" lineno="7550">
<summary>
Receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amavisd_send_server_packets" lineno="7569">
<summary>
Do not audit attempts to receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amavisd_send_server_packets" lineno="7588">
<summary>
Send and receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amavisd_send_server_packets" lineno="7604">
<summary>
Do not audit attempts to send and receive amavisd_send_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amavisd_send_server_packets" lineno="7619">
<summary>
Relabel packets to amavisd_send_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_amqp_port" lineno="7641">
<summary>
Send and receive TCP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_amqp_port" lineno="7660">
<summary>
Send UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_amqp_port" lineno="7679">
<summary>
Do not audit attempts to send UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_amqp_port" lineno="7698">
<summary>
Receive UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_amqp_port" lineno="7717">
<summary>
Do not audit attempts to receive UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_amqp_port" lineno="7736">
<summary>
Send and receive UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_amqp_port" lineno="7753">
<summary>
Do not audit attempts to send and receive
UDP traffic on the amqp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_amqp_port" lineno="7769">
<summary>
Bind TCP sockets to the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_amqp_port" lineno="7789">
<summary>
Bind UDP sockets to the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_amqp_port" lineno="7808">
<summary>
Make a TCP connection to the amqp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amqp_client_packets" lineno="7828">
<summary>
Send amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amqp_client_packets" lineno="7847">
<summary>
Do not audit attempts to send amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amqp_client_packets" lineno="7866">
<summary>
Receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amqp_client_packets" lineno="7885">
<summary>
Do not audit attempts to receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amqp_client_packets" lineno="7904">
<summary>
Send and receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amqp_client_packets" lineno="7920">
<summary>
Do not audit attempts to send and receive amqp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amqp_client_packets" lineno="7935">
<summary>
Relabel packets to amqp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_amqp_server_packets" lineno="7955">
<summary>
Send amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_amqp_server_packets" lineno="7974">
<summary>
Do not audit attempts to send amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_amqp_server_packets" lineno="7993">
<summary>
Receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_amqp_server_packets" lineno="8012">
<summary>
Do not audit attempts to receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_amqp_server_packets" lineno="8031">
<summary>
Send and receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_amqp_server_packets" lineno="8047">
<summary>
Do not audit attempts to send and receive amqp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_amqp_server_packets" lineno="8062">
<summary>
Relabel packets to amqp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_aol_port" lineno="8084">
<summary>
Send and receive TCP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_aol_port" lineno="8103">
<summary>
Send UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_aol_port" lineno="8122">
<summary>
Do not audit attempts to send UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_aol_port" lineno="8141">
<summary>
Receive UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_aol_port" lineno="8160">
<summary>
Do not audit attempts to receive UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_aol_port" lineno="8179">
<summary>
Send and receive UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_aol_port" lineno="8196">
<summary>
Do not audit attempts to send and receive
UDP traffic on the aol port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_aol_port" lineno="8212">
<summary>
Bind TCP sockets to the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_aol_port" lineno="8232">
<summary>
Bind UDP sockets to the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_aol_port" lineno="8251">
<summary>
Make a TCP connection to the aol port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_aol_client_packets" lineno="8271">
<summary>
Send aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_aol_client_packets" lineno="8290">
<summary>
Do not audit attempts to send aol_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_aol_client_packets" lineno="8309">
<summary>
Receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_aol_client_packets" lineno="8328">
<summary>
Do not audit attempts to receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_aol_client_packets" lineno="8347">
<summary>
Send and receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_aol_client_packets" lineno="8363">
<summary>
Do not audit attempts to send and receive aol_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_aol_client_packets" lineno="8378">
<summary>
Relabel packets to aol_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_aol_server_packets" lineno="8398">
<summary>
Send aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_aol_server_packets" lineno="8417">
<summary>
Do not audit attempts to send aol_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_aol_server_packets" lineno="8436">
<summary>
Receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_aol_server_packets" lineno="8455">
<summary>
Do not audit attempts to receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_aol_server_packets" lineno="8474">
<summary>
Send and receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_aol_server_packets" lineno="8490">
<summary>
Do not audit attempts to send and receive aol_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_aol_server_packets" lineno="8505">
<summary>
Relabel packets to aol_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_apc_port" lineno="8527">
<summary>
Send and receive TCP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_apc_port" lineno="8546">
<summary>
Send UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_apc_port" lineno="8565">
<summary>
Do not audit attempts to send UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_apc_port" lineno="8584">
<summary>
Receive UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_apc_port" lineno="8603">
<summary>
Do not audit attempts to receive UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_apc_port" lineno="8622">
<summary>
Send and receive UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_apc_port" lineno="8639">
<summary>
Do not audit attempts to send and receive
UDP traffic on the apc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_apc_port" lineno="8655">
<summary>
Bind TCP sockets to the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_apc_port" lineno="8675">
<summary>
Bind UDP sockets to the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_apc_port" lineno="8694">
<summary>
Make a TCP connection to the apc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apc_client_packets" lineno="8714">
<summary>
Send apc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apc_client_packets" lineno="8733">
<summary>
Do not audit attempts to send apc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apc_client_packets" lineno="8752">
<summary>
Receive apc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apc_client_packets" lineno="8771">
<summary>
Do not audit attempts to receive apc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apc_client_packets" lineno="8790">
<summary>
Send and receive apc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apc_client_packets" lineno="8806">
<summary>
Do not audit attempts to send and receive apc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apc_client_packets" lineno="8821">
<summary>
Relabel packets to apc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apc_server_packets" lineno="8841">
<summary>
Send apc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apc_server_packets" lineno="8860">
<summary>
Do not audit attempts to send apc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apc_server_packets" lineno="8879">
<summary>
Receive apc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apc_server_packets" lineno="8898">
<summary>
Do not audit attempts to receive apc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apc_server_packets" lineno="8917">
<summary>
Send and receive apc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apc_server_packets" lineno="8933">
<summary>
Do not audit attempts to send and receive apc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apc_server_packets" lineno="8948">
<summary>
Relabel packets to apc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_apcupsd_port" lineno="8970">
<summary>
Send and receive TCP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_apcupsd_port" lineno="8989">
<summary>
Send UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_apcupsd_port" lineno="9008">
<summary>
Do not audit attempts to send UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_apcupsd_port" lineno="9027">
<summary>
Receive UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_apcupsd_port" lineno="9046">
<summary>
Do not audit attempts to receive UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_apcupsd_port" lineno="9065">
<summary>
Send and receive UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_apcupsd_port" lineno="9082">
<summary>
Do not audit attempts to send and receive
UDP traffic on the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_apcupsd_port" lineno="9098">
<summary>
Bind TCP sockets to the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_apcupsd_port" lineno="9118">
<summary>
Bind UDP sockets to the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_apcupsd_port" lineno="9137">
<summary>
Make a TCP connection to the apcupsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apcupsd_client_packets" lineno="9157">
<summary>
Send apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apcupsd_client_packets" lineno="9176">
<summary>
Do not audit attempts to send apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apcupsd_client_packets" lineno="9195">
<summary>
Receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apcupsd_client_packets" lineno="9214">
<summary>
Do not audit attempts to receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apcupsd_client_packets" lineno="9233">
<summary>
Send and receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apcupsd_client_packets" lineno="9249">
<summary>
Do not audit attempts to send and receive apcupsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apcupsd_client_packets" lineno="9264">
<summary>
Relabel packets to apcupsd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apcupsd_server_packets" lineno="9284">
<summary>
Send apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apcupsd_server_packets" lineno="9303">
<summary>
Do not audit attempts to send apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apcupsd_server_packets" lineno="9322">
<summary>
Receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apcupsd_server_packets" lineno="9341">
<summary>
Do not audit attempts to receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apcupsd_server_packets" lineno="9360">
<summary>
Send and receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apcupsd_server_packets" lineno="9376">
<summary>
Do not audit attempts to send and receive apcupsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apcupsd_server_packets" lineno="9391">
<summary>
Relabel packets to apcupsd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_apertus_ldp_port" lineno="9413">
<summary>
Send and receive TCP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_apertus_ldp_port" lineno="9432">
<summary>
Send UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_apertus_ldp_port" lineno="9451">
<summary>
Do not audit attempts to send UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_apertus_ldp_port" lineno="9470">
<summary>
Receive UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_apertus_ldp_port" lineno="9489">
<summary>
Do not audit attempts to receive UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_apertus_ldp_port" lineno="9508">
<summary>
Send and receive UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_apertus_ldp_port" lineno="9525">
<summary>
Do not audit attempts to send and receive
UDP traffic on the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_apertus_ldp_port" lineno="9541">
<summary>
Bind TCP sockets to the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_apertus_ldp_port" lineno="9561">
<summary>
Bind UDP sockets to the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_apertus_ldp_port" lineno="9580">
<summary>
Make a TCP connection to the apertus_ldp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apertus_ldp_client_packets" lineno="9600">
<summary>
Send apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apertus_ldp_client_packets" lineno="9619">
<summary>
Do not audit attempts to send apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apertus_ldp_client_packets" lineno="9638">
<summary>
Receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apertus_ldp_client_packets" lineno="9657">
<summary>
Do not audit attempts to receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apertus_ldp_client_packets" lineno="9676">
<summary>
Send and receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apertus_ldp_client_packets" lineno="9692">
<summary>
Do not audit attempts to send and receive apertus_ldp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apertus_ldp_client_packets" lineno="9707">
<summary>
Relabel packets to apertus_ldp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_apertus_ldp_server_packets" lineno="9727">
<summary>
Send apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_apertus_ldp_server_packets" lineno="9746">
<summary>
Do not audit attempts to send apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_apertus_ldp_server_packets" lineno="9765">
<summary>
Receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_apertus_ldp_server_packets" lineno="9784">
<summary>
Do not audit attempts to receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_apertus_ldp_server_packets" lineno="9803">
<summary>
Send and receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_apertus_ldp_server_packets" lineno="9819">
<summary>
Do not audit attempts to send and receive apertus_ldp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_apertus_ldp_server_packets" lineno="9834">
<summary>
Relabel packets to apertus_ldp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_asterisk_port" lineno="9856">
<summary>
Send and receive TCP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_asterisk_port" lineno="9875">
<summary>
Send UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_asterisk_port" lineno="9894">
<summary>
Do not audit attempts to send UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_asterisk_port" lineno="9913">
<summary>
Receive UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_asterisk_port" lineno="9932">
<summary>
Do not audit attempts to receive UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_asterisk_port" lineno="9951">
<summary>
Send and receive UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_asterisk_port" lineno="9968">
<summary>
Do not audit attempts to send and receive
UDP traffic on the asterisk port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_asterisk_port" lineno="9984">
<summary>
Bind TCP sockets to the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_asterisk_port" lineno="10004">
<summary>
Bind UDP sockets to the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_asterisk_port" lineno="10023">
<summary>
Make a TCP connection to the asterisk port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_asterisk_client_packets" lineno="10043">
<summary>
Send asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_asterisk_client_packets" lineno="10062">
<summary>
Do not audit attempts to send asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_asterisk_client_packets" lineno="10081">
<summary>
Receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_asterisk_client_packets" lineno="10100">
<summary>
Do not audit attempts to receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_asterisk_client_packets" lineno="10119">
<summary>
Send and receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_asterisk_client_packets" lineno="10135">
<summary>
Do not audit attempts to send and receive asterisk_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_asterisk_client_packets" lineno="10150">
<summary>
Relabel packets to asterisk_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_asterisk_server_packets" lineno="10170">
<summary>
Send asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_asterisk_server_packets" lineno="10189">
<summary>
Do not audit attempts to send asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_asterisk_server_packets" lineno="10208">
<summary>
Receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_asterisk_server_packets" lineno="10227">
<summary>
Do not audit attempts to receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_asterisk_server_packets" lineno="10246">
<summary>
Send and receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_asterisk_server_packets" lineno="10262">
<summary>
Do not audit attempts to send and receive asterisk_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_asterisk_server_packets" lineno="10277">
<summary>
Relabel packets to asterisk_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_audit_port" lineno="10299">
<summary>
Send and receive TCP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_audit_port" lineno="10318">
<summary>
Send UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_audit_port" lineno="10337">
<summary>
Do not audit attempts to send UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_audit_port" lineno="10356">
<summary>
Receive UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_audit_port" lineno="10375">
<summary>
Do not audit attempts to receive UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_audit_port" lineno="10394">
<summary>
Send and receive UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_audit_port" lineno="10411">
<summary>
Do not audit attempts to send and receive
UDP traffic on the audit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_audit_port" lineno="10427">
<summary>
Bind TCP sockets to the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_audit_port" lineno="10447">
<summary>
Bind UDP sockets to the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_audit_port" lineno="10466">
<summary>
Make a TCP connection to the audit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_audit_client_packets" lineno="10486">
<summary>
Send audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_audit_client_packets" lineno="10505">
<summary>
Do not audit attempts to send audit_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_audit_client_packets" lineno="10524">
<summary>
Receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_audit_client_packets" lineno="10543">
<summary>
Do not audit attempts to receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_audit_client_packets" lineno="10562">
<summary>
Send and receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_audit_client_packets" lineno="10578">
<summary>
Do not audit attempts to send and receive audit_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_audit_client_packets" lineno="10593">
<summary>
Relabel packets to audit_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_audit_server_packets" lineno="10613">
<summary>
Send audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_audit_server_packets" lineno="10632">
<summary>
Do not audit attempts to send audit_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_audit_server_packets" lineno="10651">
<summary>
Receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_audit_server_packets" lineno="10670">
<summary>
Do not audit attempts to receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_audit_server_packets" lineno="10689">
<summary>
Send and receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_audit_server_packets" lineno="10705">
<summary>
Do not audit attempts to send and receive audit_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_audit_server_packets" lineno="10720">
<summary>
Relabel packets to audit_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_auth_port" lineno="10742">
<summary>
Send and receive TCP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_auth_port" lineno="10761">
<summary>
Send UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_auth_port" lineno="10780">
<summary>
Do not audit attempts to send UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_auth_port" lineno="10799">
<summary>
Receive UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_auth_port" lineno="10818">
<summary>
Do not audit attempts to receive UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_auth_port" lineno="10837">
<summary>
Send and receive UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_auth_port" lineno="10854">
<summary>
Do not audit attempts to send and receive
UDP traffic on the auth port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_auth_port" lineno="10870">
<summary>
Bind TCP sockets to the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_auth_port" lineno="10890">
<summary>
Bind UDP sockets to the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_auth_port" lineno="10909">
<summary>
Make a TCP connection to the auth port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_auth_client_packets" lineno="10929">
<summary>
Send auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_auth_client_packets" lineno="10948">
<summary>
Do not audit attempts to send auth_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_auth_client_packets" lineno="10967">
<summary>
Receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_auth_client_packets" lineno="10986">
<summary>
Do not audit attempts to receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_auth_client_packets" lineno="11005">
<summary>
Send and receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_auth_client_packets" lineno="11021">
<summary>
Do not audit attempts to send and receive auth_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_auth_client_packets" lineno="11036">
<summary>
Relabel packets to auth_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_auth_server_packets" lineno="11056">
<summary>
Send auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_auth_server_packets" lineno="11075">
<summary>
Do not audit attempts to send auth_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_auth_server_packets" lineno="11094">
<summary>
Receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_auth_server_packets" lineno="11113">
<summary>
Do not audit attempts to receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_auth_server_packets" lineno="11132">
<summary>
Send and receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_auth_server_packets" lineno="11148">
<summary>
Do not audit attempts to send and receive auth_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_auth_server_packets" lineno="11163">
<summary>
Relabel packets to auth_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_bacula_port" lineno="11185">
<summary>
Send and receive TCP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_bacula_port" lineno="11204">
<summary>
Send UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_bacula_port" lineno="11223">
<summary>
Do not audit attempts to send UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_bacula_port" lineno="11242">
<summary>
Receive UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_bacula_port" lineno="11261">
<summary>
Do not audit attempts to receive UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_bacula_port" lineno="11280">
<summary>
Send and receive UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_bacula_port" lineno="11297">
<summary>
Do not audit attempts to send and receive
UDP traffic on the bacula port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_bacula_port" lineno="11313">
<summary>
Bind TCP sockets to the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_bacula_port" lineno="11333">
<summary>
Bind UDP sockets to the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_bacula_port" lineno="11352">
<summary>
Make a TCP connection to the bacula port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bacula_client_packets" lineno="11372">
<summary>
Send bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bacula_client_packets" lineno="11391">
<summary>
Do not audit attempts to send bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bacula_client_packets" lineno="11410">
<summary>
Receive bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bacula_client_packets" lineno="11429">
<summary>
Do not audit attempts to receive bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bacula_client_packets" lineno="11448">
<summary>
Send and receive bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bacula_client_packets" lineno="11464">
<summary>
Do not audit attempts to send and receive bacula_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bacula_client_packets" lineno="11479">
<summary>
Relabel packets to bacula_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bacula_server_packets" lineno="11499">
<summary>
Send bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bacula_server_packets" lineno="11518">
<summary>
Do not audit attempts to send bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bacula_server_packets" lineno="11537">
<summary>
Receive bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bacula_server_packets" lineno="11556">
<summary>
Do not audit attempts to receive bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bacula_server_packets" lineno="11575">
<summary>
Send and receive bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bacula_server_packets" lineno="11591">
<summary>
Do not audit attempts to send and receive bacula_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bacula_server_packets" lineno="11606">
<summary>
Relabel packets to bacula_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_bgp_port" lineno="11628">
<summary>
Send and receive TCP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_bgp_port" lineno="11647">
<summary>
Send UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_bgp_port" lineno="11666">
<summary>
Do not audit attempts to send UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_bgp_port" lineno="11685">
<summary>
Receive UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_bgp_port" lineno="11704">
<summary>
Do not audit attempts to receive UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_bgp_port" lineno="11723">
<summary>
Send and receive UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_bgp_port" lineno="11740">
<summary>
Do not audit attempts to send and receive
UDP traffic on the bgp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_bgp_port" lineno="11756">
<summary>
Bind TCP sockets to the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_bgp_port" lineno="11776">
<summary>
Bind UDP sockets to the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_bgp_port" lineno="11795">
<summary>
Make a TCP connection to the bgp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bgp_client_packets" lineno="11815">
<summary>
Send bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bgp_client_packets" lineno="11834">
<summary>
Do not audit attempts to send bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bgp_client_packets" lineno="11853">
<summary>
Receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bgp_client_packets" lineno="11872">
<summary>
Do not audit attempts to receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bgp_client_packets" lineno="11891">
<summary>
Send and receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bgp_client_packets" lineno="11907">
<summary>
Do not audit attempts to send and receive bgp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bgp_client_packets" lineno="11922">
<summary>
Relabel packets to bgp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_bgp_server_packets" lineno="11942">
<summary>
Send bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_bgp_server_packets" lineno="11961">
<summary>
Do not audit attempts to send bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_bgp_server_packets" lineno="11980">
<summary>
Receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_bgp_server_packets" lineno="11999">
<summary>
Do not audit attempts to receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_bgp_server_packets" lineno="12018">
<summary>
Send and receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_bgp_server_packets" lineno="12034">
<summary>
Do not audit attempts to send and receive bgp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_bgp_server_packets" lineno="12049">
<summary>
Relabel packets to bgp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_boinc_port" lineno="12071">
<summary>
Send and receive TCP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_boinc_port" lineno="12090">
<summary>
Send UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_boinc_port" lineno="12109">
<summary>
Do not audit attempts to send UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_boinc_port" lineno="12128">
<summary>
Receive UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_boinc_port" lineno="12147">
<summary>
Do not audit attempts to receive UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_boinc_port" lineno="12166">
<summary>
Send and receive UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_boinc_port" lineno="12183">
<summary>
Do not audit attempts to send and receive
UDP traffic on the boinc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_boinc_port" lineno="12199">
<summary>
Bind TCP sockets to the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_boinc_port" lineno="12219">
<summary>
Bind UDP sockets to the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_boinc_port" lineno="12238">
<summary>
Make a TCP connection to the boinc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boinc_client_packets" lineno="12258">
<summary>
Send boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boinc_client_packets" lineno="12277">
<summary>
Do not audit attempts to send boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boinc_client_packets" lineno="12296">
<summary>
Receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boinc_client_packets" lineno="12315">
<summary>
Do not audit attempts to receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boinc_client_packets" lineno="12334">
<summary>
Send and receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boinc_client_packets" lineno="12350">
<summary>
Do not audit attempts to send and receive boinc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boinc_client_packets" lineno="12365">
<summary>
Relabel packets to boinc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_boinc_server_packets" lineno="12385">
<summary>
Send boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_boinc_server_packets" lineno="12404">
<summary>
Do not audit attempts to send boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_boinc_server_packets" lineno="12423">
<summary>
Receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_boinc_server_packets" lineno="12442">
<summary>
Do not audit attempts to receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_boinc_server_packets" lineno="12461">
<summary>
Send and receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_boinc_server_packets" lineno="12477">
<summary>
Do not audit attempts to send and receive boinc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_boinc_server_packets" lineno="12492">
<summary>
Relabel packets to boinc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_certmaster_port" lineno="12514">
<summary>
Send and receive TCP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_certmaster_port" lineno="12533">
<summary>
Send UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_certmaster_port" lineno="12552">
<summary>
Do not audit attempts to send UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_certmaster_port" lineno="12571">
<summary>
Receive UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_certmaster_port" lineno="12590">
<summary>
Do not audit attempts to receive UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_certmaster_port" lineno="12609">
<summary>
Send and receive UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_certmaster_port" lineno="12626">
<summary>
Do not audit attempts to send and receive
UDP traffic on the certmaster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_certmaster_port" lineno="12642">
<summary>
Bind TCP sockets to the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_certmaster_port" lineno="12662">
<summary>
Bind UDP sockets to the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_certmaster_port" lineno="12681">
<summary>
Make a TCP connection to the certmaster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_certmaster_client_packets" lineno="12701">
<summary>
Send certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_certmaster_client_packets" lineno="12720">
<summary>
Do not audit attempts to send certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_certmaster_client_packets" lineno="12739">
<summary>
Receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_certmaster_client_packets" lineno="12758">
<summary>
Do not audit attempts to receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_certmaster_client_packets" lineno="12777">
<summary>
Send and receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_certmaster_client_packets" lineno="12793">
<summary>
Do not audit attempts to send and receive certmaster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_certmaster_client_packets" lineno="12808">
<summary>
Relabel packets to certmaster_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_certmaster_server_packets" lineno="12828">
<summary>
Send certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_certmaster_server_packets" lineno="12847">
<summary>
Do not audit attempts to send certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_certmaster_server_packets" lineno="12866">
<summary>
Receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_certmaster_server_packets" lineno="12885">
<summary>
Do not audit attempts to receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_certmaster_server_packets" lineno="12904">
<summary>
Send and receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_certmaster_server_packets" lineno="12920">
<summary>
Do not audit attempts to send and receive certmaster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_certmaster_server_packets" lineno="12935">
<summary>
Relabel packets to certmaster_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cockpit_port" lineno="12957">
<summary>
Send and receive TCP traffic on the cockpit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cockpit_port" lineno="12976">
<summary>
Send UDP traffic on the cockpit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cockpit_port" lineno="12995">
<summary>
Do not audit attempts to send UDP traffic on the cockpit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cockpit_port" lineno="13014">
<summary>
Receive UDP traffic on the cockpit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cockpit_port" lineno="13033">
<summary>
Do not audit attempts to receive UDP traffic on the cockpit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cockpit_port" lineno="13052">
<summary>
Send and receive UDP traffic on the cockpit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cockpit_port" lineno="13069">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cockpit port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cockpit_port" lineno="13085">
<summary>
Bind TCP sockets to the cockpit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cockpit_port" lineno="13105">
<summary>
Bind UDP sockets to the cockpit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cockpit_port" lineno="13124">
<summary>
Make a TCP connection to the cockpit port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cockpit_client_packets" lineno="13144">
<summary>
Send cockpit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cockpit_client_packets" lineno="13163">
<summary>
Do not audit attempts to send cockpit_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cockpit_client_packets" lineno="13182">
<summary>
Receive cockpit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cockpit_client_packets" lineno="13201">
<summary>
Do not audit attempts to receive cockpit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cockpit_client_packets" lineno="13220">
<summary>
Send and receive cockpit_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cockpit_client_packets" lineno="13236">
<summary>
Do not audit attempts to send and receive cockpit_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cockpit_client_packets" lineno="13251">
<summary>
Relabel packets to cockpit_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cockpit_server_packets" lineno="13271">
<summary>
Send cockpit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cockpit_server_packets" lineno="13290">
<summary>
Do not audit attempts to send cockpit_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cockpit_server_packets" lineno="13309">
<summary>
Receive cockpit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cockpit_server_packets" lineno="13328">
<summary>
Do not audit attempts to receive cockpit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cockpit_server_packets" lineno="13347">
<summary>
Send and receive cockpit_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cockpit_server_packets" lineno="13363">
<summary>
Do not audit attempts to send and receive cockpit_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cockpit_server_packets" lineno="13378">
<summary>
Relabel packets to cockpit_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_collectd_port" lineno="13400">
<summary>
Send and receive TCP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_collectd_port" lineno="13419">
<summary>
Send UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_collectd_port" lineno="13438">
<summary>
Do not audit attempts to send UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_collectd_port" lineno="13457">
<summary>
Receive UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_collectd_port" lineno="13476">
<summary>
Do not audit attempts to receive UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_collectd_port" lineno="13495">
<summary>
Send and receive UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_collectd_port" lineno="13512">
<summary>
Do not audit attempts to send and receive
UDP traffic on the collectd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_collectd_port" lineno="13528">
<summary>
Bind TCP sockets to the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_collectd_port" lineno="13548">
<summary>
Bind UDP sockets to the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_collectd_port" lineno="13567">
<summary>
Make a TCP connection to the collectd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_collectd_client_packets" lineno="13587">
<summary>
Send collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_collectd_client_packets" lineno="13606">
<summary>
Do not audit attempts to send collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_collectd_client_packets" lineno="13625">
<summary>
Receive collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_collectd_client_packets" lineno="13644">
<summary>
Do not audit attempts to receive collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_collectd_client_packets" lineno="13663">
<summary>
Send and receive collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_collectd_client_packets" lineno="13679">
<summary>
Do not audit attempts to send and receive collectd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_collectd_client_packets" lineno="13694">
<summary>
Relabel packets to collectd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_collectd_server_packets" lineno="13714">
<summary>
Send collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_collectd_server_packets" lineno="13733">
<summary>
Do not audit attempts to send collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_collectd_server_packets" lineno="13752">
<summary>
Receive collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_collectd_server_packets" lineno="13771">
<summary>
Do not audit attempts to receive collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_collectd_server_packets" lineno="13790">
<summary>
Send and receive collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_collectd_server_packets" lineno="13806">
<summary>
Do not audit attempts to send and receive collectd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_collectd_server_packets" lineno="13821">
<summary>
Relabel packets to collectd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_chronyd_port" lineno="13843">
<summary>
Send and receive TCP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_chronyd_port" lineno="13862">
<summary>
Send UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_chronyd_port" lineno="13881">
<summary>
Do not audit attempts to send UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_chronyd_port" lineno="13900">
<summary>
Receive UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_chronyd_port" lineno="13919">
<summary>
Do not audit attempts to receive UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_chronyd_port" lineno="13938">
<summary>
Send and receive UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_chronyd_port" lineno="13955">
<summary>
Do not audit attempts to send and receive
UDP traffic on the chronyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_chronyd_port" lineno="13971">
<summary>
Bind TCP sockets to the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_chronyd_port" lineno="13991">
<summary>
Bind UDP sockets to the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_chronyd_port" lineno="14010">
<summary>
Make a TCP connection to the chronyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_chronyd_client_packets" lineno="14030">
<summary>
Send chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_chronyd_client_packets" lineno="14049">
<summary>
Do not audit attempts to send chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_chronyd_client_packets" lineno="14068">
<summary>
Receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_chronyd_client_packets" lineno="14087">
<summary>
Do not audit attempts to receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_chronyd_client_packets" lineno="14106">
<summary>
Send and receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_chronyd_client_packets" lineno="14122">
<summary>
Do not audit attempts to send and receive chronyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_chronyd_client_packets" lineno="14137">
<summary>
Relabel packets to chronyd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_chronyd_server_packets" lineno="14157">
<summary>
Send chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_chronyd_server_packets" lineno="14176">
<summary>
Do not audit attempts to send chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_chronyd_server_packets" lineno="14195">
<summary>
Receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_chronyd_server_packets" lineno="14214">
<summary>
Do not audit attempts to receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_chronyd_server_packets" lineno="14233">
<summary>
Send and receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_chronyd_server_packets" lineno="14249">
<summary>
Do not audit attempts to send and receive chronyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_chronyd_server_packets" lineno="14264">
<summary>
Relabel packets to chronyd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_clamd_port" lineno="14286">
<summary>
Send and receive TCP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_clamd_port" lineno="14305">
<summary>
Send UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_clamd_port" lineno="14324">
<summary>
Do not audit attempts to send UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_clamd_port" lineno="14343">
<summary>
Receive UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_clamd_port" lineno="14362">
<summary>
Do not audit attempts to receive UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_clamd_port" lineno="14381">
<summary>
Send and receive UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_clamd_port" lineno="14398">
<summary>
Do not audit attempts to send and receive
UDP traffic on the clamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_clamd_port" lineno="14414">
<summary>
Bind TCP sockets to the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_clamd_port" lineno="14434">
<summary>
Bind UDP sockets to the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_clamd_port" lineno="14453">
<summary>
Make a TCP connection to the clamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clamd_client_packets" lineno="14473">
<summary>
Send clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clamd_client_packets" lineno="14492">
<summary>
Do not audit attempts to send clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clamd_client_packets" lineno="14511">
<summary>
Receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clamd_client_packets" lineno="14530">
<summary>
Do not audit attempts to receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clamd_client_packets" lineno="14549">
<summary>
Send and receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clamd_client_packets" lineno="14565">
<summary>
Do not audit attempts to send and receive clamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clamd_client_packets" lineno="14580">
<summary>
Relabel packets to clamd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clamd_server_packets" lineno="14600">
<summary>
Send clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clamd_server_packets" lineno="14619">
<summary>
Do not audit attempts to send clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clamd_server_packets" lineno="14638">
<summary>
Receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clamd_server_packets" lineno="14657">
<summary>
Do not audit attempts to receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clamd_server_packets" lineno="14676">
<summary>
Send and receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clamd_server_packets" lineno="14692">
<summary>
Do not audit attempts to send and receive clamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clamd_server_packets" lineno="14707">
<summary>
Relabel packets to clamd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_clockspeed_port" lineno="14729">
<summary>
Send and receive TCP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_clockspeed_port" lineno="14748">
<summary>
Send UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_clockspeed_port" lineno="14767">
<summary>
Do not audit attempts to send UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_clockspeed_port" lineno="14786">
<summary>
Receive UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_clockspeed_port" lineno="14805">
<summary>
Do not audit attempts to receive UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_clockspeed_port" lineno="14824">
<summary>
Send and receive UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_clockspeed_port" lineno="14841">
<summary>
Do not audit attempts to send and receive
UDP traffic on the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_clockspeed_port" lineno="14857">
<summary>
Bind TCP sockets to the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_clockspeed_port" lineno="14877">
<summary>
Bind UDP sockets to the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_clockspeed_port" lineno="14896">
<summary>
Make a TCP connection to the clockspeed port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clockspeed_client_packets" lineno="14916">
<summary>
Send clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clockspeed_client_packets" lineno="14935">
<summary>
Do not audit attempts to send clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clockspeed_client_packets" lineno="14954">
<summary>
Receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clockspeed_client_packets" lineno="14973">
<summary>
Do not audit attempts to receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clockspeed_client_packets" lineno="14992">
<summary>
Send and receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clockspeed_client_packets" lineno="15008">
<summary>
Do not audit attempts to send and receive clockspeed_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clockspeed_client_packets" lineno="15023">
<summary>
Relabel packets to clockspeed_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_clockspeed_server_packets" lineno="15043">
<summary>
Send clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_clockspeed_server_packets" lineno="15062">
<summary>
Do not audit attempts to send clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_clockspeed_server_packets" lineno="15081">
<summary>
Receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_clockspeed_server_packets" lineno="15100">
<summary>
Do not audit attempts to receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_clockspeed_server_packets" lineno="15119">
<summary>
Send and receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_clockspeed_server_packets" lineno="15135">
<summary>
Do not audit attempts to send and receive clockspeed_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_clockspeed_server_packets" lineno="15150">
<summary>
Relabel packets to clockspeed_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cluster_port" lineno="15172">
<summary>
Send and receive TCP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cluster_port" lineno="15191">
<summary>
Send UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cluster_port" lineno="15210">
<summary>
Do not audit attempts to send UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cluster_port" lineno="15229">
<summary>
Receive UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cluster_port" lineno="15248">
<summary>
Do not audit attempts to receive UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cluster_port" lineno="15267">
<summary>
Send and receive UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cluster_port" lineno="15284">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cluster_port" lineno="15300">
<summary>
Bind TCP sockets to the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cluster_port" lineno="15320">
<summary>
Bind UDP sockets to the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cluster_port" lineno="15339">
<summary>
Make a TCP connection to the cluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cluster_client_packets" lineno="15359">
<summary>
Send cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cluster_client_packets" lineno="15378">
<summary>
Do not audit attempts to send cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cluster_client_packets" lineno="15397">
<summary>
Receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cluster_client_packets" lineno="15416">
<summary>
Do not audit attempts to receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cluster_client_packets" lineno="15435">
<summary>
Send and receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cluster_client_packets" lineno="15451">
<summary>
Do not audit attempts to send and receive cluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cluster_client_packets" lineno="15466">
<summary>
Relabel packets to cluster_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cluster_server_packets" lineno="15486">
<summary>
Send cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cluster_server_packets" lineno="15505">
<summary>
Do not audit attempts to send cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cluster_server_packets" lineno="15524">
<summary>
Receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cluster_server_packets" lineno="15543">
<summary>
Do not audit attempts to receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cluster_server_packets" lineno="15562">
<summary>
Send and receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cluster_server_packets" lineno="15578">
<summary>
Do not audit attempts to send and receive cluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cluster_server_packets" lineno="15593">
<summary>
Relabel packets to cluster_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cma_port" lineno="15615">
<summary>
Send and receive TCP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cma_port" lineno="15634">
<summary>
Send UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cma_port" lineno="15653">
<summary>
Do not audit attempts to send UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cma_port" lineno="15672">
<summary>
Receive UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cma_port" lineno="15691">
<summary>
Do not audit attempts to receive UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cma_port" lineno="15710">
<summary>
Send and receive UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cma_port" lineno="15727">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cma port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cma_port" lineno="15743">
<summary>
Bind TCP sockets to the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cma_port" lineno="15763">
<summary>
Bind UDP sockets to the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cma_port" lineno="15782">
<summary>
Make a TCP connection to the cma port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cma_client_packets" lineno="15802">
<summary>
Send cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cma_client_packets" lineno="15821">
<summary>
Do not audit attempts to send cma_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cma_client_packets" lineno="15840">
<summary>
Receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cma_client_packets" lineno="15859">
<summary>
Do not audit attempts to receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cma_client_packets" lineno="15878">
<summary>
Send and receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cma_client_packets" lineno="15894">
<summary>
Do not audit attempts to send and receive cma_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cma_client_packets" lineno="15909">
<summary>
Relabel packets to cma_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cma_server_packets" lineno="15929">
<summary>
Send cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cma_server_packets" lineno="15948">
<summary>
Do not audit attempts to send cma_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cma_server_packets" lineno="15967">
<summary>
Receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cma_server_packets" lineno="15986">
<summary>
Do not audit attempts to receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cma_server_packets" lineno="16005">
<summary>
Send and receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cma_server_packets" lineno="16021">
<summary>
Do not audit attempts to send and receive cma_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cma_server_packets" lineno="16036">
<summary>
Relabel packets to cma_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cobbler_port" lineno="16058">
<summary>
Send and receive TCP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cobbler_port" lineno="16077">
<summary>
Send UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cobbler_port" lineno="16096">
<summary>
Do not audit attempts to send UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cobbler_port" lineno="16115">
<summary>
Receive UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cobbler_port" lineno="16134">
<summary>
Do not audit attempts to receive UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cobbler_port" lineno="16153">
<summary>
Send and receive UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cobbler_port" lineno="16170">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cobbler port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cobbler_port" lineno="16186">
<summary>
Bind TCP sockets to the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cobbler_port" lineno="16206">
<summary>
Bind UDP sockets to the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cobbler_port" lineno="16225">
<summary>
Make a TCP connection to the cobbler port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cobbler_client_packets" lineno="16245">
<summary>
Send cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cobbler_client_packets" lineno="16264">
<summary>
Do not audit attempts to send cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cobbler_client_packets" lineno="16283">
<summary>
Receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cobbler_client_packets" lineno="16302">
<summary>
Do not audit attempts to receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cobbler_client_packets" lineno="16321">
<summary>
Send and receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cobbler_client_packets" lineno="16337">
<summary>
Do not audit attempts to send and receive cobbler_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cobbler_client_packets" lineno="16352">
<summary>
Relabel packets to cobbler_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cobbler_server_packets" lineno="16372">
<summary>
Send cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cobbler_server_packets" lineno="16391">
<summary>
Do not audit attempts to send cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cobbler_server_packets" lineno="16410">
<summary>
Receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cobbler_server_packets" lineno="16429">
<summary>
Do not audit attempts to receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cobbler_server_packets" lineno="16448">
<summary>
Send and receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cobbler_server_packets" lineno="16464">
<summary>
Do not audit attempts to send and receive cobbler_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cobbler_server_packets" lineno="16479">
<summary>
Relabel packets to cobbler_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_commplex_port" lineno="16501">
<summary>
Send and receive TCP traffic on the commplex port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_commplex_port" lineno="16520">
<summary>
Send UDP traffic on the commplex port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_commplex_port" lineno="16539">
<summary>
Do not audit attempts to send UDP traffic on the commplex port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_commplex_port" lineno="16558">
<summary>
Receive UDP traffic on the commplex port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_commplex_port" lineno="16577">
<summary>
Do not audit attempts to receive UDP traffic on the commplex port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_commplex_port" lineno="16596">
<summary>
Send and receive UDP traffic on the commplex port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_commplex_port" lineno="16613">
<summary>
Do not audit attempts to send and receive
UDP traffic on the commplex port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_commplex_port" lineno="16629">
<summary>
Bind TCP sockets to the commplex port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_commplex_port" lineno="16649">
<summary>
Bind UDP sockets to the commplex port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_commplex_port" lineno="16668">
<summary>
Make a TCP connection to the commplex port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_commplex_client_packets" lineno="16688">
<summary>
Send commplex_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_commplex_client_packets" lineno="16707">
<summary>
Do not audit attempts to send commplex_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_commplex_client_packets" lineno="16726">
<summary>
Receive commplex_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_commplex_client_packets" lineno="16745">
<summary>
Do not audit attempts to receive commplex_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_commplex_client_packets" lineno="16764">
<summary>
Send and receive commplex_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_commplex_client_packets" lineno="16780">
<summary>
Do not audit attempts to send and receive commplex_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_commplex_client_packets" lineno="16795">
<summary>
Relabel packets to commplex_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_commplex_server_packets" lineno="16815">
<summary>
Send commplex_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_commplex_server_packets" lineno="16834">
<summary>
Do not audit attempts to send commplex_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_commplex_server_packets" lineno="16853">
<summary>
Receive commplex_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_commplex_server_packets" lineno="16872">
<summary>
Do not audit attempts to receive commplex_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_commplex_server_packets" lineno="16891">
<summary>
Send and receive commplex_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_commplex_server_packets" lineno="16907">
<summary>
Do not audit attempts to send and receive commplex_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_commplex_server_packets" lineno="16922">
<summary>
Relabel packets to commplex_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_comsat_port" lineno="16944">
<summary>
Send and receive TCP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_comsat_port" lineno="16963">
<summary>
Send UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_comsat_port" lineno="16982">
<summary>
Do not audit attempts to send UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_comsat_port" lineno="17001">
<summary>
Receive UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_comsat_port" lineno="17020">
<summary>
Do not audit attempts to receive UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_comsat_port" lineno="17039">
<summary>
Send and receive UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_comsat_port" lineno="17056">
<summary>
Do not audit attempts to send and receive
UDP traffic on the comsat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_comsat_port" lineno="17072">
<summary>
Bind TCP sockets to the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_comsat_port" lineno="17092">
<summary>
Bind UDP sockets to the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_comsat_port" lineno="17111">
<summary>
Make a TCP connection to the comsat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_comsat_client_packets" lineno="17131">
<summary>
Send comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_comsat_client_packets" lineno="17150">
<summary>
Do not audit attempts to send comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_comsat_client_packets" lineno="17169">
<summary>
Receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_comsat_client_packets" lineno="17188">
<summary>
Do not audit attempts to receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_comsat_client_packets" lineno="17207">
<summary>
Send and receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_comsat_client_packets" lineno="17223">
<summary>
Do not audit attempts to send and receive comsat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_comsat_client_packets" lineno="17238">
<summary>
Relabel packets to comsat_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_comsat_server_packets" lineno="17258">
<summary>
Send comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_comsat_server_packets" lineno="17277">
<summary>
Do not audit attempts to send comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_comsat_server_packets" lineno="17296">
<summary>
Receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_comsat_server_packets" lineno="17315">
<summary>
Do not audit attempts to receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_comsat_server_packets" lineno="17334">
<summary>
Send and receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_comsat_server_packets" lineno="17350">
<summary>
Do not audit attempts to send and receive comsat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_comsat_server_packets" lineno="17365">
<summary>
Relabel packets to comsat_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_condor_port" lineno="17387">
<summary>
Send and receive TCP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_condor_port" lineno="17406">
<summary>
Send UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_condor_port" lineno="17425">
<summary>
Do not audit attempts to send UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_condor_port" lineno="17444">
<summary>
Receive UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_condor_port" lineno="17463">
<summary>
Do not audit attempts to receive UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_condor_port" lineno="17482">
<summary>
Send and receive UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_condor_port" lineno="17499">
<summary>
Do not audit attempts to send and receive
UDP traffic on the condor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_condor_port" lineno="17515">
<summary>
Bind TCP sockets to the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_condor_port" lineno="17535">
<summary>
Bind UDP sockets to the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_condor_port" lineno="17554">
<summary>
Make a TCP connection to the condor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_condor_client_packets" lineno="17574">
<summary>
Send condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_condor_client_packets" lineno="17593">
<summary>
Do not audit attempts to send condor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_condor_client_packets" lineno="17612">
<summary>
Receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_condor_client_packets" lineno="17631">
<summary>
Do not audit attempts to receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_condor_client_packets" lineno="17650">
<summary>
Send and receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_condor_client_packets" lineno="17666">
<summary>
Do not audit attempts to send and receive condor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_condor_client_packets" lineno="17681">
<summary>
Relabel packets to condor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_condor_server_packets" lineno="17701">
<summary>
Send condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_condor_server_packets" lineno="17720">
<summary>
Do not audit attempts to send condor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_condor_server_packets" lineno="17739">
<summary>
Receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_condor_server_packets" lineno="17758">
<summary>
Do not audit attempts to receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_condor_server_packets" lineno="17777">
<summary>
Send and receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_condor_server_packets" lineno="17793">
<summary>
Do not audit attempts to send and receive condor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_condor_server_packets" lineno="17808">
<summary>
Relabel packets to condor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_conman_port" lineno="17830">
<summary>
Send and receive TCP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_conman_port" lineno="17849">
<summary>
Send UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_conman_port" lineno="17868">
<summary>
Do not audit attempts to send UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_conman_port" lineno="17887">
<summary>
Receive UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_conman_port" lineno="17906">
<summary>
Do not audit attempts to receive UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_conman_port" lineno="17925">
<summary>
Send and receive UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_conman_port" lineno="17942">
<summary>
Do not audit attempts to send and receive
UDP traffic on the conman port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_conman_port" lineno="17958">
<summary>
Bind TCP sockets to the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_conman_port" lineno="17978">
<summary>
Bind UDP sockets to the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_conman_port" lineno="17997">
<summary>
Make a TCP connection to the conman port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_conman_client_packets" lineno="18017">
<summary>
Send conman_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_conman_client_packets" lineno="18036">
<summary>
Do not audit attempts to send conman_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_conman_client_packets" lineno="18055">
<summary>
Receive conman_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_conman_client_packets" lineno="18074">
<summary>
Do not audit attempts to receive conman_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_conman_client_packets" lineno="18093">
<summary>
Send and receive conman_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_conman_client_packets" lineno="18109">
<summary>
Do not audit attempts to send and receive conman_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_conman_client_packets" lineno="18124">
<summary>
Relabel packets to conman_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_conman_server_packets" lineno="18144">
<summary>
Send conman_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_conman_server_packets" lineno="18163">
<summary>
Do not audit attempts to send conman_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_conman_server_packets" lineno="18182">
<summary>
Receive conman_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_conman_server_packets" lineno="18201">
<summary>
Do not audit attempts to receive conman_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_conman_server_packets" lineno="18220">
<summary>
Send and receive conman_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_conman_server_packets" lineno="18236">
<summary>
Do not audit attempts to send and receive conman_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_conman_server_packets" lineno="18251">
<summary>
Relabel packets to conman_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ctdb_port" lineno="18273">
<summary>
Send and receive TCP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ctdb_port" lineno="18292">
<summary>
Send UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ctdb_port" lineno="18311">
<summary>
Do not audit attempts to send UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ctdb_port" lineno="18330">
<summary>
Receive UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ctdb_port" lineno="18349">
<summary>
Do not audit attempts to receive UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ctdb_port" lineno="18368">
<summary>
Send and receive UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ctdb_port" lineno="18385">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ctdb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ctdb_port" lineno="18401">
<summary>
Bind TCP sockets to the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ctdb_port" lineno="18421">
<summary>
Bind UDP sockets to the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ctdb_port" lineno="18440">
<summary>
Make a TCP connection to the ctdb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ctdb_client_packets" lineno="18460">
<summary>
Send ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ctdb_client_packets" lineno="18479">
<summary>
Do not audit attempts to send ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ctdb_client_packets" lineno="18498">
<summary>
Receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ctdb_client_packets" lineno="18517">
<summary>
Do not audit attempts to receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ctdb_client_packets" lineno="18536">
<summary>
Send and receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ctdb_client_packets" lineno="18552">
<summary>
Do not audit attempts to send and receive ctdb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ctdb_client_packets" lineno="18567">
<summary>
Relabel packets to ctdb_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ctdb_server_packets" lineno="18587">
<summary>
Send ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ctdb_server_packets" lineno="18606">
<summary>
Do not audit attempts to send ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ctdb_server_packets" lineno="18625">
<summary>
Receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ctdb_server_packets" lineno="18644">
<summary>
Do not audit attempts to receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ctdb_server_packets" lineno="18663">
<summary>
Send and receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ctdb_server_packets" lineno="18679">
<summary>
Do not audit attempts to send and receive ctdb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ctdb_server_packets" lineno="18694">
<summary>
Relabel packets to ctdb_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cvs_port" lineno="18716">
<summary>
Send and receive TCP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cvs_port" lineno="18735">
<summary>
Send UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cvs_port" lineno="18754">
<summary>
Do not audit attempts to send UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cvs_port" lineno="18773">
<summary>
Receive UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cvs_port" lineno="18792">
<summary>
Do not audit attempts to receive UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cvs_port" lineno="18811">
<summary>
Send and receive UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cvs_port" lineno="18828">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cvs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cvs_port" lineno="18844">
<summary>
Bind TCP sockets to the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cvs_port" lineno="18864">
<summary>
Bind UDP sockets to the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cvs_port" lineno="18883">
<summary>
Make a TCP connection to the cvs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cvs_client_packets" lineno="18903">
<summary>
Send cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cvs_client_packets" lineno="18922">
<summary>
Do not audit attempts to send cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cvs_client_packets" lineno="18941">
<summary>
Receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cvs_client_packets" lineno="18960">
<summary>
Do not audit attempts to receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cvs_client_packets" lineno="18979">
<summary>
Send and receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cvs_client_packets" lineno="18995">
<summary>
Do not audit attempts to send and receive cvs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cvs_client_packets" lineno="19010">
<summary>
Relabel packets to cvs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cvs_server_packets" lineno="19030">
<summary>
Send cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cvs_server_packets" lineno="19049">
<summary>
Do not audit attempts to send cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cvs_server_packets" lineno="19068">
<summary>
Receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cvs_server_packets" lineno="19087">
<summary>
Do not audit attempts to receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cvs_server_packets" lineno="19106">
<summary>
Send and receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cvs_server_packets" lineno="19122">
<summary>
Do not audit attempts to send and receive cvs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cvs_server_packets" lineno="19137">
<summary>
Relabel packets to cvs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_cyphesis_port" lineno="19159">
<summary>
Send and receive TCP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_cyphesis_port" lineno="19178">
<summary>
Send UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_cyphesis_port" lineno="19197">
<summary>
Do not audit attempts to send UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_cyphesis_port" lineno="19216">
<summary>
Receive UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_cyphesis_port" lineno="19235">
<summary>
Do not audit attempts to receive UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_cyphesis_port" lineno="19254">
<summary>
Send and receive UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_cyphesis_port" lineno="19271">
<summary>
Do not audit attempts to send and receive
UDP traffic on the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_cyphesis_port" lineno="19287">
<summary>
Bind TCP sockets to the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_cyphesis_port" lineno="19307">
<summary>
Bind UDP sockets to the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_cyphesis_port" lineno="19326">
<summary>
Make a TCP connection to the cyphesis port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cyphesis_client_packets" lineno="19346">
<summary>
Send cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cyphesis_client_packets" lineno="19365">
<summary>
Do not audit attempts to send cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cyphesis_client_packets" lineno="19384">
<summary>
Receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cyphesis_client_packets" lineno="19403">
<summary>
Do not audit attempts to receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cyphesis_client_packets" lineno="19422">
<summary>
Send and receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cyphesis_client_packets" lineno="19438">
<summary>
Do not audit attempts to send and receive cyphesis_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cyphesis_client_packets" lineno="19453">
<summary>
Relabel packets to cyphesis_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_cyphesis_server_packets" lineno="19473">
<summary>
Send cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_cyphesis_server_packets" lineno="19492">
<summary>
Do not audit attempts to send cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_cyphesis_server_packets" lineno="19511">
<summary>
Receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_cyphesis_server_packets" lineno="19530">
<summary>
Do not audit attempts to receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_cyphesis_server_packets" lineno="19549">
<summary>
Send and receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_cyphesis_server_packets" lineno="19565">
<summary>
Do not audit attempts to send and receive cyphesis_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_cyphesis_server_packets" lineno="19580">
<summary>
Relabel packets to cyphesis_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_connlcli_port" lineno="19602">
<summary>
Send and receive TCP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_connlcli_port" lineno="19621">
<summary>
Send UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_connlcli_port" lineno="19640">
<summary>
Do not audit attempts to send UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_connlcli_port" lineno="19659">
<summary>
Receive UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_connlcli_port" lineno="19678">
<summary>
Do not audit attempts to receive UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_connlcli_port" lineno="19697">
<summary>
Send and receive UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_connlcli_port" lineno="19714">
<summary>
Do not audit attempts to send and receive
UDP traffic on the connlcli port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_connlcli_port" lineno="19730">
<summary>
Bind TCP sockets to the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_connlcli_port" lineno="19750">
<summary>
Bind UDP sockets to the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_connlcli_port" lineno="19769">
<summary>
Make a TCP connection to the connlcli port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_connlcli_client_packets" lineno="19789">
<summary>
Send connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_connlcli_client_packets" lineno="19808">
<summary>
Do not audit attempts to send connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_connlcli_client_packets" lineno="19827">
<summary>
Receive connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_connlcli_client_packets" lineno="19846">
<summary>
Do not audit attempts to receive connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_connlcli_client_packets" lineno="19865">
<summary>
Send and receive connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_connlcli_client_packets" lineno="19881">
<summary>
Do not audit attempts to send and receive connlcli_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_connlcli_client_packets" lineno="19896">
<summary>
Relabel packets to connlcli_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_connlcli_server_packets" lineno="19916">
<summary>
Send connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_connlcli_server_packets" lineno="19935">
<summary>
Do not audit attempts to send connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_connlcli_server_packets" lineno="19954">
<summary>
Receive connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_connlcli_server_packets" lineno="19973">
<summary>
Do not audit attempts to receive connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_connlcli_server_packets" lineno="19992">
<summary>
Send and receive connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_connlcli_server_packets" lineno="20008">
<summary>
Do not audit attempts to send and receive connlcli_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_connlcli_server_packets" lineno="20023">
<summary>
Relabel packets to connlcli_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gluster_port" lineno="20045">
<summary>
Send and receive TCP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gluster_port" lineno="20064">
<summary>
Send UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gluster_port" lineno="20083">
<summary>
Do not audit attempts to send UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gluster_port" lineno="20102">
<summary>
Receive UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gluster_port" lineno="20121">
<summary>
Do not audit attempts to receive UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gluster_port" lineno="20140">
<summary>
Send and receive UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gluster_port" lineno="20157">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gluster_port" lineno="20173">
<summary>
Bind TCP sockets to the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gluster_port" lineno="20193">
<summary>
Bind UDP sockets to the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gluster_port" lineno="20212">
<summary>
Make a TCP connection to the gluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gluster_client_packets" lineno="20232">
<summary>
Send gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gluster_client_packets" lineno="20251">
<summary>
Do not audit attempts to send gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gluster_client_packets" lineno="20270">
<summary>
Receive gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gluster_client_packets" lineno="20289">
<summary>
Do not audit attempts to receive gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gluster_client_packets" lineno="20308">
<summary>
Send and receive gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gluster_client_packets" lineno="20324">
<summary>
Do not audit attempts to send and receive gluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gluster_client_packets" lineno="20339">
<summary>
Relabel packets to gluster_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gluster_server_packets" lineno="20359">
<summary>
Send gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gluster_server_packets" lineno="20378">
<summary>
Do not audit attempts to send gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gluster_server_packets" lineno="20397">
<summary>
Receive gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gluster_server_packets" lineno="20416">
<summary>
Do not audit attempts to receive gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gluster_server_packets" lineno="20435">
<summary>
Send and receive gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gluster_server_packets" lineno="20451">
<summary>
Do not audit attempts to send and receive gluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gluster_server_packets" lineno="20466">
<summary>
Relabel packets to gluster_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dbskkd_port" lineno="20488">
<summary>
Send and receive TCP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dbskkd_port" lineno="20507">
<summary>
Send UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dbskkd_port" lineno="20526">
<summary>
Do not audit attempts to send UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dbskkd_port" lineno="20545">
<summary>
Receive UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dbskkd_port" lineno="20564">
<summary>
Do not audit attempts to receive UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dbskkd_port" lineno="20583">
<summary>
Send and receive UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dbskkd_port" lineno="20600">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dbskkd_port" lineno="20616">
<summary>
Bind TCP sockets to the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dbskkd_port" lineno="20636">
<summary>
Bind UDP sockets to the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dbskkd_port" lineno="20655">
<summary>
Make a TCP connection to the dbskkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dbskkd_client_packets" lineno="20675">
<summary>
Send dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dbskkd_client_packets" lineno="20694">
<summary>
Do not audit attempts to send dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dbskkd_client_packets" lineno="20713">
<summary>
Receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dbskkd_client_packets" lineno="20732">
<summary>
Do not audit attempts to receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dbskkd_client_packets" lineno="20751">
<summary>
Send and receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dbskkd_client_packets" lineno="20767">
<summary>
Do not audit attempts to send and receive dbskkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dbskkd_client_packets" lineno="20782">
<summary>
Relabel packets to dbskkd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dbskkd_server_packets" lineno="20802">
<summary>
Send dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dbskkd_server_packets" lineno="20821">
<summary>
Do not audit attempts to send dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dbskkd_server_packets" lineno="20840">
<summary>
Receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dbskkd_server_packets" lineno="20859">
<summary>
Do not audit attempts to receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dbskkd_server_packets" lineno="20878">
<summary>
Send and receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dbskkd_server_packets" lineno="20894">
<summary>
Do not audit attempts to send and receive dbskkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dbskkd_server_packets" lineno="20909">
<summary>
Relabel packets to dbskkd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dcc_port" lineno="20931">
<summary>
Send and receive TCP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dcc_port" lineno="20950">
<summary>
Send UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dcc_port" lineno="20969">
<summary>
Do not audit attempts to send UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dcc_port" lineno="20988">
<summary>
Receive UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dcc_port" lineno="21007">
<summary>
Do not audit attempts to receive UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dcc_port" lineno="21026">
<summary>
Send and receive UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dcc_port" lineno="21043">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dcc_port" lineno="21059">
<summary>
Bind TCP sockets to the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dcc_port" lineno="21079">
<summary>
Bind UDP sockets to the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dcc_port" lineno="21098">
<summary>
Make a TCP connection to the dcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dcc_client_packets" lineno="21118">
<summary>
Send dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dcc_client_packets" lineno="21137">
<summary>
Do not audit attempts to send dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dcc_client_packets" lineno="21156">
<summary>
Receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dcc_client_packets" lineno="21175">
<summary>
Do not audit attempts to receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dcc_client_packets" lineno="21194">
<summary>
Send and receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dcc_client_packets" lineno="21210">
<summary>
Do not audit attempts to send and receive dcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dcc_client_packets" lineno="21225">
<summary>
Relabel packets to dcc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dcc_server_packets" lineno="21245">
<summary>
Send dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dcc_server_packets" lineno="21264">
<summary>
Do not audit attempts to send dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dcc_server_packets" lineno="21283">
<summary>
Receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dcc_server_packets" lineno="21302">
<summary>
Do not audit attempts to receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dcc_server_packets" lineno="21321">
<summary>
Send and receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dcc_server_packets" lineno="21337">
<summary>
Do not audit attempts to send and receive dcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dcc_server_packets" lineno="21352">
<summary>
Relabel packets to dcc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dccm_port" lineno="21374">
<summary>
Send and receive TCP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dccm_port" lineno="21393">
<summary>
Send UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dccm_port" lineno="21412">
<summary>
Do not audit attempts to send UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dccm_port" lineno="21431">
<summary>
Receive UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dccm_port" lineno="21450">
<summary>
Do not audit attempts to receive UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dccm_port" lineno="21469">
<summary>
Send and receive UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dccm_port" lineno="21486">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dccm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dccm_port" lineno="21502">
<summary>
Bind TCP sockets to the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dccm_port" lineno="21522">
<summary>
Bind UDP sockets to the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dccm_port" lineno="21541">
<summary>
Make a TCP connection to the dccm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dccm_client_packets" lineno="21561">
<summary>
Send dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dccm_client_packets" lineno="21580">
<summary>
Do not audit attempts to send dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dccm_client_packets" lineno="21599">
<summary>
Receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dccm_client_packets" lineno="21618">
<summary>
Do not audit attempts to receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dccm_client_packets" lineno="21637">
<summary>
Send and receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dccm_client_packets" lineno="21653">
<summary>
Do not audit attempts to send and receive dccm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dccm_client_packets" lineno="21668">
<summary>
Relabel packets to dccm_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dccm_server_packets" lineno="21688">
<summary>
Send dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dccm_server_packets" lineno="21707">
<summary>
Do not audit attempts to send dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dccm_server_packets" lineno="21726">
<summary>
Receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dccm_server_packets" lineno="21745">
<summary>
Do not audit attempts to receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dccm_server_packets" lineno="21764">
<summary>
Send and receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dccm_server_packets" lineno="21780">
<summary>
Do not audit attempts to send and receive dccm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dccm_server_packets" lineno="21795">
<summary>
Relabel packets to dccm_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dhcpc_port" lineno="21817">
<summary>
Send and receive TCP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dhcpc_port" lineno="21836">
<summary>
Send UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dhcpc_port" lineno="21855">
<summary>
Do not audit attempts to send UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dhcpc_port" lineno="21874">
<summary>
Receive UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dhcpc_port" lineno="21893">
<summary>
Do not audit attempts to receive UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dhcpc_port" lineno="21912">
<summary>
Send and receive UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dhcpc_port" lineno="21929">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dhcpc_port" lineno="21945">
<summary>
Bind TCP sockets to the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dhcpc_port" lineno="21965">
<summary>
Bind UDP sockets to the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dhcpc_port" lineno="21984">
<summary>
Make a TCP connection to the dhcpc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpc_client_packets" lineno="22004">
<summary>
Send dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpc_client_packets" lineno="22023">
<summary>
Do not audit attempts to send dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpc_client_packets" lineno="22042">
<summary>
Receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpc_client_packets" lineno="22061">
<summary>
Do not audit attempts to receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpc_client_packets" lineno="22080">
<summary>
Send and receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpc_client_packets" lineno="22096">
<summary>
Do not audit attempts to send and receive dhcpc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpc_client_packets" lineno="22111">
<summary>
Relabel packets to dhcpc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpc_server_packets" lineno="22131">
<summary>
Send dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpc_server_packets" lineno="22150">
<summary>
Do not audit attempts to send dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpc_server_packets" lineno="22169">
<summary>
Receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpc_server_packets" lineno="22188">
<summary>
Do not audit attempts to receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpc_server_packets" lineno="22207">
<summary>
Send and receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpc_server_packets" lineno="22223">
<summary>
Do not audit attempts to send and receive dhcpc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpc_server_packets" lineno="22238">
<summary>
Relabel packets to dhcpc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dhcpd_port" lineno="22260">
<summary>
Send and receive TCP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dhcpd_port" lineno="22279">
<summary>
Send UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dhcpd_port" lineno="22298">
<summary>
Do not audit attempts to send UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dhcpd_port" lineno="22317">
<summary>
Receive UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dhcpd_port" lineno="22336">
<summary>
Do not audit attempts to receive UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dhcpd_port" lineno="22355">
<summary>
Send and receive UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dhcpd_port" lineno="22372">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dhcpd_port" lineno="22388">
<summary>
Bind TCP sockets to the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dhcpd_port" lineno="22408">
<summary>
Bind UDP sockets to the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dhcpd_port" lineno="22427">
<summary>
Make a TCP connection to the dhcpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpd_client_packets" lineno="22447">
<summary>
Send dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpd_client_packets" lineno="22466">
<summary>
Do not audit attempts to send dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpd_client_packets" lineno="22485">
<summary>
Receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpd_client_packets" lineno="22504">
<summary>
Do not audit attempts to receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpd_client_packets" lineno="22523">
<summary>
Send and receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpd_client_packets" lineno="22539">
<summary>
Do not audit attempts to send and receive dhcpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpd_client_packets" lineno="22554">
<summary>
Relabel packets to dhcpd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dhcpd_server_packets" lineno="22574">
<summary>
Send dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dhcpd_server_packets" lineno="22593">
<summary>
Do not audit attempts to send dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dhcpd_server_packets" lineno="22612">
<summary>
Receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dhcpd_server_packets" lineno="22631">
<summary>
Do not audit attempts to receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dhcpd_server_packets" lineno="22650">
<summary>
Send and receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dhcpd_server_packets" lineno="22666">
<summary>
Do not audit attempts to send and receive dhcpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dhcpd_server_packets" lineno="22681">
<summary>
Relabel packets to dhcpd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dey_sapi_port" lineno="22703">
<summary>
Send and receive TCP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dey_sapi_port" lineno="22722">
<summary>
Send UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dey_sapi_port" lineno="22741">
<summary>
Do not audit attempts to send UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dey_sapi_port" lineno="22760">
<summary>
Receive UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dey_sapi_port" lineno="22779">
<summary>
Do not audit attempts to receive UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dey_sapi_port" lineno="22798">
<summary>
Send and receive UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dey_sapi_port" lineno="22815">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dey_sapi_port" lineno="22831">
<summary>
Bind TCP sockets to the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dey_sapi_port" lineno="22851">
<summary>
Bind UDP sockets to the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dey_sapi_port" lineno="22870">
<summary>
Make a TCP connection to the dey_sapi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dey_sapi_client_packets" lineno="22890">
<summary>
Send dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dey_sapi_client_packets" lineno="22909">
<summary>
Do not audit attempts to send dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dey_sapi_client_packets" lineno="22928">
<summary>
Receive dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dey_sapi_client_packets" lineno="22947">
<summary>
Do not audit attempts to receive dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dey_sapi_client_packets" lineno="22966">
<summary>
Send and receive dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dey_sapi_client_packets" lineno="22982">
<summary>
Do not audit attempts to send and receive dey_sapi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dey_sapi_client_packets" lineno="22997">
<summary>
Relabel packets to dey_sapi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dey_sapi_server_packets" lineno="23017">
<summary>
Send dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dey_sapi_server_packets" lineno="23036">
<summary>
Do not audit attempts to send dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dey_sapi_server_packets" lineno="23055">
<summary>
Receive dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dey_sapi_server_packets" lineno="23074">
<summary>
Do not audit attempts to receive dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dey_sapi_server_packets" lineno="23093">
<summary>
Send and receive dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dey_sapi_server_packets" lineno="23109">
<summary>
Do not audit attempts to send and receive dey_sapi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dey_sapi_server_packets" lineno="23124">
<summary>
Relabel packets to dey_sapi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dict_port" lineno="23146">
<summary>
Send and receive TCP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dict_port" lineno="23165">
<summary>
Send UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dict_port" lineno="23184">
<summary>
Do not audit attempts to send UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dict_port" lineno="23203">
<summary>
Receive UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dict_port" lineno="23222">
<summary>
Do not audit attempts to receive UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dict_port" lineno="23241">
<summary>
Send and receive UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dict_port" lineno="23258">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dict port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dict_port" lineno="23274">
<summary>
Bind TCP sockets to the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dict_port" lineno="23294">
<summary>
Bind UDP sockets to the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dict_port" lineno="23313">
<summary>
Make a TCP connection to the dict port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dict_client_packets" lineno="23333">
<summary>
Send dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dict_client_packets" lineno="23352">
<summary>
Do not audit attempts to send dict_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dict_client_packets" lineno="23371">
<summary>
Receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dict_client_packets" lineno="23390">
<summary>
Do not audit attempts to receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dict_client_packets" lineno="23409">
<summary>
Send and receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dict_client_packets" lineno="23425">
<summary>
Do not audit attempts to send and receive dict_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dict_client_packets" lineno="23440">
<summary>
Relabel packets to dict_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dict_server_packets" lineno="23460">
<summary>
Send dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dict_server_packets" lineno="23479">
<summary>
Do not audit attempts to send dict_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dict_server_packets" lineno="23498">
<summary>
Receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dict_server_packets" lineno="23517">
<summary>
Do not audit attempts to receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dict_server_packets" lineno="23536">
<summary>
Send and receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dict_server_packets" lineno="23552">
<summary>
Do not audit attempts to send and receive dict_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dict_server_packets" lineno="23567">
<summary>
Relabel packets to dict_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_distccd_port" lineno="23589">
<summary>
Send and receive TCP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_distccd_port" lineno="23608">
<summary>
Send UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_distccd_port" lineno="23627">
<summary>
Do not audit attempts to send UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_distccd_port" lineno="23646">
<summary>
Receive UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_distccd_port" lineno="23665">
<summary>
Do not audit attempts to receive UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_distccd_port" lineno="23684">
<summary>
Send and receive UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_distccd_port" lineno="23701">
<summary>
Do not audit attempts to send and receive
UDP traffic on the distccd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_distccd_port" lineno="23717">
<summary>
Bind TCP sockets to the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_distccd_port" lineno="23737">
<summary>
Bind UDP sockets to the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_distccd_port" lineno="23756">
<summary>
Make a TCP connection to the distccd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_distccd_client_packets" lineno="23776">
<summary>
Send distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_distccd_client_packets" lineno="23795">
<summary>
Do not audit attempts to send distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_distccd_client_packets" lineno="23814">
<summary>
Receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_distccd_client_packets" lineno="23833">
<summary>
Do not audit attempts to receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_distccd_client_packets" lineno="23852">
<summary>
Send and receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_distccd_client_packets" lineno="23868">
<summary>
Do not audit attempts to send and receive distccd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_distccd_client_packets" lineno="23883">
<summary>
Relabel packets to distccd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_distccd_server_packets" lineno="23903">
<summary>
Send distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_distccd_server_packets" lineno="23922">
<summary>
Do not audit attempts to send distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_distccd_server_packets" lineno="23941">
<summary>
Receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_distccd_server_packets" lineno="23960">
<summary>
Do not audit attempts to receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_distccd_server_packets" lineno="23979">
<summary>
Send and receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_distccd_server_packets" lineno="23995">
<summary>
Do not audit attempts to send and receive distccd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_distccd_server_packets" lineno="24010">
<summary>
Relabel packets to distccd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dns_port" lineno="24032">
<summary>
Send and receive TCP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dns_port" lineno="24051">
<summary>
Send UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dns_port" lineno="24070">
<summary>
Do not audit attempts to send UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dns_port" lineno="24089">
<summary>
Receive UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dns_port" lineno="24108">
<summary>
Do not audit attempts to receive UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dns_port" lineno="24127">
<summary>
Send and receive UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dns_port" lineno="24144">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dns_port" lineno="24160">
<summary>
Bind TCP sockets to the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dns_port" lineno="24180">
<summary>
Bind UDP sockets to the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dns_port" lineno="24199">
<summary>
Make a TCP connection to the dns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dns_client_packets" lineno="24219">
<summary>
Send dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dns_client_packets" lineno="24238">
<summary>
Do not audit attempts to send dns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dns_client_packets" lineno="24257">
<summary>
Receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dns_client_packets" lineno="24276">
<summary>
Do not audit attempts to receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dns_client_packets" lineno="24295">
<summary>
Send and receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dns_client_packets" lineno="24311">
<summary>
Do not audit attempts to send and receive dns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dns_client_packets" lineno="24326">
<summary>
Relabel packets to dns_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dns_server_packets" lineno="24346">
<summary>
Send dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dns_server_packets" lineno="24365">
<summary>
Do not audit attempts to send dns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dns_server_packets" lineno="24384">
<summary>
Receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dns_server_packets" lineno="24403">
<summary>
Do not audit attempts to receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dns_server_packets" lineno="24422">
<summary>
Send and receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dns_server_packets" lineno="24438">
<summary>
Do not audit attempts to send and receive dns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dns_server_packets" lineno="24453">
<summary>
Relabel packets to dns_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dogtag_port" lineno="24475">
<summary>
Send and receive TCP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dogtag_port" lineno="24494">
<summary>
Send UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dogtag_port" lineno="24513">
<summary>
Do not audit attempts to send UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dogtag_port" lineno="24532">
<summary>
Receive UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dogtag_port" lineno="24551">
<summary>
Do not audit attempts to receive UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dogtag_port" lineno="24570">
<summary>
Send and receive UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dogtag_port" lineno="24587">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dogtag port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dogtag_port" lineno="24603">
<summary>
Bind TCP sockets to the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dogtag_port" lineno="24623">
<summary>
Bind UDP sockets to the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dogtag_port" lineno="24642">
<summary>
Make a TCP connection to the dogtag port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dogtag_client_packets" lineno="24662">
<summary>
Send dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dogtag_client_packets" lineno="24681">
<summary>
Do not audit attempts to send dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dogtag_client_packets" lineno="24700">
<summary>
Receive dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dogtag_client_packets" lineno="24719">
<summary>
Do not audit attempts to receive dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dogtag_client_packets" lineno="24738">
<summary>
Send and receive dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dogtag_client_packets" lineno="24754">
<summary>
Do not audit attempts to send and receive dogtag_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dogtag_client_packets" lineno="24769">
<summary>
Relabel packets to dogtag_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dogtag_server_packets" lineno="24789">
<summary>
Send dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dogtag_server_packets" lineno="24808">
<summary>
Do not audit attempts to send dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dogtag_server_packets" lineno="24827">
<summary>
Receive dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dogtag_server_packets" lineno="24846">
<summary>
Do not audit attempts to receive dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dogtag_server_packets" lineno="24865">
<summary>
Send and receive dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dogtag_server_packets" lineno="24881">
<summary>
Do not audit attempts to send and receive dogtag_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dogtag_server_packets" lineno="24896">
<summary>
Relabel packets to dogtag_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_dspam_port" lineno="24918">
<summary>
Send and receive TCP traffic on the dspam port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_dspam_port" lineno="24937">
<summary>
Send UDP traffic on the dspam port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_dspam_port" lineno="24956">
<summary>
Do not audit attempts to send UDP traffic on the dspam port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_dspam_port" lineno="24975">
<summary>
Receive UDP traffic on the dspam port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_dspam_port" lineno="24994">
<summary>
Do not audit attempts to receive UDP traffic on the dspam port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_dspam_port" lineno="25013">
<summary>
Send and receive UDP traffic on the dspam port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_dspam_port" lineno="25030">
<summary>
Do not audit attempts to send and receive
UDP traffic on the dspam port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_dspam_port" lineno="25046">
<summary>
Bind TCP sockets to the dspam port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_dspam_port" lineno="25066">
<summary>
Bind UDP sockets to the dspam port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_dspam_port" lineno="25085">
<summary>
Make a TCP connection to the dspam port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dspam_client_packets" lineno="25105">
<summary>
Send dspam_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dspam_client_packets" lineno="25124">
<summary>
Do not audit attempts to send dspam_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dspam_client_packets" lineno="25143">
<summary>
Receive dspam_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dspam_client_packets" lineno="25162">
<summary>
Do not audit attempts to receive dspam_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dspam_client_packets" lineno="25181">
<summary>
Send and receive dspam_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dspam_client_packets" lineno="25197">
<summary>
Do not audit attempts to send and receive dspam_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dspam_client_packets" lineno="25212">
<summary>
Relabel packets to dspam_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_dspam_server_packets" lineno="25232">
<summary>
Send dspam_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_dspam_server_packets" lineno="25251">
<summary>
Do not audit attempts to send dspam_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_dspam_server_packets" lineno="25270">
<summary>
Receive dspam_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_dspam_server_packets" lineno="25289">
<summary>
Do not audit attempts to receive dspam_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_dspam_server_packets" lineno="25308">
<summary>
Send and receive dspam_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_dspam_server_packets" lineno="25324">
<summary>
Do not audit attempts to send and receive dspam_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_dspam_server_packets" lineno="25339">
<summary>
Relabel packets to dspam_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_epmap_port" lineno="25361">
<summary>
Send and receive TCP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_epmap_port" lineno="25380">
<summary>
Send UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_epmap_port" lineno="25399">
<summary>
Do not audit attempts to send UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_epmap_port" lineno="25418">
<summary>
Receive UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_epmap_port" lineno="25437">
<summary>
Do not audit attempts to receive UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_epmap_port" lineno="25456">
<summary>
Send and receive UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_epmap_port" lineno="25473">
<summary>
Do not audit attempts to send and receive
UDP traffic on the epmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_epmap_port" lineno="25489">
<summary>
Bind TCP sockets to the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_epmap_port" lineno="25509">
<summary>
Bind UDP sockets to the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_epmap_port" lineno="25528">
<summary>
Make a TCP connection to the epmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_epmap_client_packets" lineno="25548">
<summary>
Send epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_epmap_client_packets" lineno="25567">
<summary>
Do not audit attempts to send epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_epmap_client_packets" lineno="25586">
<summary>
Receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_epmap_client_packets" lineno="25605">
<summary>
Do not audit attempts to receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_epmap_client_packets" lineno="25624">
<summary>
Send and receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_epmap_client_packets" lineno="25640">
<summary>
Do not audit attempts to send and receive epmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_epmap_client_packets" lineno="25655">
<summary>
Relabel packets to epmap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_epmap_server_packets" lineno="25675">
<summary>
Send epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_epmap_server_packets" lineno="25694">
<summary>
Do not audit attempts to send epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_epmap_server_packets" lineno="25713">
<summary>
Receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_epmap_server_packets" lineno="25732">
<summary>
Do not audit attempts to receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_epmap_server_packets" lineno="25751">
<summary>
Send and receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_epmap_server_packets" lineno="25767">
<summary>
Do not audit attempts to send and receive epmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_epmap_server_packets" lineno="25782">
<summary>
Relabel packets to epmap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_festival_port" lineno="25804">
<summary>
Send and receive TCP traffic on the festival port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_festival_port" lineno="25823">
<summary>
Send UDP traffic on the festival port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_festival_port" lineno="25842">
<summary>
Do not audit attempts to send UDP traffic on the festival port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_festival_port" lineno="25861">
<summary>
Receive UDP traffic on the festival port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_festival_port" lineno="25880">
<summary>
Do not audit attempts to receive UDP traffic on the festival port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_festival_port" lineno="25899">
<summary>
Send and receive UDP traffic on the festival port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_festival_port" lineno="25916">
<summary>
Do not audit attempts to send and receive
UDP traffic on the festival port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_festival_port" lineno="25932">
<summary>
Bind TCP sockets to the festival port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_festival_port" lineno="25952">
<summary>
Bind UDP sockets to the festival port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_festival_port" lineno="25971">
<summary>
Make a TCP connection to the festival port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_festival_client_packets" lineno="25991">
<summary>
Send festival_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_festival_client_packets" lineno="26010">
<summary>
Do not audit attempts to send festival_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_festival_client_packets" lineno="26029">
<summary>
Receive festival_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_festival_client_packets" lineno="26048">
<summary>
Do not audit attempts to receive festival_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_festival_client_packets" lineno="26067">
<summary>
Send and receive festival_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_festival_client_packets" lineno="26083">
<summary>
Do not audit attempts to send and receive festival_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_festival_client_packets" lineno="26098">
<summary>
Relabel packets to festival_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_festival_server_packets" lineno="26118">
<summary>
Send festival_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_festival_server_packets" lineno="26137">
<summary>
Do not audit attempts to send festival_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_festival_server_packets" lineno="26156">
<summary>
Receive festival_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_festival_server_packets" lineno="26175">
<summary>
Do not audit attempts to receive festival_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_festival_server_packets" lineno="26194">
<summary>
Send and receive festival_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_festival_server_packets" lineno="26210">
<summary>
Do not audit attempts to send and receive festival_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_festival_server_packets" lineno="26225">
<summary>
Relabel packets to festival_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_fingerd_port" lineno="26247">
<summary>
Send and receive TCP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_fingerd_port" lineno="26266">
<summary>
Send UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_fingerd_port" lineno="26285">
<summary>
Do not audit attempts to send UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_fingerd_port" lineno="26304">
<summary>
Receive UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_fingerd_port" lineno="26323">
<summary>
Do not audit attempts to receive UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_fingerd_port" lineno="26342">
<summary>
Send and receive UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_fingerd_port" lineno="26359">
<summary>
Do not audit attempts to send and receive
UDP traffic on the fingerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_fingerd_port" lineno="26375">
<summary>
Bind TCP sockets to the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_fingerd_port" lineno="26395">
<summary>
Bind UDP sockets to the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_fingerd_port" lineno="26414">
<summary>
Make a TCP connection to the fingerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_fingerd_client_packets" lineno="26434">
<summary>
Send fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_fingerd_client_packets" lineno="26453">
<summary>
Do not audit attempts to send fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_fingerd_client_packets" lineno="26472">
<summary>
Receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_fingerd_client_packets" lineno="26491">
<summary>
Do not audit attempts to receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_fingerd_client_packets" lineno="26510">
<summary>
Send and receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_fingerd_client_packets" lineno="26526">
<summary>
Do not audit attempts to send and receive fingerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_fingerd_client_packets" lineno="26541">
<summary>
Relabel packets to fingerd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_fingerd_server_packets" lineno="26561">
<summary>
Send fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_fingerd_server_packets" lineno="26580">
<summary>
Do not audit attempts to send fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_fingerd_server_packets" lineno="26599">
<summary>
Receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_fingerd_server_packets" lineno="26618">
<summary>
Do not audit attempts to receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_fingerd_server_packets" lineno="26637">
<summary>
Send and receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_fingerd_server_packets" lineno="26653">
<summary>
Do not audit attempts to send and receive fingerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_fingerd_server_packets" lineno="26668">
<summary>
Relabel packets to fingerd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_flash_port" lineno="26690">
<summary>
Send and receive TCP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_flash_port" lineno="26709">
<summary>
Send UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_flash_port" lineno="26728">
<summary>
Do not audit attempts to send UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_flash_port" lineno="26747">
<summary>
Receive UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_flash_port" lineno="26766">
<summary>
Do not audit attempts to receive UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_flash_port" lineno="26785">
<summary>
Send and receive UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_flash_port" lineno="26802">
<summary>
Do not audit attempts to send and receive
UDP traffic on the flash port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_flash_port" lineno="26818">
<summary>
Bind TCP sockets to the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_flash_port" lineno="26838">
<summary>
Bind UDP sockets to the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_flash_port" lineno="26857">
<summary>
Make a TCP connection to the flash port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_flash_client_packets" lineno="26877">
<summary>
Send flash_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_flash_client_packets" lineno="26896">
<summary>
Do not audit attempts to send flash_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_flash_client_packets" lineno="26915">
<summary>
Receive flash_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_flash_client_packets" lineno="26934">
<summary>
Do not audit attempts to receive flash_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_flash_client_packets" lineno="26953">
<summary>
Send and receive flash_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_flash_client_packets" lineno="26969">
<summary>
Do not audit attempts to send and receive flash_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_flash_client_packets" lineno="26984">
<summary>
Relabel packets to flash_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_flash_server_packets" lineno="27004">
<summary>
Send flash_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_flash_server_packets" lineno="27023">
<summary>
Do not audit attempts to send flash_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_flash_server_packets" lineno="27042">
<summary>
Receive flash_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_flash_server_packets" lineno="27061">
<summary>
Do not audit attempts to receive flash_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_flash_server_packets" lineno="27080">
<summary>
Send and receive flash_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_flash_server_packets" lineno="27096">
<summary>
Do not audit attempts to send and receive flash_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_flash_server_packets" lineno="27111">
<summary>
Relabel packets to flash_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_florence_port" lineno="27133">
<summary>
Send and receive TCP traffic on the florence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_florence_port" lineno="27152">
<summary>
Send UDP traffic on the florence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_florence_port" lineno="27171">
<summary>
Do not audit attempts to send UDP traffic on the florence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_florence_port" lineno="27190">
<summary>
Receive UDP traffic on the florence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_florence_port" lineno="27209">
<summary>
Do not audit attempts to receive UDP traffic on the florence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_florence_port" lineno="27228">
<summary>
Send and receive UDP traffic on the florence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_florence_port" lineno="27245">
<summary>
Do not audit attempts to send and receive
UDP traffic on the florence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_florence_port" lineno="27261">
<summary>
Bind TCP sockets to the florence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_florence_port" lineno="27281">
<summary>
Bind UDP sockets to the florence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_florence_port" lineno="27300">
<summary>
Make a TCP connection to the florence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_florence_client_packets" lineno="27320">
<summary>
Send florence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_florence_client_packets" lineno="27339">
<summary>
Do not audit attempts to send florence_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_florence_client_packets" lineno="27358">
<summary>
Receive florence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_florence_client_packets" lineno="27377">
<summary>
Do not audit attempts to receive florence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_florence_client_packets" lineno="27396">
<summary>
Send and receive florence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_florence_client_packets" lineno="27412">
<summary>
Do not audit attempts to send and receive florence_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_florence_client_packets" lineno="27427">
<summary>
Relabel packets to florence_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_florence_server_packets" lineno="27447">
<summary>
Send florence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_florence_server_packets" lineno="27466">
<summary>
Do not audit attempts to send florence_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_florence_server_packets" lineno="27485">
<summary>
Receive florence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_florence_server_packets" lineno="27504">
<summary>
Do not audit attempts to receive florence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_florence_server_packets" lineno="27523">
<summary>
Send and receive florence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_florence_server_packets" lineno="27539">
<summary>
Do not audit attempts to send and receive florence_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_florence_server_packets" lineno="27554">
<summary>
Relabel packets to florence_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_freeipmi_port" lineno="27576">
<summary>
Send and receive TCP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_freeipmi_port" lineno="27595">
<summary>
Send UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_freeipmi_port" lineno="27614">
<summary>
Do not audit attempts to send UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_freeipmi_port" lineno="27633">
<summary>
Receive UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_freeipmi_port" lineno="27652">
<summary>
Do not audit attempts to receive UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_freeipmi_port" lineno="27671">
<summary>
Send and receive UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_freeipmi_port" lineno="27688">
<summary>
Do not audit attempts to send and receive
UDP traffic on the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_freeipmi_port" lineno="27704">
<summary>
Bind TCP sockets to the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_freeipmi_port" lineno="27724">
<summary>
Bind UDP sockets to the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_freeipmi_port" lineno="27743">
<summary>
Make a TCP connection to the freeipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_freeipmi_client_packets" lineno="27763">
<summary>
Send freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_freeipmi_client_packets" lineno="27782">
<summary>
Do not audit attempts to send freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_freeipmi_client_packets" lineno="27801">
<summary>
Receive freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_freeipmi_client_packets" lineno="27820">
<summary>
Do not audit attempts to receive freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_freeipmi_client_packets" lineno="27839">
<summary>
Send and receive freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_freeipmi_client_packets" lineno="27855">
<summary>
Do not audit attempts to send and receive freeipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_freeipmi_client_packets" lineno="27870">
<summary>
Relabel packets to freeipmi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_freeipmi_server_packets" lineno="27890">
<summary>
Send freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_freeipmi_server_packets" lineno="27909">
<summary>
Do not audit attempts to send freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_freeipmi_server_packets" lineno="27928">
<summary>
Receive freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_freeipmi_server_packets" lineno="27947">
<summary>
Do not audit attempts to receive freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_freeipmi_server_packets" lineno="27966">
<summary>
Send and receive freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_freeipmi_server_packets" lineno="27982">
<summary>
Do not audit attempts to send and receive freeipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_freeipmi_server_packets" lineno="27997">
<summary>
Relabel packets to freeipmi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ftp_port" lineno="28019">
<summary>
Send and receive TCP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ftp_port" lineno="28038">
<summary>
Send UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ftp_port" lineno="28057">
<summary>
Do not audit attempts to send UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ftp_port" lineno="28076">
<summary>
Receive UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ftp_port" lineno="28095">
<summary>
Do not audit attempts to receive UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ftp_port" lineno="28114">
<summary>
Send and receive UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ftp_port" lineno="28131">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ftp_port" lineno="28147">
<summary>
Bind TCP sockets to the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ftp_port" lineno="28167">
<summary>
Bind UDP sockets to the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ftp_port" lineno="28186">
<summary>
Make a TCP connection to the ftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_client_packets" lineno="28206">
<summary>
Send ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_client_packets" lineno="28225">
<summary>
Do not audit attempts to send ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_client_packets" lineno="28244">
<summary>
Receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_client_packets" lineno="28263">
<summary>
Do not audit attempts to receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_client_packets" lineno="28282">
<summary>
Send and receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_client_packets" lineno="28298">
<summary>
Do not audit attempts to send and receive ftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_client_packets" lineno="28313">
<summary>
Relabel packets to ftp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_server_packets" lineno="28333">
<summary>
Send ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_server_packets" lineno="28352">
<summary>
Do not audit attempts to send ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_server_packets" lineno="28371">
<summary>
Receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_server_packets" lineno="28390">
<summary>
Do not audit attempts to receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_server_packets" lineno="28409">
<summary>
Send and receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_server_packets" lineno="28425">
<summary>
Do not audit attempts to send and receive ftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_server_packets" lineno="28440">
<summary>
Relabel packets to ftp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ftp_data_port" lineno="28462">
<summary>
Send and receive TCP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ftp_data_port" lineno="28481">
<summary>
Send UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ftp_data_port" lineno="28500">
<summary>
Do not audit attempts to send UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ftp_data_port" lineno="28519">
<summary>
Receive UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ftp_data_port" lineno="28538">
<summary>
Do not audit attempts to receive UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ftp_data_port" lineno="28557">
<summary>
Send and receive UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ftp_data_port" lineno="28574">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ftp_data_port" lineno="28590">
<summary>
Bind TCP sockets to the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ftp_data_port" lineno="28610">
<summary>
Bind UDP sockets to the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ftp_data_port" lineno="28629">
<summary>
Make a TCP connection to the ftp_data port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_data_client_packets" lineno="28649">
<summary>
Send ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_data_client_packets" lineno="28668">
<summary>
Do not audit attempts to send ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_data_client_packets" lineno="28687">
<summary>
Receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_data_client_packets" lineno="28706">
<summary>
Do not audit attempts to receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_data_client_packets" lineno="28725">
<summary>
Send and receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_data_client_packets" lineno="28741">
<summary>
Do not audit attempts to send and receive ftp_data_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_data_client_packets" lineno="28756">
<summary>
Relabel packets to ftp_data_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ftp_data_server_packets" lineno="28776">
<summary>
Send ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ftp_data_server_packets" lineno="28795">
<summary>
Do not audit attempts to send ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ftp_data_server_packets" lineno="28814">
<summary>
Receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ftp_data_server_packets" lineno="28833">
<summary>
Do not audit attempts to receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ftp_data_server_packets" lineno="28852">
<summary>
Send and receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ftp_data_server_packets" lineno="28868">
<summary>
Do not audit attempts to send and receive ftp_data_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ftp_data_server_packets" lineno="28883">
<summary>
Relabel packets to ftp_data_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gatekeeper_port" lineno="28905">
<summary>
Send and receive TCP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gatekeeper_port" lineno="28924">
<summary>
Send UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gatekeeper_port" lineno="28943">
<summary>
Do not audit attempts to send UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gatekeeper_port" lineno="28962">
<summary>
Receive UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gatekeeper_port" lineno="28981">
<summary>
Do not audit attempts to receive UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gatekeeper_port" lineno="29000">
<summary>
Send and receive UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gatekeeper_port" lineno="29017">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gatekeeper_port" lineno="29033">
<summary>
Bind TCP sockets to the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gatekeeper_port" lineno="29053">
<summary>
Bind UDP sockets to the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gatekeeper_port" lineno="29072">
<summary>
Make a TCP connection to the gatekeeper port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gatekeeper_client_packets" lineno="29092">
<summary>
Send gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gatekeeper_client_packets" lineno="29111">
<summary>
Do not audit attempts to send gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gatekeeper_client_packets" lineno="29130">
<summary>
Receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gatekeeper_client_packets" lineno="29149">
<summary>
Do not audit attempts to receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gatekeeper_client_packets" lineno="29168">
<summary>
Send and receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gatekeeper_client_packets" lineno="29184">
<summary>
Do not audit attempts to send and receive gatekeeper_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gatekeeper_client_packets" lineno="29199">
<summary>
Relabel packets to gatekeeper_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gatekeeper_server_packets" lineno="29219">
<summary>
Send gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gatekeeper_server_packets" lineno="29238">
<summary>
Do not audit attempts to send gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gatekeeper_server_packets" lineno="29257">
<summary>
Receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gatekeeper_server_packets" lineno="29276">
<summary>
Do not audit attempts to receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gatekeeper_server_packets" lineno="29295">
<summary>
Send and receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gatekeeper_server_packets" lineno="29311">
<summary>
Do not audit attempts to send and receive gatekeeper_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gatekeeper_server_packets" lineno="29326">
<summary>
Relabel packets to gatekeeper_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_giftd_port" lineno="29348">
<summary>
Send and receive TCP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_giftd_port" lineno="29367">
<summary>
Send UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_giftd_port" lineno="29386">
<summary>
Do not audit attempts to send UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_giftd_port" lineno="29405">
<summary>
Receive UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_giftd_port" lineno="29424">
<summary>
Do not audit attempts to receive UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_giftd_port" lineno="29443">
<summary>
Send and receive UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_giftd_port" lineno="29460">
<summary>
Do not audit attempts to send and receive
UDP traffic on the giftd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_giftd_port" lineno="29476">
<summary>
Bind TCP sockets to the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_giftd_port" lineno="29496">
<summary>
Bind UDP sockets to the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_giftd_port" lineno="29515">
<summary>
Make a TCP connection to the giftd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_giftd_client_packets" lineno="29535">
<summary>
Send giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_giftd_client_packets" lineno="29554">
<summary>
Do not audit attempts to send giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_giftd_client_packets" lineno="29573">
<summary>
Receive giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_giftd_client_packets" lineno="29592">
<summary>
Do not audit attempts to receive giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_giftd_client_packets" lineno="29611">
<summary>
Send and receive giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_giftd_client_packets" lineno="29627">
<summary>
Do not audit attempts to send and receive giftd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_giftd_client_packets" lineno="29642">
<summary>
Relabel packets to giftd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_giftd_server_packets" lineno="29662">
<summary>
Send giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_giftd_server_packets" lineno="29681">
<summary>
Do not audit attempts to send giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_giftd_server_packets" lineno="29700">
<summary>
Receive giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_giftd_server_packets" lineno="29719">
<summary>
Do not audit attempts to receive giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_giftd_server_packets" lineno="29738">
<summary>
Send and receive giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_giftd_server_packets" lineno="29754">
<summary>
Do not audit attempts to send and receive giftd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_giftd_server_packets" lineno="29769">
<summary>
Relabel packets to giftd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_git_port" lineno="29791">
<summary>
Send and receive TCP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_git_port" lineno="29810">
<summary>
Send UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_git_port" lineno="29829">
<summary>
Do not audit attempts to send UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_git_port" lineno="29848">
<summary>
Receive UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_git_port" lineno="29867">
<summary>
Do not audit attempts to receive UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_git_port" lineno="29886">
<summary>
Send and receive UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_git_port" lineno="29903">
<summary>
Do not audit attempts to send and receive
UDP traffic on the git port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_git_port" lineno="29919">
<summary>
Bind TCP sockets to the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_git_port" lineno="29939">
<summary>
Bind UDP sockets to the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_git_port" lineno="29958">
<summary>
Make a TCP connection to the git port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_git_client_packets" lineno="29978">
<summary>
Send git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_git_client_packets" lineno="29997">
<summary>
Do not audit attempts to send git_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_git_client_packets" lineno="30016">
<summary>
Receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_git_client_packets" lineno="30035">
<summary>
Do not audit attempts to receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_git_client_packets" lineno="30054">
<summary>
Send and receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_git_client_packets" lineno="30070">
<summary>
Do not audit attempts to send and receive git_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_git_client_packets" lineno="30085">
<summary>
Relabel packets to git_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_git_server_packets" lineno="30105">
<summary>
Send git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_git_server_packets" lineno="30124">
<summary>
Do not audit attempts to send git_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_git_server_packets" lineno="30143">
<summary>
Receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_git_server_packets" lineno="30162">
<summary>
Do not audit attempts to receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_git_server_packets" lineno="30181">
<summary>
Send and receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_git_server_packets" lineno="30197">
<summary>
Do not audit attempts to send and receive git_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_git_server_packets" lineno="30212">
<summary>
Relabel packets to git_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_glance_port" lineno="30234">
<summary>
Send and receive TCP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_glance_port" lineno="30253">
<summary>
Send UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_glance_port" lineno="30272">
<summary>
Do not audit attempts to send UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_glance_port" lineno="30291">
<summary>
Receive UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_glance_port" lineno="30310">
<summary>
Do not audit attempts to receive UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_glance_port" lineno="30329">
<summary>
Send and receive UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_glance_port" lineno="30346">
<summary>
Do not audit attempts to send and receive
UDP traffic on the glance port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_glance_port" lineno="30362">
<summary>
Bind TCP sockets to the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_glance_port" lineno="30382">
<summary>
Bind UDP sockets to the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_glance_port" lineno="30401">
<summary>
Make a TCP connection to the glance port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_glance_client_packets" lineno="30421">
<summary>
Send glance_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_glance_client_packets" lineno="30440">
<summary>
Do not audit attempts to send glance_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_glance_client_packets" lineno="30459">
<summary>
Receive glance_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_glance_client_packets" lineno="30478">
<summary>
Do not audit attempts to receive glance_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_glance_client_packets" lineno="30497">
<summary>
Send and receive glance_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_glance_client_packets" lineno="30513">
<summary>
Do not audit attempts to send and receive glance_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_glance_client_packets" lineno="30528">
<summary>
Relabel packets to glance_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_glance_server_packets" lineno="30548">
<summary>
Send glance_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_glance_server_packets" lineno="30567">
<summary>
Do not audit attempts to send glance_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_glance_server_packets" lineno="30586">
<summary>
Receive glance_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_glance_server_packets" lineno="30605">
<summary>
Do not audit attempts to receive glance_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_glance_server_packets" lineno="30624">
<summary>
Send and receive glance_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_glance_server_packets" lineno="30640">
<summary>
Do not audit attempts to send and receive glance_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_glance_server_packets" lineno="30655">
<summary>
Relabel packets to glance_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_glance_registry_port" lineno="30677">
<summary>
Send and receive TCP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_glance_registry_port" lineno="30696">
<summary>
Send UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_glance_registry_port" lineno="30715">
<summary>
Do not audit attempts to send UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_glance_registry_port" lineno="30734">
<summary>
Receive UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_glance_registry_port" lineno="30753">
<summary>
Do not audit attempts to receive UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_glance_registry_port" lineno="30772">
<summary>
Send and receive UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_glance_registry_port" lineno="30789">
<summary>
Do not audit attempts to send and receive
UDP traffic on the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_glance_registry_port" lineno="30805">
<summary>
Bind TCP sockets to the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_glance_registry_port" lineno="30825">
<summary>
Bind UDP sockets to the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_glance_registry_port" lineno="30844">
<summary>
Make a TCP connection to the glance_registry port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_glance_registry_client_packets" lineno="30864">
<summary>
Send glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_glance_registry_client_packets" lineno="30883">
<summary>
Do not audit attempts to send glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_glance_registry_client_packets" lineno="30902">
<summary>
Receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_glance_registry_client_packets" lineno="30921">
<summary>
Do not audit attempts to receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_glance_registry_client_packets" lineno="30940">
<summary>
Send and receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_glance_registry_client_packets" lineno="30956">
<summary>
Do not audit attempts to send and receive glance_registry_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_glance_registry_client_packets" lineno="30971">
<summary>
Relabel packets to glance_registry_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_glance_registry_server_packets" lineno="30991">
<summary>
Send glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_glance_registry_server_packets" lineno="31010">
<summary>
Do not audit attempts to send glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_glance_registry_server_packets" lineno="31029">
<summary>
Receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_glance_registry_server_packets" lineno="31048">
<summary>
Do not audit attempts to receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_glance_registry_server_packets" lineno="31067">
<summary>
Send and receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_glance_registry_server_packets" lineno="31083">
<summary>
Do not audit attempts to send and receive glance_registry_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_glance_registry_server_packets" lineno="31098">
<summary>
Relabel packets to glance_registry_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gopher_port" lineno="31120">
<summary>
Send and receive TCP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gopher_port" lineno="31139">
<summary>
Send UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gopher_port" lineno="31158">
<summary>
Do not audit attempts to send UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gopher_port" lineno="31177">
<summary>
Receive UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gopher_port" lineno="31196">
<summary>
Do not audit attempts to receive UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gopher_port" lineno="31215">
<summary>
Send and receive UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gopher_port" lineno="31232">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gopher port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gopher_port" lineno="31248">
<summary>
Bind TCP sockets to the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gopher_port" lineno="31268">
<summary>
Bind UDP sockets to the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gopher_port" lineno="31287">
<summary>
Make a TCP connection to the gopher port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gopher_client_packets" lineno="31307">
<summary>
Send gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gopher_client_packets" lineno="31326">
<summary>
Do not audit attempts to send gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gopher_client_packets" lineno="31345">
<summary>
Receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gopher_client_packets" lineno="31364">
<summary>
Do not audit attempts to receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gopher_client_packets" lineno="31383">
<summary>
Send and receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gopher_client_packets" lineno="31399">
<summary>
Do not audit attempts to send and receive gopher_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gopher_client_packets" lineno="31414">
<summary>
Relabel packets to gopher_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gopher_server_packets" lineno="31434">
<summary>
Send gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gopher_server_packets" lineno="31453">
<summary>
Do not audit attempts to send gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gopher_server_packets" lineno="31472">
<summary>
Receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gopher_server_packets" lineno="31491">
<summary>
Do not audit attempts to receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gopher_server_packets" lineno="31510">
<summary>
Send and receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gopher_server_packets" lineno="31526">
<summary>
Do not audit attempts to send and receive gopher_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gopher_server_packets" lineno="31541">
<summary>
Relabel packets to gopher_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_gpsd_port" lineno="31563">
<summary>
Send and receive TCP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_gpsd_port" lineno="31582">
<summary>
Send UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_gpsd_port" lineno="31601">
<summary>
Do not audit attempts to send UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_gpsd_port" lineno="31620">
<summary>
Receive UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_gpsd_port" lineno="31639">
<summary>
Do not audit attempts to receive UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_gpsd_port" lineno="31658">
<summary>
Send and receive UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_gpsd_port" lineno="31675">
<summary>
Do not audit attempts to send and receive
UDP traffic on the gpsd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_gpsd_port" lineno="31691">
<summary>
Bind TCP sockets to the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_gpsd_port" lineno="31711">
<summary>
Bind UDP sockets to the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_gpsd_port" lineno="31730">
<summary>
Make a TCP connection to the gpsd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gpsd_client_packets" lineno="31750">
<summary>
Send gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gpsd_client_packets" lineno="31769">
<summary>
Do not audit attempts to send gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gpsd_client_packets" lineno="31788">
<summary>
Receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gpsd_client_packets" lineno="31807">
<summary>
Do not audit attempts to receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gpsd_client_packets" lineno="31826">
<summary>
Send and receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gpsd_client_packets" lineno="31842">
<summary>
Do not audit attempts to send and receive gpsd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gpsd_client_packets" lineno="31857">
<summary>
Relabel packets to gpsd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_gpsd_server_packets" lineno="31877">
<summary>
Send gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_gpsd_server_packets" lineno="31896">
<summary>
Do not audit attempts to send gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_gpsd_server_packets" lineno="31915">
<summary>
Receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_gpsd_server_packets" lineno="31934">
<summary>
Do not audit attempts to receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_gpsd_server_packets" lineno="31953">
<summary>
Send and receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_gpsd_server_packets" lineno="31969">
<summary>
Do not audit attempts to send and receive gpsd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_gpsd_server_packets" lineno="31984">
<summary>
Relabel packets to gpsd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_hddtemp_port" lineno="32006">
<summary>
Send and receive TCP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_hddtemp_port" lineno="32025">
<summary>
Send UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_hddtemp_port" lineno="32044">
<summary>
Do not audit attempts to send UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_hddtemp_port" lineno="32063">
<summary>
Receive UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_hddtemp_port" lineno="32082">
<summary>
Do not audit attempts to receive UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_hddtemp_port" lineno="32101">
<summary>
Send and receive UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_hddtemp_port" lineno="32118">
<summary>
Do not audit attempts to send and receive
UDP traffic on the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_hddtemp_port" lineno="32134">
<summary>
Bind TCP sockets to the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_hddtemp_port" lineno="32154">
<summary>
Bind UDP sockets to the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_hddtemp_port" lineno="32173">
<summary>
Make a TCP connection to the hddtemp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hddtemp_client_packets" lineno="32193">
<summary>
Send hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hddtemp_client_packets" lineno="32212">
<summary>
Do not audit attempts to send hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hddtemp_client_packets" lineno="32231">
<summary>
Receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hddtemp_client_packets" lineno="32250">
<summary>
Do not audit attempts to receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hddtemp_client_packets" lineno="32269">
<summary>
Send and receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hddtemp_client_packets" lineno="32285">
<summary>
Do not audit attempts to send and receive hddtemp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hddtemp_client_packets" lineno="32300">
<summary>
Relabel packets to hddtemp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hddtemp_server_packets" lineno="32320">
<summary>
Send hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hddtemp_server_packets" lineno="32339">
<summary>
Do not audit attempts to send hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hddtemp_server_packets" lineno="32358">
<summary>
Receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hddtemp_server_packets" lineno="32377">
<summary>
Do not audit attempts to receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hddtemp_server_packets" lineno="32396">
<summary>
Send and receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hddtemp_server_packets" lineno="32412">
<summary>
Do not audit attempts to send and receive hddtemp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hddtemp_server_packets" lineno="32427">
<summary>
Relabel packets to hddtemp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_howl_port" lineno="32449">
<summary>
Send and receive TCP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_howl_port" lineno="32468">
<summary>
Send UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_howl_port" lineno="32487">
<summary>
Do not audit attempts to send UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_howl_port" lineno="32506">
<summary>
Receive UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_howl_port" lineno="32525">
<summary>
Do not audit attempts to receive UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_howl_port" lineno="32544">
<summary>
Send and receive UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_howl_port" lineno="32561">
<summary>
Do not audit attempts to send and receive
UDP traffic on the howl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_howl_port" lineno="32577">
<summary>
Bind TCP sockets to the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_howl_port" lineno="32597">
<summary>
Bind UDP sockets to the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_howl_port" lineno="32616">
<summary>
Make a TCP connection to the howl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_howl_client_packets" lineno="32636">
<summary>
Send howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_howl_client_packets" lineno="32655">
<summary>
Do not audit attempts to send howl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_howl_client_packets" lineno="32674">
<summary>
Receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_howl_client_packets" lineno="32693">
<summary>
Do not audit attempts to receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_howl_client_packets" lineno="32712">
<summary>
Send and receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_howl_client_packets" lineno="32728">
<summary>
Do not audit attempts to send and receive howl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_howl_client_packets" lineno="32743">
<summary>
Relabel packets to howl_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_howl_server_packets" lineno="32763">
<summary>
Send howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_howl_server_packets" lineno="32782">
<summary>
Do not audit attempts to send howl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_howl_server_packets" lineno="32801">
<summary>
Receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_howl_server_packets" lineno="32820">
<summary>
Do not audit attempts to receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_howl_server_packets" lineno="32839">
<summary>
Send and receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_howl_server_packets" lineno="32855">
<summary>
Do not audit attempts to send and receive howl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_howl_server_packets" lineno="32870">
<summary>
Relabel packets to howl_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_hplip_port" lineno="32892">
<summary>
Send and receive TCP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_hplip_port" lineno="32911">
<summary>
Send UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_hplip_port" lineno="32930">
<summary>
Do not audit attempts to send UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_hplip_port" lineno="32949">
<summary>
Receive UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_hplip_port" lineno="32968">
<summary>
Do not audit attempts to receive UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_hplip_port" lineno="32987">
<summary>
Send and receive UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_hplip_port" lineno="33004">
<summary>
Do not audit attempts to send and receive
UDP traffic on the hplip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_hplip_port" lineno="33020">
<summary>
Bind TCP sockets to the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_hplip_port" lineno="33040">
<summary>
Bind UDP sockets to the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_hplip_port" lineno="33059">
<summary>
Make a TCP connection to the hplip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hplip_client_packets" lineno="33079">
<summary>
Send hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hplip_client_packets" lineno="33098">
<summary>
Do not audit attempts to send hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hplip_client_packets" lineno="33117">
<summary>
Receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hplip_client_packets" lineno="33136">
<summary>
Do not audit attempts to receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hplip_client_packets" lineno="33155">
<summary>
Send and receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hplip_client_packets" lineno="33171">
<summary>
Do not audit attempts to send and receive hplip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hplip_client_packets" lineno="33186">
<summary>
Relabel packets to hplip_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_hplip_server_packets" lineno="33206">
<summary>
Send hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_hplip_server_packets" lineno="33225">
<summary>
Do not audit attempts to send hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_hplip_server_packets" lineno="33244">
<summary>
Receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_hplip_server_packets" lineno="33263">
<summary>
Do not audit attempts to receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_hplip_server_packets" lineno="33282">
<summary>
Send and receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_hplip_server_packets" lineno="33298">
<summary>
Do not audit attempts to send and receive hplip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_hplip_server_packets" lineno="33313">
<summary>
Relabel packets to hplip_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_http_port" lineno="33335">
<summary>
Send and receive TCP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_http_port" lineno="33354">
<summary>
Send UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_http_port" lineno="33373">
<summary>
Do not audit attempts to send UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_http_port" lineno="33392">
<summary>
Receive UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_http_port" lineno="33411">
<summary>
Do not audit attempts to receive UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_http_port" lineno="33430">
<summary>
Send and receive UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_http_port" lineno="33447">
<summary>
Do not audit attempts to send and receive
UDP traffic on the http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_http_port" lineno="33463">
<summary>
Bind TCP sockets to the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_http_port" lineno="33483">
<summary>
Bind UDP sockets to the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_http_port" lineno="33502">
<summary>
Make a TCP connection to the http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_client_packets" lineno="33522">
<summary>
Send http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_client_packets" lineno="33541">
<summary>
Do not audit attempts to send http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_client_packets" lineno="33560">
<summary>
Receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_client_packets" lineno="33579">
<summary>
Do not audit attempts to receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_client_packets" lineno="33598">
<summary>
Send and receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_client_packets" lineno="33614">
<summary>
Do not audit attempts to send and receive http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_client_packets" lineno="33629">
<summary>
Relabel packets to http_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_server_packets" lineno="33649">
<summary>
Send http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_server_packets" lineno="33668">
<summary>
Do not audit attempts to send http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_server_packets" lineno="33687">
<summary>
Receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_server_packets" lineno="33706">
<summary>
Do not audit attempts to receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_server_packets" lineno="33725">
<summary>
Send and receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_server_packets" lineno="33741">
<summary>
Do not audit attempts to send and receive http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_server_packets" lineno="33756">
<summary>
Relabel packets to http_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_http_cache_port" lineno="33778">
<summary>
Send and receive TCP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_http_cache_port" lineno="33797">
<summary>
Send UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_http_cache_port" lineno="33816">
<summary>
Do not audit attempts to send UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_http_cache_port" lineno="33835">
<summary>
Receive UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_http_cache_port" lineno="33854">
<summary>
Do not audit attempts to receive UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_http_cache_port" lineno="33873">
<summary>
Send and receive UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_http_cache_port" lineno="33890">
<summary>
Do not audit attempts to send and receive
UDP traffic on the http_cache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_http_cache_port" lineno="33906">
<summary>
Bind TCP sockets to the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_http_cache_port" lineno="33926">
<summary>
Bind UDP sockets to the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_http_cache_port" lineno="33945">
<summary>
Make a TCP connection to the http_cache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_cache_client_packets" lineno="33965">
<summary>
Send http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_cache_client_packets" lineno="33984">
<summary>
Do not audit attempts to send http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_cache_client_packets" lineno="34003">
<summary>
Receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_cache_client_packets" lineno="34022">
<summary>
Do not audit attempts to receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_cache_client_packets" lineno="34041">
<summary>
Send and receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_cache_client_packets" lineno="34057">
<summary>
Do not audit attempts to send and receive http_cache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_cache_client_packets" lineno="34072">
<summary>
Relabel packets to http_cache_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_http_cache_server_packets" lineno="34092">
<summary>
Send http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_http_cache_server_packets" lineno="34111">
<summary>
Do not audit attempts to send http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_http_cache_server_packets" lineno="34130">
<summary>
Receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_http_cache_server_packets" lineno="34149">
<summary>
Do not audit attempts to receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_http_cache_server_packets" lineno="34168">
<summary>
Send and receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_http_cache_server_packets" lineno="34184">
<summary>
Do not audit attempts to send and receive http_cache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_http_cache_server_packets" lineno="34199">
<summary>
Relabel packets to http_cache_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_i18n_input_port" lineno="34221">
<summary>
Send and receive TCP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_i18n_input_port" lineno="34240">
<summary>
Send UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_i18n_input_port" lineno="34259">
<summary>
Do not audit attempts to send UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_i18n_input_port" lineno="34278">
<summary>
Receive UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_i18n_input_port" lineno="34297">
<summary>
Do not audit attempts to receive UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_i18n_input_port" lineno="34316">
<summary>
Send and receive UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_i18n_input_port" lineno="34333">
<summary>
Do not audit attempts to send and receive
UDP traffic on the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_i18n_input_port" lineno="34349">
<summary>
Bind TCP sockets to the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_i18n_input_port" lineno="34369">
<summary>
Bind UDP sockets to the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_i18n_input_port" lineno="34388">
<summary>
Make a TCP connection to the i18n_input port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_i18n_input_client_packets" lineno="34408">
<summary>
Send i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_i18n_input_client_packets" lineno="34427">
<summary>
Do not audit attempts to send i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_i18n_input_client_packets" lineno="34446">
<summary>
Receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_i18n_input_client_packets" lineno="34465">
<summary>
Do not audit attempts to receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_i18n_input_client_packets" lineno="34484">
<summary>
Send and receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_i18n_input_client_packets" lineno="34500">
<summary>
Do not audit attempts to send and receive i18n_input_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_i18n_input_client_packets" lineno="34515">
<summary>
Relabel packets to i18n_input_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_i18n_input_server_packets" lineno="34535">
<summary>
Send i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_i18n_input_server_packets" lineno="34554">
<summary>
Do not audit attempts to send i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_i18n_input_server_packets" lineno="34573">
<summary>
Receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_i18n_input_server_packets" lineno="34592">
<summary>
Do not audit attempts to receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_i18n_input_server_packets" lineno="34611">
<summary>
Send and receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_i18n_input_server_packets" lineno="34627">
<summary>
Do not audit attempts to send and receive i18n_input_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_i18n_input_server_packets" lineno="34642">
<summary>
Relabel packets to i18n_input_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_imaze_port" lineno="34664">
<summary>
Send and receive TCP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_imaze_port" lineno="34683">
<summary>
Send UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_imaze_port" lineno="34702">
<summary>
Do not audit attempts to send UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_imaze_port" lineno="34721">
<summary>
Receive UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_imaze_port" lineno="34740">
<summary>
Do not audit attempts to receive UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_imaze_port" lineno="34759">
<summary>
Send and receive UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_imaze_port" lineno="34776">
<summary>
Do not audit attempts to send and receive
UDP traffic on the imaze port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_imaze_port" lineno="34792">
<summary>
Bind TCP sockets to the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_imaze_port" lineno="34812">
<summary>
Bind UDP sockets to the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_imaze_port" lineno="34831">
<summary>
Make a TCP connection to the imaze port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_imaze_client_packets" lineno="34851">
<summary>
Send imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_imaze_client_packets" lineno="34870">
<summary>
Do not audit attempts to send imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_imaze_client_packets" lineno="34889">
<summary>
Receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_imaze_client_packets" lineno="34908">
<summary>
Do not audit attempts to receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_imaze_client_packets" lineno="34927">
<summary>
Send and receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_imaze_client_packets" lineno="34943">
<summary>
Do not audit attempts to send and receive imaze_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_imaze_client_packets" lineno="34958">
<summary>
Relabel packets to imaze_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_imaze_server_packets" lineno="34978">
<summary>
Send imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_imaze_server_packets" lineno="34997">
<summary>
Do not audit attempts to send imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_imaze_server_packets" lineno="35016">
<summary>
Receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_imaze_server_packets" lineno="35035">
<summary>
Do not audit attempts to receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_imaze_server_packets" lineno="35054">
<summary>
Send and receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_imaze_server_packets" lineno="35070">
<summary>
Do not audit attempts to send and receive imaze_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_imaze_server_packets" lineno="35085">
<summary>
Relabel packets to imaze_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_inetd_child_port" lineno="35107">
<summary>
Send and receive TCP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_inetd_child_port" lineno="35126">
<summary>
Send UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_inetd_child_port" lineno="35145">
<summary>
Do not audit attempts to send UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_inetd_child_port" lineno="35164">
<summary>
Receive UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_inetd_child_port" lineno="35183">
<summary>
Do not audit attempts to receive UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_inetd_child_port" lineno="35202">
<summary>
Send and receive UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_inetd_child_port" lineno="35219">
<summary>
Do not audit attempts to send and receive
UDP traffic on the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_inetd_child_port" lineno="35235">
<summary>
Bind TCP sockets to the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_inetd_child_port" lineno="35255">
<summary>
Bind UDP sockets to the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_inetd_child_port" lineno="35274">
<summary>
Make a TCP connection to the inetd_child port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_inetd_child_client_packets" lineno="35294">
<summary>
Send inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_inetd_child_client_packets" lineno="35313">
<summary>
Do not audit attempts to send inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_inetd_child_client_packets" lineno="35332">
<summary>
Receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_inetd_child_client_packets" lineno="35351">
<summary>
Do not audit attempts to receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_inetd_child_client_packets" lineno="35370">
<summary>
Send and receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_inetd_child_client_packets" lineno="35386">
<summary>
Do not audit attempts to send and receive inetd_child_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_inetd_child_client_packets" lineno="35401">
<summary>
Relabel packets to inetd_child_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_inetd_child_server_packets" lineno="35421">
<summary>
Send inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_inetd_child_server_packets" lineno="35440">
<summary>
Do not audit attempts to send inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_inetd_child_server_packets" lineno="35459">
<summary>
Receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_inetd_child_server_packets" lineno="35478">
<summary>
Do not audit attempts to receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_inetd_child_server_packets" lineno="35497">
<summary>
Send and receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_inetd_child_server_packets" lineno="35513">
<summary>
Do not audit attempts to send and receive inetd_child_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_inetd_child_server_packets" lineno="35528">
<summary>
Relabel packets to inetd_child_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_innd_port" lineno="35550">
<summary>
Send and receive TCP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_innd_port" lineno="35569">
<summary>
Send UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_innd_port" lineno="35588">
<summary>
Do not audit attempts to send UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_innd_port" lineno="35607">
<summary>
Receive UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_innd_port" lineno="35626">
<summary>
Do not audit attempts to receive UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_innd_port" lineno="35645">
<summary>
Send and receive UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_innd_port" lineno="35662">
<summary>
Do not audit attempts to send and receive
UDP traffic on the innd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_innd_port" lineno="35678">
<summary>
Bind TCP sockets to the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_innd_port" lineno="35698">
<summary>
Bind UDP sockets to the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_innd_port" lineno="35717">
<summary>
Make a TCP connection to the innd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_innd_client_packets" lineno="35737">
<summary>
Send innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_innd_client_packets" lineno="35756">
<summary>
Do not audit attempts to send innd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_innd_client_packets" lineno="35775">
<summary>
Receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_innd_client_packets" lineno="35794">
<summary>
Do not audit attempts to receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_innd_client_packets" lineno="35813">
<summary>
Send and receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_innd_client_packets" lineno="35829">
<summary>
Do not audit attempts to send and receive innd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_innd_client_packets" lineno="35844">
<summary>
Relabel packets to innd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_innd_server_packets" lineno="35864">
<summary>
Send innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_innd_server_packets" lineno="35883">
<summary>
Do not audit attempts to send innd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_innd_server_packets" lineno="35902">
<summary>
Receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_innd_server_packets" lineno="35921">
<summary>
Do not audit attempts to receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_innd_server_packets" lineno="35940">
<summary>
Send and receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_innd_server_packets" lineno="35956">
<summary>
Do not audit attempts to send and receive innd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_innd_server_packets" lineno="35971">
<summary>
Relabel packets to innd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ionixnetmon_port" lineno="35993">
<summary>
Send and receive TCP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ionixnetmon_port" lineno="36012">
<summary>
Send UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ionixnetmon_port" lineno="36031">
<summary>
Do not audit attempts to send UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ionixnetmon_port" lineno="36050">
<summary>
Receive UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ionixnetmon_port" lineno="36069">
<summary>
Do not audit attempts to receive UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ionixnetmon_port" lineno="36088">
<summary>
Send and receive UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ionixnetmon_port" lineno="36105">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ionixnetmon_port" lineno="36121">
<summary>
Bind TCP sockets to the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ionixnetmon_port" lineno="36141">
<summary>
Bind UDP sockets to the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ionixnetmon_port" lineno="36160">
<summary>
Make a TCP connection to the ionixnetmon port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ionixnetmon_client_packets" lineno="36180">
<summary>
Send ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ionixnetmon_client_packets" lineno="36199">
<summary>
Do not audit attempts to send ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ionixnetmon_client_packets" lineno="36218">
<summary>
Receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ionixnetmon_client_packets" lineno="36237">
<summary>
Do not audit attempts to receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ionixnetmon_client_packets" lineno="36256">
<summary>
Send and receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ionixnetmon_client_packets" lineno="36272">
<summary>
Do not audit attempts to send and receive ionixnetmon_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ionixnetmon_client_packets" lineno="36287">
<summary>
Relabel packets to ionixnetmon_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ionixnetmon_server_packets" lineno="36307">
<summary>
Send ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ionixnetmon_server_packets" lineno="36326">
<summary>
Do not audit attempts to send ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ionixnetmon_server_packets" lineno="36345">
<summary>
Receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ionixnetmon_server_packets" lineno="36364">
<summary>
Do not audit attempts to receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ionixnetmon_server_packets" lineno="36383">
<summary>
Send and receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ionixnetmon_server_packets" lineno="36399">
<summary>
Do not audit attempts to send and receive ionixnetmon_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ionixnetmon_server_packets" lineno="36414">
<summary>
Relabel packets to ionixnetmon_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ipmi_port" lineno="36436">
<summary>
Send and receive TCP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ipmi_port" lineno="36455">
<summary>
Send UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ipmi_port" lineno="36474">
<summary>
Do not audit attempts to send UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ipmi_port" lineno="36493">
<summary>
Receive UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ipmi_port" lineno="36512">
<summary>
Do not audit attempts to receive UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ipmi_port" lineno="36531">
<summary>
Send and receive UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ipmi_port" lineno="36548">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ipmi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ipmi_port" lineno="36564">
<summary>
Bind TCP sockets to the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ipmi_port" lineno="36584">
<summary>
Bind UDP sockets to the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ipmi_port" lineno="36603">
<summary>
Make a TCP connection to the ipmi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipmi_client_packets" lineno="36623">
<summary>
Send ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipmi_client_packets" lineno="36642">
<summary>
Do not audit attempts to send ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipmi_client_packets" lineno="36661">
<summary>
Receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipmi_client_packets" lineno="36680">
<summary>
Do not audit attempts to receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipmi_client_packets" lineno="36699">
<summary>
Send and receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipmi_client_packets" lineno="36715">
<summary>
Do not audit attempts to send and receive ipmi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipmi_client_packets" lineno="36730">
<summary>
Relabel packets to ipmi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipmi_server_packets" lineno="36750">
<summary>
Send ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipmi_server_packets" lineno="36769">
<summary>
Do not audit attempts to send ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipmi_server_packets" lineno="36788">
<summary>
Receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipmi_server_packets" lineno="36807">
<summary>
Do not audit attempts to receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipmi_server_packets" lineno="36826">
<summary>
Send and receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipmi_server_packets" lineno="36842">
<summary>
Do not audit attempts to send and receive ipmi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipmi_server_packets" lineno="36857">
<summary>
Relabel packets to ipmi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ipp_port" lineno="36879">
<summary>
Send and receive TCP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ipp_port" lineno="36898">
<summary>
Send UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ipp_port" lineno="36917">
<summary>
Do not audit attempts to send UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ipp_port" lineno="36936">
<summary>
Receive UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ipp_port" lineno="36955">
<summary>
Do not audit attempts to receive UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ipp_port" lineno="36974">
<summary>
Send and receive UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ipp_port" lineno="36991">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ipp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ipp_port" lineno="37007">
<summary>
Bind TCP sockets to the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ipp_port" lineno="37027">
<summary>
Bind UDP sockets to the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ipp_port" lineno="37046">
<summary>
Make a TCP connection to the ipp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipp_client_packets" lineno="37066">
<summary>
Send ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipp_client_packets" lineno="37085">
<summary>
Do not audit attempts to send ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipp_client_packets" lineno="37104">
<summary>
Receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipp_client_packets" lineno="37123">
<summary>
Do not audit attempts to receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipp_client_packets" lineno="37142">
<summary>
Send and receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipp_client_packets" lineno="37158">
<summary>
Do not audit attempts to send and receive ipp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipp_client_packets" lineno="37173">
<summary>
Relabel packets to ipp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipp_server_packets" lineno="37193">
<summary>
Send ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipp_server_packets" lineno="37212">
<summary>
Do not audit attempts to send ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipp_server_packets" lineno="37231">
<summary>
Receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipp_server_packets" lineno="37250">
<summary>
Do not audit attempts to receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipp_server_packets" lineno="37269">
<summary>
Send and receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipp_server_packets" lineno="37285">
<summary>
Do not audit attempts to send and receive ipp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipp_server_packets" lineno="37300">
<summary>
Relabel packets to ipp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ipsecnat_port" lineno="37322">
<summary>
Send and receive TCP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ipsecnat_port" lineno="37341">
<summary>
Send UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ipsecnat_port" lineno="37360">
<summary>
Do not audit attempts to send UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ipsecnat_port" lineno="37379">
<summary>
Receive UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ipsecnat_port" lineno="37398">
<summary>
Do not audit attempts to receive UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ipsecnat_port" lineno="37417">
<summary>
Send and receive UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ipsecnat_port" lineno="37434">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ipsecnat_port" lineno="37450">
<summary>
Bind TCP sockets to the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ipsecnat_port" lineno="37470">
<summary>
Bind UDP sockets to the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ipsecnat_port" lineno="37489">
<summary>
Make a TCP connection to the ipsecnat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipsecnat_client_packets" lineno="37509">
<summary>
Send ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipsecnat_client_packets" lineno="37528">
<summary>
Do not audit attempts to send ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipsecnat_client_packets" lineno="37547">
<summary>
Receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipsecnat_client_packets" lineno="37566">
<summary>
Do not audit attempts to receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipsecnat_client_packets" lineno="37585">
<summary>
Send and receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipsecnat_client_packets" lineno="37601">
<summary>
Do not audit attempts to send and receive ipsecnat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipsecnat_client_packets" lineno="37616">
<summary>
Relabel packets to ipsecnat_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ipsecnat_server_packets" lineno="37636">
<summary>
Send ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ipsecnat_server_packets" lineno="37655">
<summary>
Do not audit attempts to send ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ipsecnat_server_packets" lineno="37674">
<summary>
Receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ipsecnat_server_packets" lineno="37693">
<summary>
Do not audit attempts to receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ipsecnat_server_packets" lineno="37712">
<summary>
Send and receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ipsecnat_server_packets" lineno="37728">
<summary>
Do not audit attempts to send and receive ipsecnat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ipsecnat_server_packets" lineno="37743">
<summary>
Relabel packets to ipsecnat_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ircd_port" lineno="37765">
<summary>
Send and receive TCP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ircd_port" lineno="37784">
<summary>
Send UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ircd_port" lineno="37803">
<summary>
Do not audit attempts to send UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ircd_port" lineno="37822">
<summary>
Receive UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ircd_port" lineno="37841">
<summary>
Do not audit attempts to receive UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ircd_port" lineno="37860">
<summary>
Send and receive UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ircd_port" lineno="37877">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ircd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ircd_port" lineno="37893">
<summary>
Bind TCP sockets to the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ircd_port" lineno="37913">
<summary>
Bind UDP sockets to the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ircd_port" lineno="37932">
<summary>
Make a TCP connection to the ircd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ircd_client_packets" lineno="37952">
<summary>
Send ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ircd_client_packets" lineno="37971">
<summary>
Do not audit attempts to send ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ircd_client_packets" lineno="37990">
<summary>
Receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ircd_client_packets" lineno="38009">
<summary>
Do not audit attempts to receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ircd_client_packets" lineno="38028">
<summary>
Send and receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ircd_client_packets" lineno="38044">
<summary>
Do not audit attempts to send and receive ircd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ircd_client_packets" lineno="38059">
<summary>
Relabel packets to ircd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ircd_server_packets" lineno="38079">
<summary>
Send ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ircd_server_packets" lineno="38098">
<summary>
Do not audit attempts to send ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ircd_server_packets" lineno="38117">
<summary>
Receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ircd_server_packets" lineno="38136">
<summary>
Do not audit attempts to receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ircd_server_packets" lineno="38155">
<summary>
Send and receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ircd_server_packets" lineno="38171">
<summary>
Do not audit attempts to send and receive ircd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ircd_server_packets" lineno="38186">
<summary>
Relabel packets to ircd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_isakmp_port" lineno="38208">
<summary>
Send and receive TCP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_isakmp_port" lineno="38227">
<summary>
Send UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_isakmp_port" lineno="38246">
<summary>
Do not audit attempts to send UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_isakmp_port" lineno="38265">
<summary>
Receive UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_isakmp_port" lineno="38284">
<summary>
Do not audit attempts to receive UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_isakmp_port" lineno="38303">
<summary>
Send and receive UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_isakmp_port" lineno="38320">
<summary>
Do not audit attempts to send and receive
UDP traffic on the isakmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_isakmp_port" lineno="38336">
<summary>
Bind TCP sockets to the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_isakmp_port" lineno="38356">
<summary>
Bind UDP sockets to the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_isakmp_port" lineno="38375">
<summary>
Make a TCP connection to the isakmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isakmp_client_packets" lineno="38395">
<summary>
Send isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isakmp_client_packets" lineno="38414">
<summary>
Do not audit attempts to send isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isakmp_client_packets" lineno="38433">
<summary>
Receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isakmp_client_packets" lineno="38452">
<summary>
Do not audit attempts to receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isakmp_client_packets" lineno="38471">
<summary>
Send and receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isakmp_client_packets" lineno="38487">
<summary>
Do not audit attempts to send and receive isakmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isakmp_client_packets" lineno="38502">
<summary>
Relabel packets to isakmp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isakmp_server_packets" lineno="38522">
<summary>
Send isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isakmp_server_packets" lineno="38541">
<summary>
Do not audit attempts to send isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isakmp_server_packets" lineno="38560">
<summary>
Receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isakmp_server_packets" lineno="38579">
<summary>
Do not audit attempts to receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isakmp_server_packets" lineno="38598">
<summary>
Send and receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isakmp_server_packets" lineno="38614">
<summary>
Do not audit attempts to send and receive isakmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isakmp_server_packets" lineno="38629">
<summary>
Relabel packets to isakmp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_iscsi_port" lineno="38651">
<summary>
Send and receive TCP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_iscsi_port" lineno="38670">
<summary>
Send UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_iscsi_port" lineno="38689">
<summary>
Do not audit attempts to send UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_iscsi_port" lineno="38708">
<summary>
Receive UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_iscsi_port" lineno="38727">
<summary>
Do not audit attempts to receive UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_iscsi_port" lineno="38746">
<summary>
Send and receive UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_iscsi_port" lineno="38763">
<summary>
Do not audit attempts to send and receive
UDP traffic on the iscsi port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_iscsi_port" lineno="38779">
<summary>
Bind TCP sockets to the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_iscsi_port" lineno="38799">
<summary>
Bind UDP sockets to the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_iscsi_port" lineno="38818">
<summary>
Make a TCP connection to the iscsi port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_iscsi_client_packets" lineno="38838">
<summary>
Send iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_iscsi_client_packets" lineno="38857">
<summary>
Do not audit attempts to send iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_iscsi_client_packets" lineno="38876">
<summary>
Receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_iscsi_client_packets" lineno="38895">
<summary>
Do not audit attempts to receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_iscsi_client_packets" lineno="38914">
<summary>
Send and receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_iscsi_client_packets" lineno="38930">
<summary>
Do not audit attempts to send and receive iscsi_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_iscsi_client_packets" lineno="38945">
<summary>
Relabel packets to iscsi_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_iscsi_server_packets" lineno="38965">
<summary>
Send iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_iscsi_server_packets" lineno="38984">
<summary>
Do not audit attempts to send iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_iscsi_server_packets" lineno="39003">
<summary>
Receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_iscsi_server_packets" lineno="39022">
<summary>
Do not audit attempts to receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_iscsi_server_packets" lineno="39041">
<summary>
Send and receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_iscsi_server_packets" lineno="39057">
<summary>
Do not audit attempts to send and receive iscsi_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_iscsi_server_packets" lineno="39072">
<summary>
Relabel packets to iscsi_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_isns_port" lineno="39094">
<summary>
Send and receive TCP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_isns_port" lineno="39113">
<summary>
Send UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_isns_port" lineno="39132">
<summary>
Do not audit attempts to send UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_isns_port" lineno="39151">
<summary>
Receive UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_isns_port" lineno="39170">
<summary>
Do not audit attempts to receive UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_isns_port" lineno="39189">
<summary>
Send and receive UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_isns_port" lineno="39206">
<summary>
Do not audit attempts to send and receive
UDP traffic on the isns port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_isns_port" lineno="39222">
<summary>
Bind TCP sockets to the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_isns_port" lineno="39242">
<summary>
Bind UDP sockets to the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_isns_port" lineno="39261">
<summary>
Make a TCP connection to the isns port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isns_client_packets" lineno="39281">
<summary>
Send isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isns_client_packets" lineno="39300">
<summary>
Do not audit attempts to send isns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isns_client_packets" lineno="39319">
<summary>
Receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isns_client_packets" lineno="39338">
<summary>
Do not audit attempts to receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isns_client_packets" lineno="39357">
<summary>
Send and receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isns_client_packets" lineno="39373">
<summary>
Do not audit attempts to send and receive isns_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isns_client_packets" lineno="39388">
<summary>
Relabel packets to isns_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_isns_server_packets" lineno="39408">
<summary>
Send isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_isns_server_packets" lineno="39427">
<summary>
Do not audit attempts to send isns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_isns_server_packets" lineno="39446">
<summary>
Receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_isns_server_packets" lineno="39465">
<summary>
Do not audit attempts to receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_isns_server_packets" lineno="39484">
<summary>
Send and receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_isns_server_packets" lineno="39500">
<summary>
Do not audit attempts to send and receive isns_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_isns_server_packets" lineno="39515">
<summary>
Relabel packets to isns_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jabber_client_port" lineno="39537">
<summary>
Send and receive TCP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jabber_client_port" lineno="39556">
<summary>
Send UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jabber_client_port" lineno="39575">
<summary>
Do not audit attempts to send UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jabber_client_port" lineno="39594">
<summary>
Receive UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jabber_client_port" lineno="39613">
<summary>
Do not audit attempts to receive UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jabber_client_port" lineno="39632">
<summary>
Send and receive UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jabber_client_port" lineno="39649">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jabber_client_port" lineno="39665">
<summary>
Bind TCP sockets to the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jabber_client_port" lineno="39685">
<summary>
Bind UDP sockets to the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jabber_client_port" lineno="39704">
<summary>
Make a TCP connection to the jabber_client port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_client_client_packets" lineno="39724">
<summary>
Send jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_client_client_packets" lineno="39743">
<summary>
Do not audit attempts to send jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_client_client_packets" lineno="39762">
<summary>
Receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_client_client_packets" lineno="39781">
<summary>
Do not audit attempts to receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_client_client_packets" lineno="39800">
<summary>
Send and receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_client_client_packets" lineno="39816">
<summary>
Do not audit attempts to send and receive jabber_client_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_client_client_packets" lineno="39831">
<summary>
Relabel packets to jabber_client_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_client_server_packets" lineno="39851">
<summary>
Send jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_client_server_packets" lineno="39870">
<summary>
Do not audit attempts to send jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_client_server_packets" lineno="39889">
<summary>
Receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_client_server_packets" lineno="39908">
<summary>
Do not audit attempts to receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_client_server_packets" lineno="39927">
<summary>
Send and receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_client_server_packets" lineno="39943">
<summary>
Do not audit attempts to send and receive jabber_client_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_client_server_packets" lineno="39958">
<summary>
Relabel packets to jabber_client_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jabber_interserver_port" lineno="39980">
<summary>
Send and receive TCP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jabber_interserver_port" lineno="39999">
<summary>
Send UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jabber_interserver_port" lineno="40018">
<summary>
Do not audit attempts to send UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jabber_interserver_port" lineno="40037">
<summary>
Receive UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jabber_interserver_port" lineno="40056">
<summary>
Do not audit attempts to receive UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jabber_interserver_port" lineno="40075">
<summary>
Send and receive UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jabber_interserver_port" lineno="40092">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jabber_interserver_port" lineno="40108">
<summary>
Bind TCP sockets to the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jabber_interserver_port" lineno="40128">
<summary>
Bind UDP sockets to the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jabber_interserver_port" lineno="40147">
<summary>
Make a TCP connection to the jabber_interserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_interserver_client_packets" lineno="40167">
<summary>
Send jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_interserver_client_packets" lineno="40186">
<summary>
Do not audit attempts to send jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_interserver_client_packets" lineno="40205">
<summary>
Receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_interserver_client_packets" lineno="40224">
<summary>
Do not audit attempts to receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_interserver_client_packets" lineno="40243">
<summary>
Send and receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_interserver_client_packets" lineno="40259">
<summary>
Do not audit attempts to send and receive jabber_interserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_interserver_client_packets" lineno="40274">
<summary>
Relabel packets to jabber_interserver_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_interserver_server_packets" lineno="40294">
<summary>
Send jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_interserver_server_packets" lineno="40313">
<summary>
Do not audit attempts to send jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_interserver_server_packets" lineno="40332">
<summary>
Receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_interserver_server_packets" lineno="40351">
<summary>
Do not audit attempts to receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_interserver_server_packets" lineno="40370">
<summary>
Send and receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_interserver_server_packets" lineno="40386">
<summary>
Do not audit attempts to send and receive jabber_interserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_interserver_server_packets" lineno="40401">
<summary>
Relabel packets to jabber_interserver_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jabber_router_port" lineno="40423">
<summary>
Send and receive TCP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jabber_router_port" lineno="40442">
<summary>
Send UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jabber_router_port" lineno="40461">
<summary>
Do not audit attempts to send UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jabber_router_port" lineno="40480">
<summary>
Receive UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jabber_router_port" lineno="40499">
<summary>
Do not audit attempts to receive UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jabber_router_port" lineno="40518">
<summary>
Send and receive UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jabber_router_port" lineno="40535">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jabber_router_port" lineno="40551">
<summary>
Bind TCP sockets to the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jabber_router_port" lineno="40571">
<summary>
Bind UDP sockets to the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jabber_router_port" lineno="40590">
<summary>
Make a TCP connection to the jabber_router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_router_client_packets" lineno="40610">
<summary>
Send jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_router_client_packets" lineno="40629">
<summary>
Do not audit attempts to send jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_router_client_packets" lineno="40648">
<summary>
Receive jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_router_client_packets" lineno="40667">
<summary>
Do not audit attempts to receive jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_router_client_packets" lineno="40686">
<summary>
Send and receive jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_router_client_packets" lineno="40702">
<summary>
Do not audit attempts to send and receive jabber_router_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_router_client_packets" lineno="40717">
<summary>
Relabel packets to jabber_router_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jabber_router_server_packets" lineno="40737">
<summary>
Send jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jabber_router_server_packets" lineno="40756">
<summary>
Do not audit attempts to send jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jabber_router_server_packets" lineno="40775">
<summary>
Receive jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jabber_router_server_packets" lineno="40794">
<summary>
Do not audit attempts to receive jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jabber_router_server_packets" lineno="40813">
<summary>
Send and receive jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jabber_router_server_packets" lineno="40829">
<summary>
Do not audit attempts to send and receive jabber_router_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jabber_router_server_packets" lineno="40844">
<summary>
Relabel packets to jabber_router_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jacorb_port" lineno="40866">
<summary>
Send and receive TCP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jacorb_port" lineno="40885">
<summary>
Send UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jacorb_port" lineno="40904">
<summary>
Do not audit attempts to send UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jacorb_port" lineno="40923">
<summary>
Receive UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jacorb_port" lineno="40942">
<summary>
Do not audit attempts to receive UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jacorb_port" lineno="40961">
<summary>
Send and receive UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jacorb_port" lineno="40978">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jacorb port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jacorb_port" lineno="40994">
<summary>
Bind TCP sockets to the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jacorb_port" lineno="41014">
<summary>
Bind UDP sockets to the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jacorb_port" lineno="41033">
<summary>
Make a TCP connection to the jacorb port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jacorb_client_packets" lineno="41053">
<summary>
Send jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jacorb_client_packets" lineno="41072">
<summary>
Do not audit attempts to send jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jacorb_client_packets" lineno="41091">
<summary>
Receive jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jacorb_client_packets" lineno="41110">
<summary>
Do not audit attempts to receive jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jacorb_client_packets" lineno="41129">
<summary>
Send and receive jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jacorb_client_packets" lineno="41145">
<summary>
Do not audit attempts to send and receive jacorb_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jacorb_client_packets" lineno="41160">
<summary>
Relabel packets to jacorb_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jacorb_server_packets" lineno="41180">
<summary>
Send jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jacorb_server_packets" lineno="41199">
<summary>
Do not audit attempts to send jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jacorb_server_packets" lineno="41218">
<summary>
Receive jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jacorb_server_packets" lineno="41237">
<summary>
Do not audit attempts to receive jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jacorb_server_packets" lineno="41256">
<summary>
Send and receive jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jacorb_server_packets" lineno="41272">
<summary>
Do not audit attempts to send and receive jacorb_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jacorb_server_packets" lineno="41287">
<summary>
Relabel packets to jacorb_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jboss_debug_port" lineno="41309">
<summary>
Send and receive TCP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jboss_debug_port" lineno="41328">
<summary>
Send UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jboss_debug_port" lineno="41347">
<summary>
Do not audit attempts to send UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jboss_debug_port" lineno="41366">
<summary>
Receive UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jboss_debug_port" lineno="41385">
<summary>
Do not audit attempts to receive UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jboss_debug_port" lineno="41404">
<summary>
Send and receive UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jboss_debug_port" lineno="41421">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jboss_debug_port" lineno="41437">
<summary>
Bind TCP sockets to the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jboss_debug_port" lineno="41457">
<summary>
Bind UDP sockets to the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jboss_debug_port" lineno="41476">
<summary>
Make a TCP connection to the jboss_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_debug_client_packets" lineno="41496">
<summary>
Send jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_debug_client_packets" lineno="41515">
<summary>
Do not audit attempts to send jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_debug_client_packets" lineno="41534">
<summary>
Receive jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_debug_client_packets" lineno="41553">
<summary>
Do not audit attempts to receive jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_debug_client_packets" lineno="41572">
<summary>
Send and receive jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_debug_client_packets" lineno="41588">
<summary>
Do not audit attempts to send and receive jboss_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_debug_client_packets" lineno="41603">
<summary>
Relabel packets to jboss_debug_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_debug_server_packets" lineno="41623">
<summary>
Send jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_debug_server_packets" lineno="41642">
<summary>
Do not audit attempts to send jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_debug_server_packets" lineno="41661">
<summary>
Receive jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_debug_server_packets" lineno="41680">
<summary>
Do not audit attempts to receive jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_debug_server_packets" lineno="41699">
<summary>
Send and receive jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_debug_server_packets" lineno="41715">
<summary>
Do not audit attempts to send and receive jboss_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_debug_server_packets" lineno="41730">
<summary>
Relabel packets to jboss_debug_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jboss_messaging_port" lineno="41752">
<summary>
Send and receive TCP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jboss_messaging_port" lineno="41771">
<summary>
Send UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jboss_messaging_port" lineno="41790">
<summary>
Do not audit attempts to send UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jboss_messaging_port" lineno="41809">
<summary>
Receive UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jboss_messaging_port" lineno="41828">
<summary>
Do not audit attempts to receive UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jboss_messaging_port" lineno="41847">
<summary>
Send and receive UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jboss_messaging_port" lineno="41864">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jboss_messaging_port" lineno="41880">
<summary>
Bind TCP sockets to the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jboss_messaging_port" lineno="41900">
<summary>
Bind UDP sockets to the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jboss_messaging_port" lineno="41919">
<summary>
Make a TCP connection to the jboss_messaging port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_messaging_client_packets" lineno="41939">
<summary>
Send jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_messaging_client_packets" lineno="41958">
<summary>
Do not audit attempts to send jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_messaging_client_packets" lineno="41977">
<summary>
Receive jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_messaging_client_packets" lineno="41996">
<summary>
Do not audit attempts to receive jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_messaging_client_packets" lineno="42015">
<summary>
Send and receive jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_messaging_client_packets" lineno="42031">
<summary>
Do not audit attempts to send and receive jboss_messaging_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_messaging_client_packets" lineno="42046">
<summary>
Relabel packets to jboss_messaging_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_messaging_server_packets" lineno="42066">
<summary>
Send jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_messaging_server_packets" lineno="42085">
<summary>
Do not audit attempts to send jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_messaging_server_packets" lineno="42104">
<summary>
Receive jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_messaging_server_packets" lineno="42123">
<summary>
Do not audit attempts to receive jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_messaging_server_packets" lineno="42142">
<summary>
Send and receive jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_messaging_server_packets" lineno="42158">
<summary>
Do not audit attempts to send and receive jboss_messaging_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_messaging_server_packets" lineno="42173">
<summary>
Relabel packets to jboss_messaging_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_jboss_management_port" lineno="42195">
<summary>
Send and receive TCP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_jboss_management_port" lineno="42214">
<summary>
Send UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_jboss_management_port" lineno="42233">
<summary>
Do not audit attempts to send UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_jboss_management_port" lineno="42252">
<summary>
Receive UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_jboss_management_port" lineno="42271">
<summary>
Do not audit attempts to receive UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_jboss_management_port" lineno="42290">
<summary>
Send and receive UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_jboss_management_port" lineno="42307">
<summary>
Do not audit attempts to send and receive
UDP traffic on the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_jboss_management_port" lineno="42323">
<summary>
Bind TCP sockets to the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_jboss_management_port" lineno="42343">
<summary>
Bind UDP sockets to the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_jboss_management_port" lineno="42362">
<summary>
Make a TCP connection to the jboss_management port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_management_client_packets" lineno="42382">
<summary>
Send jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_management_client_packets" lineno="42401">
<summary>
Do not audit attempts to send jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_management_client_packets" lineno="42420">
<summary>
Receive jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_management_client_packets" lineno="42439">
<summary>
Do not audit attempts to receive jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_management_client_packets" lineno="42458">
<summary>
Send and receive jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_management_client_packets" lineno="42474">
<summary>
Do not audit attempts to send and receive jboss_management_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_management_client_packets" lineno="42489">
<summary>
Relabel packets to jboss_management_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_jboss_management_server_packets" lineno="42509">
<summary>
Send jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_jboss_management_server_packets" lineno="42528">
<summary>
Do not audit attempts to send jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_jboss_management_server_packets" lineno="42547">
<summary>
Receive jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_jboss_management_server_packets" lineno="42566">
<summary>
Do not audit attempts to receive jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_jboss_management_server_packets" lineno="42585">
<summary>
Send and receive jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_jboss_management_server_packets" lineno="42601">
<summary>
Do not audit attempts to send and receive jboss_management_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_jboss_management_server_packets" lineno="42616">
<summary>
Relabel packets to jboss_management_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kerberos_port" lineno="42638">
<summary>
Send and receive TCP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kerberos_port" lineno="42657">
<summary>
Send UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kerberos_port" lineno="42676">
<summary>
Do not audit attempts to send UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kerberos_port" lineno="42695">
<summary>
Receive UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kerberos_port" lineno="42714">
<summary>
Do not audit attempts to receive UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kerberos_port" lineno="42733">
<summary>
Send and receive UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kerberos_port" lineno="42750">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kerberos port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kerberos_port" lineno="42766">
<summary>
Bind TCP sockets to the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kerberos_port" lineno="42786">
<summary>
Bind UDP sockets to the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kerberos_port" lineno="42805">
<summary>
Make a TCP connection to the kerberos port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_client_packets" lineno="42825">
<summary>
Send kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_client_packets" lineno="42844">
<summary>
Do not audit attempts to send kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_client_packets" lineno="42863">
<summary>
Receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_client_packets" lineno="42882">
<summary>
Do not audit attempts to receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_client_packets" lineno="42901">
<summary>
Send and receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_client_packets" lineno="42917">
<summary>
Do not audit attempts to send and receive kerberos_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_client_packets" lineno="42932">
<summary>
Relabel packets to kerberos_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_server_packets" lineno="42952">
<summary>
Send kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_server_packets" lineno="42971">
<summary>
Do not audit attempts to send kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_server_packets" lineno="42990">
<summary>
Receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_server_packets" lineno="43009">
<summary>
Do not audit attempts to receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_server_packets" lineno="43028">
<summary>
Send and receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_server_packets" lineno="43044">
<summary>
Do not audit attempts to send and receive kerberos_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_server_packets" lineno="43059">
<summary>
Relabel packets to kerberos_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kerberos_admin_port" lineno="43081">
<summary>
Send and receive TCP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kerberos_admin_port" lineno="43100">
<summary>
Send UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kerberos_admin_port" lineno="43119">
<summary>
Do not audit attempts to send UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kerberos_admin_port" lineno="43138">
<summary>
Receive UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kerberos_admin_port" lineno="43157">
<summary>
Do not audit attempts to receive UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kerberos_admin_port" lineno="43176">
<summary>
Send and receive UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kerberos_admin_port" lineno="43193">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kerberos_admin_port" lineno="43209">
<summary>
Bind TCP sockets to the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kerberos_admin_port" lineno="43229">
<summary>
Bind UDP sockets to the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kerberos_admin_port" lineno="43248">
<summary>
Make a TCP connection to the kerberos_admin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_admin_client_packets" lineno="43268">
<summary>
Send kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_admin_client_packets" lineno="43287">
<summary>
Do not audit attempts to send kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_admin_client_packets" lineno="43306">
<summary>
Receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_admin_client_packets" lineno="43325">
<summary>
Do not audit attempts to receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_admin_client_packets" lineno="43344">
<summary>
Send and receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_admin_client_packets" lineno="43360">
<summary>
Do not audit attempts to send and receive kerberos_admin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_admin_client_packets" lineno="43375">
<summary>
Relabel packets to kerberos_admin_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_admin_server_packets" lineno="43395">
<summary>
Send kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_admin_server_packets" lineno="43414">
<summary>
Do not audit attempts to send kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_admin_server_packets" lineno="43433">
<summary>
Receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_admin_server_packets" lineno="43452">
<summary>
Do not audit attempts to receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_admin_server_packets" lineno="43471">
<summary>
Send and receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_admin_server_packets" lineno="43487">
<summary>
Do not audit attempts to send and receive kerberos_admin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_admin_server_packets" lineno="43502">
<summary>
Relabel packets to kerberos_admin_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kerberos_master_port" lineno="43524">
<summary>
Send and receive TCP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kerberos_master_port" lineno="43543">
<summary>
Send UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kerberos_master_port" lineno="43562">
<summary>
Do not audit attempts to send UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kerberos_master_port" lineno="43581">
<summary>
Receive UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kerberos_master_port" lineno="43600">
<summary>
Do not audit attempts to receive UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kerberos_master_port" lineno="43619">
<summary>
Send and receive UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kerberos_master_port" lineno="43636">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kerberos_master_port" lineno="43652">
<summary>
Bind TCP sockets to the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kerberos_master_port" lineno="43672">
<summary>
Bind UDP sockets to the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kerberos_master_port" lineno="43691">
<summary>
Make a TCP connection to the kerberos_master port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_master_client_packets" lineno="43711">
<summary>
Send kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_master_client_packets" lineno="43730">
<summary>
Do not audit attempts to send kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_master_client_packets" lineno="43749">
<summary>
Receive kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_master_client_packets" lineno="43768">
<summary>
Do not audit attempts to receive kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_master_client_packets" lineno="43787">
<summary>
Send and receive kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_master_client_packets" lineno="43803">
<summary>
Do not audit attempts to send and receive kerberos_master_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_master_client_packets" lineno="43818">
<summary>
Relabel packets to kerberos_master_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_master_server_packets" lineno="43838">
<summary>
Send kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_master_server_packets" lineno="43857">
<summary>
Do not audit attempts to send kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_master_server_packets" lineno="43876">
<summary>
Receive kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_master_server_packets" lineno="43895">
<summary>
Do not audit attempts to receive kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_master_server_packets" lineno="43914">
<summary>
Send and receive kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_master_server_packets" lineno="43930">
<summary>
Do not audit attempts to send and receive kerberos_master_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_master_server_packets" lineno="43945">
<summary>
Relabel packets to kerberos_master_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kerberos_password_port" lineno="43967">
<summary>
Send and receive TCP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kerberos_password_port" lineno="43986">
<summary>
Send UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kerberos_password_port" lineno="44005">
<summary>
Do not audit attempts to send UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kerberos_password_port" lineno="44024">
<summary>
Receive UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kerberos_password_port" lineno="44043">
<summary>
Do not audit attempts to receive UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kerberos_password_port" lineno="44062">
<summary>
Send and receive UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kerberos_password_port" lineno="44079">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kerberos_password_port" lineno="44095">
<summary>
Bind TCP sockets to the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kerberos_password_port" lineno="44115">
<summary>
Bind UDP sockets to the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kerberos_password_port" lineno="44134">
<summary>
Make a TCP connection to the kerberos_password port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_password_client_packets" lineno="44154">
<summary>
Send kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_password_client_packets" lineno="44173">
<summary>
Do not audit attempts to send kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_password_client_packets" lineno="44192">
<summary>
Receive kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_password_client_packets" lineno="44211">
<summary>
Do not audit attempts to receive kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_password_client_packets" lineno="44230">
<summary>
Send and receive kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_password_client_packets" lineno="44246">
<summary>
Do not audit attempts to send and receive kerberos_password_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_password_client_packets" lineno="44261">
<summary>
Relabel packets to kerberos_password_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kerberos_password_server_packets" lineno="44281">
<summary>
Send kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kerberos_password_server_packets" lineno="44300">
<summary>
Do not audit attempts to send kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kerberos_password_server_packets" lineno="44319">
<summary>
Receive kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kerberos_password_server_packets" lineno="44338">
<summary>
Do not audit attempts to receive kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kerberos_password_server_packets" lineno="44357">
<summary>
Send and receive kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kerberos_password_server_packets" lineno="44373">
<summary>
Do not audit attempts to send and receive kerberos_password_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kerberos_password_server_packets" lineno="44388">
<summary>
Relabel packets to kerberos_password_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kismet_port" lineno="44410">
<summary>
Send and receive TCP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kismet_port" lineno="44429">
<summary>
Send UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kismet_port" lineno="44448">
<summary>
Do not audit attempts to send UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kismet_port" lineno="44467">
<summary>
Receive UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kismet_port" lineno="44486">
<summary>
Do not audit attempts to receive UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kismet_port" lineno="44505">
<summary>
Send and receive UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kismet_port" lineno="44522">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kismet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kismet_port" lineno="44538">
<summary>
Bind TCP sockets to the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kismet_port" lineno="44558">
<summary>
Bind UDP sockets to the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kismet_port" lineno="44577">
<summary>
Make a TCP connection to the kismet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kismet_client_packets" lineno="44597">
<summary>
Send kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kismet_client_packets" lineno="44616">
<summary>
Do not audit attempts to send kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kismet_client_packets" lineno="44635">
<summary>
Receive kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kismet_client_packets" lineno="44654">
<summary>
Do not audit attempts to receive kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kismet_client_packets" lineno="44673">
<summary>
Send and receive kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kismet_client_packets" lineno="44689">
<summary>
Do not audit attempts to send and receive kismet_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kismet_client_packets" lineno="44704">
<summary>
Relabel packets to kismet_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kismet_server_packets" lineno="44724">
<summary>
Send kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kismet_server_packets" lineno="44743">
<summary>
Do not audit attempts to send kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kismet_server_packets" lineno="44762">
<summary>
Receive kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kismet_server_packets" lineno="44781">
<summary>
Do not audit attempts to receive kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kismet_server_packets" lineno="44800">
<summary>
Send and receive kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kismet_server_packets" lineno="44816">
<summary>
Do not audit attempts to send and receive kismet_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kismet_server_packets" lineno="44831">
<summary>
Relabel packets to kismet_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_kprop_port" lineno="44853">
<summary>
Send and receive TCP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_kprop_port" lineno="44872">
<summary>
Send UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_kprop_port" lineno="44891">
<summary>
Do not audit attempts to send UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_kprop_port" lineno="44910">
<summary>
Receive UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_kprop_port" lineno="44929">
<summary>
Do not audit attempts to receive UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_kprop_port" lineno="44948">
<summary>
Send and receive UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_kprop_port" lineno="44965">
<summary>
Do not audit attempts to send and receive
UDP traffic on the kprop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_kprop_port" lineno="44981">
<summary>
Bind TCP sockets to the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_kprop_port" lineno="45001">
<summary>
Bind UDP sockets to the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_kprop_port" lineno="45020">
<summary>
Make a TCP connection to the kprop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kprop_client_packets" lineno="45040">
<summary>
Send kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kprop_client_packets" lineno="45059">
<summary>
Do not audit attempts to send kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kprop_client_packets" lineno="45078">
<summary>
Receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kprop_client_packets" lineno="45097">
<summary>
Do not audit attempts to receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kprop_client_packets" lineno="45116">
<summary>
Send and receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kprop_client_packets" lineno="45132">
<summary>
Do not audit attempts to send and receive kprop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kprop_client_packets" lineno="45147">
<summary>
Relabel packets to kprop_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_kprop_server_packets" lineno="45167">
<summary>
Send kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_kprop_server_packets" lineno="45186">
<summary>
Do not audit attempts to send kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_kprop_server_packets" lineno="45205">
<summary>
Receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_kprop_server_packets" lineno="45224">
<summary>
Do not audit attempts to receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_kprop_server_packets" lineno="45243">
<summary>
Send and receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_kprop_server_packets" lineno="45259">
<summary>
Do not audit attempts to send and receive kprop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_kprop_server_packets" lineno="45274">
<summary>
Relabel packets to kprop_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ktalkd_port" lineno="45296">
<summary>
Send and receive TCP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ktalkd_port" lineno="45315">
<summary>
Send UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ktalkd_port" lineno="45334">
<summary>
Do not audit attempts to send UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ktalkd_port" lineno="45353">
<summary>
Receive UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ktalkd_port" lineno="45372">
<summary>
Do not audit attempts to receive UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ktalkd_port" lineno="45391">
<summary>
Send and receive UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ktalkd_port" lineno="45408">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ktalkd_port" lineno="45424">
<summary>
Bind TCP sockets to the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ktalkd_port" lineno="45444">
<summary>
Bind UDP sockets to the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ktalkd_port" lineno="45463">
<summary>
Make a TCP connection to the ktalkd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ktalkd_client_packets" lineno="45483">
<summary>
Send ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ktalkd_client_packets" lineno="45502">
<summary>
Do not audit attempts to send ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ktalkd_client_packets" lineno="45521">
<summary>
Receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ktalkd_client_packets" lineno="45540">
<summary>
Do not audit attempts to receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ktalkd_client_packets" lineno="45559">
<summary>
Send and receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ktalkd_client_packets" lineno="45575">
<summary>
Do not audit attempts to send and receive ktalkd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ktalkd_client_packets" lineno="45590">
<summary>
Relabel packets to ktalkd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ktalkd_server_packets" lineno="45610">
<summary>
Send ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ktalkd_server_packets" lineno="45629">
<summary>
Do not audit attempts to send ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ktalkd_server_packets" lineno="45648">
<summary>
Receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ktalkd_server_packets" lineno="45667">
<summary>
Do not audit attempts to receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ktalkd_server_packets" lineno="45686">
<summary>
Send and receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ktalkd_server_packets" lineno="45702">
<summary>
Do not audit attempts to send and receive ktalkd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ktalkd_server_packets" lineno="45717">
<summary>
Relabel packets to ktalkd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ldap_port" lineno="45739">
<summary>
Send and receive TCP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ldap_port" lineno="45758">
<summary>
Send UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ldap_port" lineno="45777">
<summary>
Do not audit attempts to send UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ldap_port" lineno="45796">
<summary>
Receive UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ldap_port" lineno="45815">
<summary>
Do not audit attempts to receive UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ldap_port" lineno="45834">
<summary>
Send and receive UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ldap_port" lineno="45851">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ldap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ldap_port" lineno="45867">
<summary>
Bind TCP sockets to the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ldap_port" lineno="45887">
<summary>
Bind UDP sockets to the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ldap_port" lineno="45906">
<summary>
Make a TCP connection to the ldap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ldap_client_packets" lineno="45926">
<summary>
Send ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ldap_client_packets" lineno="45945">
<summary>
Do not audit attempts to send ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ldap_client_packets" lineno="45964">
<summary>
Receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ldap_client_packets" lineno="45983">
<summary>
Do not audit attempts to receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ldap_client_packets" lineno="46002">
<summary>
Send and receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ldap_client_packets" lineno="46018">
<summary>
Do not audit attempts to send and receive ldap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ldap_client_packets" lineno="46033">
<summary>
Relabel packets to ldap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ldap_server_packets" lineno="46053">
<summary>
Send ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ldap_server_packets" lineno="46072">
<summary>
Do not audit attempts to send ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ldap_server_packets" lineno="46091">
<summary>
Receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ldap_server_packets" lineno="46110">
<summary>
Do not audit attempts to receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ldap_server_packets" lineno="46129">
<summary>
Send and receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ldap_server_packets" lineno="46145">
<summary>
Do not audit attempts to send and receive ldap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ldap_server_packets" lineno="46160">
<summary>
Relabel packets to ldap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lmtp_port" lineno="46182">
<summary>
Send and receive TCP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lmtp_port" lineno="46201">
<summary>
Send UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_lmtp_port" lineno="46220">
<summary>
Do not audit attempts to send UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_lmtp_port" lineno="46239">
<summary>
Receive UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_lmtp_port" lineno="46258">
<summary>
Do not audit attempts to receive UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_lmtp_port" lineno="46277">
<summary>
Send and receive UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_lmtp_port" lineno="46294">
<summary>
Do not audit attempts to send and receive
UDP traffic on the lmtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_lmtp_port" lineno="46310">
<summary>
Bind TCP sockets to the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_lmtp_port" lineno="46330">
<summary>
Bind UDP sockets to the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_lmtp_port" lineno="46349">
<summary>
Make a TCP connection to the lmtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lmtp_client_packets" lineno="46369">
<summary>
Send lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lmtp_client_packets" lineno="46388">
<summary>
Do not audit attempts to send lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lmtp_client_packets" lineno="46407">
<summary>
Receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lmtp_client_packets" lineno="46426">
<summary>
Do not audit attempts to receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lmtp_client_packets" lineno="46445">
<summary>
Send and receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lmtp_client_packets" lineno="46461">
<summary>
Do not audit attempts to send and receive lmtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lmtp_client_packets" lineno="46476">
<summary>
Relabel packets to lmtp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lmtp_server_packets" lineno="46496">
<summary>
Send lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lmtp_server_packets" lineno="46515">
<summary>
Do not audit attempts to send lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lmtp_server_packets" lineno="46534">
<summary>
Receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lmtp_server_packets" lineno="46553">
<summary>
Do not audit attempts to receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lmtp_server_packets" lineno="46572">
<summary>
Send and receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lmtp_server_packets" lineno="46588">
<summary>
Do not audit attempts to send and receive lmtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lmtp_server_packets" lineno="46603">
<summary>
Relabel packets to lmtp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lirc_port" lineno="46625">
<summary>
Send and receive TCP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lirc_port" lineno="46644">
<summary>
Send UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_lirc_port" lineno="46663">
<summary>
Do not audit attempts to send UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_lirc_port" lineno="46682">
<summary>
Receive UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_lirc_port" lineno="46701">
<summary>
Do not audit attempts to receive UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_lirc_port" lineno="46720">
<summary>
Send and receive UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_lirc_port" lineno="46737">
<summary>
Do not audit attempts to send and receive
UDP traffic on the lirc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_lirc_port" lineno="46753">
<summary>
Bind TCP sockets to the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_lirc_port" lineno="46773">
<summary>
Bind UDP sockets to the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_lirc_port" lineno="46792">
<summary>
Make a TCP connection to the lirc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lirc_client_packets" lineno="46812">
<summary>
Send lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lirc_client_packets" lineno="46831">
<summary>
Do not audit attempts to send lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lirc_client_packets" lineno="46850">
<summary>
Receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lirc_client_packets" lineno="46869">
<summary>
Do not audit attempts to receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lirc_client_packets" lineno="46888">
<summary>
Send and receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lirc_client_packets" lineno="46904">
<summary>
Do not audit attempts to send and receive lirc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lirc_client_packets" lineno="46919">
<summary>
Relabel packets to lirc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_lirc_server_packets" lineno="46939">
<summary>
Send lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_lirc_server_packets" lineno="46958">
<summary>
Do not audit attempts to send lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_lirc_server_packets" lineno="46977">
<summary>
Receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_lirc_server_packets" lineno="46996">
<summary>
Do not audit attempts to receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_lirc_server_packets" lineno="47015">
<summary>
Send and receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_lirc_server_packets" lineno="47031">
<summary>
Do not audit attempts to send and receive lirc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_lirc_server_packets" lineno="47046">
<summary>
Relabel packets to lirc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_luci_port" lineno="47068">
<summary>
Send and receive TCP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_luci_port" lineno="47087">
<summary>
Send UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_luci_port" lineno="47106">
<summary>
Do not audit attempts to send UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_luci_port" lineno="47125">
<summary>
Receive UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_luci_port" lineno="47144">
<summary>
Do not audit attempts to receive UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_luci_port" lineno="47163">
<summary>
Send and receive UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_luci_port" lineno="47180">
<summary>
Do not audit attempts to send and receive
UDP traffic on the luci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_luci_port" lineno="47196">
<summary>
Bind TCP sockets to the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_luci_port" lineno="47216">
<summary>
Bind UDP sockets to the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_luci_port" lineno="47235">
<summary>
Make a TCP connection to the luci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_luci_client_packets" lineno="47255">
<summary>
Send luci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_luci_client_packets" lineno="47274">
<summary>
Do not audit attempts to send luci_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_luci_client_packets" lineno="47293">
<summary>
Receive luci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_luci_client_packets" lineno="47312">
<summary>
Do not audit attempts to receive luci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_luci_client_packets" lineno="47331">
<summary>
Send and receive luci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_luci_client_packets" lineno="47347">
<summary>
Do not audit attempts to send and receive luci_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_luci_client_packets" lineno="47362">
<summary>
Relabel packets to luci_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_luci_server_packets" lineno="47382">
<summary>
Send luci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_luci_server_packets" lineno="47401">
<summary>
Do not audit attempts to send luci_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_luci_server_packets" lineno="47420">
<summary>
Receive luci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_luci_server_packets" lineno="47439">
<summary>
Do not audit attempts to receive luci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_luci_server_packets" lineno="47458">
<summary>
Send and receive luci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_luci_server_packets" lineno="47474">
<summary>
Do not audit attempts to send and receive luci_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_luci_server_packets" lineno="47489">
<summary>
Relabel packets to luci_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_l2tp_port" lineno="47511">
<summary>
Send and receive TCP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_l2tp_port" lineno="47530">
<summary>
Send UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_l2tp_port" lineno="47549">
<summary>
Do not audit attempts to send UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_l2tp_port" lineno="47568">
<summary>
Receive UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_l2tp_port" lineno="47587">
<summary>
Do not audit attempts to receive UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_l2tp_port" lineno="47606">
<summary>
Send and receive UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_l2tp_port" lineno="47623">
<summary>
Do not audit attempts to send and receive
UDP traffic on the l2tp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_l2tp_port" lineno="47639">
<summary>
Bind TCP sockets to the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_l2tp_port" lineno="47659">
<summary>
Bind UDP sockets to the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_l2tp_port" lineno="47678">
<summary>
Make a TCP connection to the l2tp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_l2tp_client_packets" lineno="47698">
<summary>
Send l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_l2tp_client_packets" lineno="47717">
<summary>
Do not audit attempts to send l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_l2tp_client_packets" lineno="47736">
<summary>
Receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_l2tp_client_packets" lineno="47755">
<summary>
Do not audit attempts to receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_l2tp_client_packets" lineno="47774">
<summary>
Send and receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_l2tp_client_packets" lineno="47790">
<summary>
Do not audit attempts to send and receive l2tp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_l2tp_client_packets" lineno="47805">
<summary>
Relabel packets to l2tp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_l2tp_server_packets" lineno="47825">
<summary>
Send l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_l2tp_server_packets" lineno="47844">
<summary>
Do not audit attempts to send l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_l2tp_server_packets" lineno="47863">
<summary>
Receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_l2tp_server_packets" lineno="47882">
<summary>
Do not audit attempts to receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_l2tp_server_packets" lineno="47901">
<summary>
Send and receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_l2tp_server_packets" lineno="47917">
<summary>
Do not audit attempts to send and receive l2tp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_l2tp_server_packets" lineno="47932">
<summary>
Relabel packets to l2tp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mail_port" lineno="47954">
<summary>
Send and receive TCP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mail_port" lineno="47973">
<summary>
Send UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mail_port" lineno="47992">
<summary>
Do not audit attempts to send UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mail_port" lineno="48011">
<summary>
Receive UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mail_port" lineno="48030">
<summary>
Do not audit attempts to receive UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mail_port" lineno="48049">
<summary>
Send and receive UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mail_port" lineno="48066">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mail port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mail_port" lineno="48082">
<summary>
Bind TCP sockets to the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mail_port" lineno="48102">
<summary>
Bind UDP sockets to the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mail_port" lineno="48121">
<summary>
Make a TCP connection to the mail port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mail_client_packets" lineno="48141">
<summary>
Send mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mail_client_packets" lineno="48160">
<summary>
Do not audit attempts to send mail_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mail_client_packets" lineno="48179">
<summary>
Receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mail_client_packets" lineno="48198">
<summary>
Do not audit attempts to receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mail_client_packets" lineno="48217">
<summary>
Send and receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mail_client_packets" lineno="48233">
<summary>
Do not audit attempts to send and receive mail_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mail_client_packets" lineno="48248">
<summary>
Relabel packets to mail_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mail_server_packets" lineno="48268">
<summary>
Send mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mail_server_packets" lineno="48287">
<summary>
Do not audit attempts to send mail_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mail_server_packets" lineno="48306">
<summary>
Receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mail_server_packets" lineno="48325">
<summary>
Do not audit attempts to receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mail_server_packets" lineno="48344">
<summary>
Send and receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mail_server_packets" lineno="48360">
<summary>
Do not audit attempts to send and receive mail_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mail_server_packets" lineno="48375">
<summary>
Relabel packets to mail_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_matahari_port" lineno="48397">
<summary>
Send and receive TCP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_matahari_port" lineno="48416">
<summary>
Send UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_matahari_port" lineno="48435">
<summary>
Do not audit attempts to send UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_matahari_port" lineno="48454">
<summary>
Receive UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_matahari_port" lineno="48473">
<summary>
Do not audit attempts to receive UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_matahari_port" lineno="48492">
<summary>
Send and receive UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_matahari_port" lineno="48509">
<summary>
Do not audit attempts to send and receive
UDP traffic on the matahari port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_matahari_port" lineno="48525">
<summary>
Bind TCP sockets to the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_matahari_port" lineno="48545">
<summary>
Bind UDP sockets to the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_matahari_port" lineno="48564">
<summary>
Make a TCP connection to the matahari port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_matahari_client_packets" lineno="48584">
<summary>
Send matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_matahari_client_packets" lineno="48603">
<summary>
Do not audit attempts to send matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_matahari_client_packets" lineno="48622">
<summary>
Receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_matahari_client_packets" lineno="48641">
<summary>
Do not audit attempts to receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_matahari_client_packets" lineno="48660">
<summary>
Send and receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_matahari_client_packets" lineno="48676">
<summary>
Do not audit attempts to send and receive matahari_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_matahari_client_packets" lineno="48691">
<summary>
Relabel packets to matahari_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_matahari_server_packets" lineno="48711">
<summary>
Send matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_matahari_server_packets" lineno="48730">
<summary>
Do not audit attempts to send matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_matahari_server_packets" lineno="48749">
<summary>
Receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_matahari_server_packets" lineno="48768">
<summary>
Do not audit attempts to receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_matahari_server_packets" lineno="48787">
<summary>
Send and receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_matahari_server_packets" lineno="48803">
<summary>
Do not audit attempts to send and receive matahari_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_matahari_server_packets" lineno="48818">
<summary>
Relabel packets to matahari_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_memcache_port" lineno="48840">
<summary>
Send and receive TCP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_memcache_port" lineno="48859">
<summary>
Send UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_memcache_port" lineno="48878">
<summary>
Do not audit attempts to send UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_memcache_port" lineno="48897">
<summary>
Receive UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_memcache_port" lineno="48916">
<summary>
Do not audit attempts to receive UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_memcache_port" lineno="48935">
<summary>
Send and receive UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_memcache_port" lineno="48952">
<summary>
Do not audit attempts to send and receive
UDP traffic on the memcache port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_memcache_port" lineno="48968">
<summary>
Bind TCP sockets to the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_memcache_port" lineno="48988">
<summary>
Bind UDP sockets to the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_memcache_port" lineno="49007">
<summary>
Make a TCP connection to the memcache port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_memcache_client_packets" lineno="49027">
<summary>
Send memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_memcache_client_packets" lineno="49046">
<summary>
Do not audit attempts to send memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_memcache_client_packets" lineno="49065">
<summary>
Receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_memcache_client_packets" lineno="49084">
<summary>
Do not audit attempts to receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_memcache_client_packets" lineno="49103">
<summary>
Send and receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_memcache_client_packets" lineno="49119">
<summary>
Do not audit attempts to send and receive memcache_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_memcache_client_packets" lineno="49134">
<summary>
Relabel packets to memcache_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_memcache_server_packets" lineno="49154">
<summary>
Send memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_memcache_server_packets" lineno="49173">
<summary>
Do not audit attempts to send memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_memcache_server_packets" lineno="49192">
<summary>
Receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_memcache_server_packets" lineno="49211">
<summary>
Do not audit attempts to receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_memcache_server_packets" lineno="49230">
<summary>
Send and receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_memcache_server_packets" lineno="49246">
<summary>
Do not audit attempts to send and receive memcache_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_memcache_server_packets" lineno="49261">
<summary>
Relabel packets to memcache_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_milter_port" lineno="49283">
<summary>
Send and receive TCP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_milter_port" lineno="49302">
<summary>
Send UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_milter_port" lineno="49321">
<summary>
Do not audit attempts to send UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_milter_port" lineno="49340">
<summary>
Receive UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_milter_port" lineno="49359">
<summary>
Do not audit attempts to receive UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_milter_port" lineno="49378">
<summary>
Send and receive UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_milter_port" lineno="49395">
<summary>
Do not audit attempts to send and receive
UDP traffic on the milter port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_milter_port" lineno="49411">
<summary>
Bind TCP sockets to the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_milter_port" lineno="49431">
<summary>
Bind UDP sockets to the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_milter_port" lineno="49450">
<summary>
Make a TCP connection to the milter port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_milter_client_packets" lineno="49470">
<summary>
Send milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_milter_client_packets" lineno="49489">
<summary>
Do not audit attempts to send milter_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_milter_client_packets" lineno="49508">
<summary>
Receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_milter_client_packets" lineno="49527">
<summary>
Do not audit attempts to receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_milter_client_packets" lineno="49546">
<summary>
Send and receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_milter_client_packets" lineno="49562">
<summary>
Do not audit attempts to send and receive milter_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_milter_client_packets" lineno="49577">
<summary>
Relabel packets to milter_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_milter_server_packets" lineno="49597">
<summary>
Send milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_milter_server_packets" lineno="49616">
<summary>
Do not audit attempts to send milter_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_milter_server_packets" lineno="49635">
<summary>
Receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_milter_server_packets" lineno="49654">
<summary>
Do not audit attempts to receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_milter_server_packets" lineno="49673">
<summary>
Send and receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_milter_server_packets" lineno="49689">
<summary>
Do not audit attempts to send and receive milter_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_milter_server_packets" lineno="49704">
<summary>
Relabel packets to milter_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mmcc_port" lineno="49726">
<summary>
Send and receive TCP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mmcc_port" lineno="49745">
<summary>
Send UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mmcc_port" lineno="49764">
<summary>
Do not audit attempts to send UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mmcc_port" lineno="49783">
<summary>
Receive UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mmcc_port" lineno="49802">
<summary>
Do not audit attempts to receive UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mmcc_port" lineno="49821">
<summary>
Send and receive UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mmcc_port" lineno="49838">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mmcc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mmcc_port" lineno="49854">
<summary>
Bind TCP sockets to the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mmcc_port" lineno="49874">
<summary>
Bind UDP sockets to the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mmcc_port" lineno="49893">
<summary>
Make a TCP connection to the mmcc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mmcc_client_packets" lineno="49913">
<summary>
Send mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mmcc_client_packets" lineno="49932">
<summary>
Do not audit attempts to send mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mmcc_client_packets" lineno="49951">
<summary>
Receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mmcc_client_packets" lineno="49970">
<summary>
Do not audit attempts to receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mmcc_client_packets" lineno="49989">
<summary>
Send and receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mmcc_client_packets" lineno="50005">
<summary>
Do not audit attempts to send and receive mmcc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mmcc_client_packets" lineno="50020">
<summary>
Relabel packets to mmcc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mmcc_server_packets" lineno="50040">
<summary>
Send mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mmcc_server_packets" lineno="50059">
<summary>
Do not audit attempts to send mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mmcc_server_packets" lineno="50078">
<summary>
Receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mmcc_server_packets" lineno="50097">
<summary>
Do not audit attempts to receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mmcc_server_packets" lineno="50116">
<summary>
Send and receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mmcc_server_packets" lineno="50132">
<summary>
Do not audit attempts to send and receive mmcc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mmcc_server_packets" lineno="50147">
<summary>
Relabel packets to mmcc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mongod_port" lineno="50169">
<summary>
Send and receive TCP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mongod_port" lineno="50188">
<summary>
Send UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mongod_port" lineno="50207">
<summary>
Do not audit attempts to send UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mongod_port" lineno="50226">
<summary>
Receive UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mongod_port" lineno="50245">
<summary>
Do not audit attempts to receive UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mongod_port" lineno="50264">
<summary>
Send and receive UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mongod_port" lineno="50281">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mongod port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mongod_port" lineno="50297">
<summary>
Bind TCP sockets to the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mongod_port" lineno="50317">
<summary>
Bind UDP sockets to the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mongod_port" lineno="50336">
<summary>
Make a TCP connection to the mongod port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mongod_client_packets" lineno="50356">
<summary>
Send mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mongod_client_packets" lineno="50375">
<summary>
Do not audit attempts to send mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mongod_client_packets" lineno="50394">
<summary>
Receive mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mongod_client_packets" lineno="50413">
<summary>
Do not audit attempts to receive mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mongod_client_packets" lineno="50432">
<summary>
Send and receive mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mongod_client_packets" lineno="50448">
<summary>
Do not audit attempts to send and receive mongod_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mongod_client_packets" lineno="50463">
<summary>
Relabel packets to mongod_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mongod_server_packets" lineno="50483">
<summary>
Send mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mongod_server_packets" lineno="50502">
<summary>
Do not audit attempts to send mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mongod_server_packets" lineno="50521">
<summary>
Receive mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mongod_server_packets" lineno="50540">
<summary>
Do not audit attempts to receive mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mongod_server_packets" lineno="50559">
<summary>
Send and receive mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mongod_server_packets" lineno="50575">
<summary>
Do not audit attempts to send and receive mongod_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mongod_server_packets" lineno="50590">
<summary>
Relabel packets to mongod_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_monopd_port" lineno="50612">
<summary>
Send and receive TCP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_monopd_port" lineno="50631">
<summary>
Send UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_monopd_port" lineno="50650">
<summary>
Do not audit attempts to send UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_monopd_port" lineno="50669">
<summary>
Receive UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_monopd_port" lineno="50688">
<summary>
Do not audit attempts to receive UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_monopd_port" lineno="50707">
<summary>
Send and receive UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_monopd_port" lineno="50724">
<summary>
Do not audit attempts to send and receive
UDP traffic on the monopd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_monopd_port" lineno="50740">
<summary>
Bind TCP sockets to the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_monopd_port" lineno="50760">
<summary>
Bind UDP sockets to the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_monopd_port" lineno="50779">
<summary>
Make a TCP connection to the monopd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_monopd_client_packets" lineno="50799">
<summary>
Send monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_monopd_client_packets" lineno="50818">
<summary>
Do not audit attempts to send monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_monopd_client_packets" lineno="50837">
<summary>
Receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_monopd_client_packets" lineno="50856">
<summary>
Do not audit attempts to receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_monopd_client_packets" lineno="50875">
<summary>
Send and receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_monopd_client_packets" lineno="50891">
<summary>
Do not audit attempts to send and receive monopd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_monopd_client_packets" lineno="50906">
<summary>
Relabel packets to monopd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_monopd_server_packets" lineno="50926">
<summary>
Send monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_monopd_server_packets" lineno="50945">
<summary>
Do not audit attempts to send monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_monopd_server_packets" lineno="50964">
<summary>
Receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_monopd_server_packets" lineno="50983">
<summary>
Do not audit attempts to receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_monopd_server_packets" lineno="51002">
<summary>
Send and receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_monopd_server_packets" lineno="51018">
<summary>
Do not audit attempts to send and receive monopd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_monopd_server_packets" lineno="51033">
<summary>
Relabel packets to monopd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mpd_port" lineno="51055">
<summary>
Send and receive TCP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mpd_port" lineno="51074">
<summary>
Send UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mpd_port" lineno="51093">
<summary>
Do not audit attempts to send UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mpd_port" lineno="51112">
<summary>
Receive UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mpd_port" lineno="51131">
<summary>
Do not audit attempts to receive UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mpd_port" lineno="51150">
<summary>
Send and receive UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mpd_port" lineno="51167">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mpd_port" lineno="51183">
<summary>
Bind TCP sockets to the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mpd_port" lineno="51203">
<summary>
Bind UDP sockets to the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mpd_port" lineno="51222">
<summary>
Make a TCP connection to the mpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mpd_client_packets" lineno="51242">
<summary>
Send mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mpd_client_packets" lineno="51261">
<summary>
Do not audit attempts to send mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mpd_client_packets" lineno="51280">
<summary>
Receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mpd_client_packets" lineno="51299">
<summary>
Do not audit attempts to receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mpd_client_packets" lineno="51318">
<summary>
Send and receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mpd_client_packets" lineno="51334">
<summary>
Do not audit attempts to send and receive mpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mpd_client_packets" lineno="51349">
<summary>
Relabel packets to mpd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mpd_server_packets" lineno="51369">
<summary>
Send mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mpd_server_packets" lineno="51388">
<summary>
Do not audit attempts to send mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mpd_server_packets" lineno="51407">
<summary>
Receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mpd_server_packets" lineno="51426">
<summary>
Do not audit attempts to receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mpd_server_packets" lineno="51445">
<summary>
Send and receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mpd_server_packets" lineno="51461">
<summary>
Do not audit attempts to send and receive mpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mpd_server_packets" lineno="51476">
<summary>
Relabel packets to mpd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_msnp_port" lineno="51498">
<summary>
Send and receive TCP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_msnp_port" lineno="51517">
<summary>
Send UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_msnp_port" lineno="51536">
<summary>
Do not audit attempts to send UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_msnp_port" lineno="51555">
<summary>
Receive UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_msnp_port" lineno="51574">
<summary>
Do not audit attempts to receive UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_msnp_port" lineno="51593">
<summary>
Send and receive UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_msnp_port" lineno="51610">
<summary>
Do not audit attempts to send and receive
UDP traffic on the msnp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_msnp_port" lineno="51626">
<summary>
Bind TCP sockets to the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_msnp_port" lineno="51646">
<summary>
Bind UDP sockets to the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_msnp_port" lineno="51665">
<summary>
Make a TCP connection to the msnp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_msnp_client_packets" lineno="51685">
<summary>
Send msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_msnp_client_packets" lineno="51704">
<summary>
Do not audit attempts to send msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_msnp_client_packets" lineno="51723">
<summary>
Receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_msnp_client_packets" lineno="51742">
<summary>
Do not audit attempts to receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_msnp_client_packets" lineno="51761">
<summary>
Send and receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_msnp_client_packets" lineno="51777">
<summary>
Do not audit attempts to send and receive msnp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_msnp_client_packets" lineno="51792">
<summary>
Relabel packets to msnp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_msnp_server_packets" lineno="51812">
<summary>
Send msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_msnp_server_packets" lineno="51831">
<summary>
Do not audit attempts to send msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_msnp_server_packets" lineno="51850">
<summary>
Receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_msnp_server_packets" lineno="51869">
<summary>
Do not audit attempts to receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_msnp_server_packets" lineno="51888">
<summary>
Send and receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_msnp_server_packets" lineno="51904">
<summary>
Do not audit attempts to send and receive msnp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_msnp_server_packets" lineno="51919">
<summary>
Relabel packets to msnp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mssql_port" lineno="51941">
<summary>
Send and receive TCP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mssql_port" lineno="51960">
<summary>
Send UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mssql_port" lineno="51979">
<summary>
Do not audit attempts to send UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mssql_port" lineno="51998">
<summary>
Receive UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mssql_port" lineno="52017">
<summary>
Do not audit attempts to receive UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mssql_port" lineno="52036">
<summary>
Send and receive UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mssql_port" lineno="52053">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mssql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mssql_port" lineno="52069">
<summary>
Bind TCP sockets to the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mssql_port" lineno="52089">
<summary>
Bind UDP sockets to the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mssql_port" lineno="52108">
<summary>
Make a TCP connection to the mssql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mssql_client_packets" lineno="52128">
<summary>
Send mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mssql_client_packets" lineno="52147">
<summary>
Do not audit attempts to send mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mssql_client_packets" lineno="52166">
<summary>
Receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mssql_client_packets" lineno="52185">
<summary>
Do not audit attempts to receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mssql_client_packets" lineno="52204">
<summary>
Send and receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mssql_client_packets" lineno="52220">
<summary>
Do not audit attempts to send and receive mssql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mssql_client_packets" lineno="52235">
<summary>
Relabel packets to mssql_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mssql_server_packets" lineno="52255">
<summary>
Send mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mssql_server_packets" lineno="52274">
<summary>
Do not audit attempts to send mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mssql_server_packets" lineno="52293">
<summary>
Receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mssql_server_packets" lineno="52312">
<summary>
Do not audit attempts to receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mssql_server_packets" lineno="52331">
<summary>
Send and receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mssql_server_packets" lineno="52347">
<summary>
Do not audit attempts to send and receive mssql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mssql_server_packets" lineno="52362">
<summary>
Relabel packets to mssql_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_munin_port" lineno="52384">
<summary>
Send and receive TCP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_munin_port" lineno="52403">
<summary>
Send UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_munin_port" lineno="52422">
<summary>
Do not audit attempts to send UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_munin_port" lineno="52441">
<summary>
Receive UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_munin_port" lineno="52460">
<summary>
Do not audit attempts to receive UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_munin_port" lineno="52479">
<summary>
Send and receive UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_munin_port" lineno="52496">
<summary>
Do not audit attempts to send and receive
UDP traffic on the munin port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_munin_port" lineno="52512">
<summary>
Bind TCP sockets to the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_munin_port" lineno="52532">
<summary>
Bind UDP sockets to the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_munin_port" lineno="52551">
<summary>
Make a TCP connection to the munin port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_munin_client_packets" lineno="52571">
<summary>
Send munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_munin_client_packets" lineno="52590">
<summary>
Do not audit attempts to send munin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_munin_client_packets" lineno="52609">
<summary>
Receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_munin_client_packets" lineno="52628">
<summary>
Do not audit attempts to receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_munin_client_packets" lineno="52647">
<summary>
Send and receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_munin_client_packets" lineno="52663">
<summary>
Do not audit attempts to send and receive munin_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_munin_client_packets" lineno="52678">
<summary>
Relabel packets to munin_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_munin_server_packets" lineno="52698">
<summary>
Send munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_munin_server_packets" lineno="52717">
<summary>
Do not audit attempts to send munin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_munin_server_packets" lineno="52736">
<summary>
Receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_munin_server_packets" lineno="52755">
<summary>
Do not audit attempts to receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_munin_server_packets" lineno="52774">
<summary>
Send and receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_munin_server_packets" lineno="52790">
<summary>
Do not audit attempts to send and receive munin_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_munin_server_packets" lineno="52805">
<summary>
Relabel packets to munin_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mysqld_port" lineno="52827">
<summary>
Send and receive TCP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mysqld_port" lineno="52846">
<summary>
Send UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mysqld_port" lineno="52865">
<summary>
Do not audit attempts to send UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mysqld_port" lineno="52884">
<summary>
Receive UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mysqld_port" lineno="52903">
<summary>
Do not audit attempts to receive UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mysqld_port" lineno="52922">
<summary>
Send and receive UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mysqld_port" lineno="52939">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mysqld port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mysqld_port" lineno="52955">
<summary>
Bind TCP sockets to the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mysqld_port" lineno="52975">
<summary>
Bind UDP sockets to the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mysqld_port" lineno="52994">
<summary>
Make a TCP connection to the mysqld port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqld_client_packets" lineno="53014">
<summary>
Send mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqld_client_packets" lineno="53033">
<summary>
Do not audit attempts to send mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqld_client_packets" lineno="53052">
<summary>
Receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqld_client_packets" lineno="53071">
<summary>
Do not audit attempts to receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqld_client_packets" lineno="53090">
<summary>
Send and receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqld_client_packets" lineno="53106">
<summary>
Do not audit attempts to send and receive mysqld_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqld_client_packets" lineno="53121">
<summary>
Relabel packets to mysqld_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqld_server_packets" lineno="53141">
<summary>
Send mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqld_server_packets" lineno="53160">
<summary>
Do not audit attempts to send mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqld_server_packets" lineno="53179">
<summary>
Receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqld_server_packets" lineno="53198">
<summary>
Do not audit attempts to receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqld_server_packets" lineno="53217">
<summary>
Send and receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqld_server_packets" lineno="53233">
<summary>
Do not audit attempts to send and receive mysqld_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqld_server_packets" lineno="53248">
<summary>
Relabel packets to mysqld_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mysqlmanagerd_port" lineno="53270">
<summary>
Send and receive TCP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mysqlmanagerd_port" lineno="53289">
<summary>
Send UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mysqlmanagerd_port" lineno="53308">
<summary>
Do not audit attempts to send UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mysqlmanagerd_port" lineno="53327">
<summary>
Receive UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mysqlmanagerd_port" lineno="53346">
<summary>
Do not audit attempts to receive UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mysqlmanagerd_port" lineno="53365">
<summary>
Send and receive UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mysqlmanagerd_port" lineno="53382">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mysqlmanagerd_port" lineno="53398">
<summary>
Bind TCP sockets to the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mysqlmanagerd_port" lineno="53418">
<summary>
Bind UDP sockets to the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mysqlmanagerd_port" lineno="53437">
<summary>
Make a TCP connection to the mysqlmanagerd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqlmanagerd_client_packets" lineno="53457">
<summary>
Send mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqlmanagerd_client_packets" lineno="53476">
<summary>
Do not audit attempts to send mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqlmanagerd_client_packets" lineno="53495">
<summary>
Receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqlmanagerd_client_packets" lineno="53514">
<summary>
Do not audit attempts to receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqlmanagerd_client_packets" lineno="53533">
<summary>
Send and receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_client_packets" lineno="53549">
<summary>
Do not audit attempts to send and receive mysqlmanagerd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqlmanagerd_client_packets" lineno="53564">
<summary>
Relabel packets to mysqlmanagerd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mysqlmanagerd_server_packets" lineno="53584">
<summary>
Send mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mysqlmanagerd_server_packets" lineno="53603">
<summary>
Do not audit attempts to send mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mysqlmanagerd_server_packets" lineno="53622">
<summary>
Receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mysqlmanagerd_server_packets" lineno="53641">
<summary>
Do not audit attempts to receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mysqlmanagerd_server_packets" lineno="53660">
<summary>
Send and receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mysqlmanagerd_server_packets" lineno="53676">
<summary>
Do not audit attempts to send and receive mysqlmanagerd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mysqlmanagerd_server_packets" lineno="53691">
<summary>
Relabel packets to mysqlmanagerd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_movaz_ssc_port" lineno="53713">
<summary>
Send and receive TCP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_movaz_ssc_port" lineno="53732">
<summary>
Send UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_movaz_ssc_port" lineno="53751">
<summary>
Do not audit attempts to send UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_movaz_ssc_port" lineno="53770">
<summary>
Receive UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_movaz_ssc_port" lineno="53789">
<summary>
Do not audit attempts to receive UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_movaz_ssc_port" lineno="53808">
<summary>
Send and receive UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_movaz_ssc_port" lineno="53825">
<summary>
Do not audit attempts to send and receive
UDP traffic on the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_movaz_ssc_port" lineno="53841">
<summary>
Bind TCP sockets to the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_movaz_ssc_port" lineno="53861">
<summary>
Bind UDP sockets to the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_movaz_ssc_port" lineno="53880">
<summary>
Make a TCP connection to the movaz_ssc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_movaz_ssc_client_packets" lineno="53900">
<summary>
Send movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_movaz_ssc_client_packets" lineno="53919">
<summary>
Do not audit attempts to send movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_movaz_ssc_client_packets" lineno="53938">
<summary>
Receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_movaz_ssc_client_packets" lineno="53957">
<summary>
Do not audit attempts to receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_movaz_ssc_client_packets" lineno="53976">
<summary>
Send and receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_movaz_ssc_client_packets" lineno="53992">
<summary>
Do not audit attempts to send and receive movaz_ssc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_movaz_ssc_client_packets" lineno="54007">
<summary>
Relabel packets to movaz_ssc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_movaz_ssc_server_packets" lineno="54027">
<summary>
Send movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_movaz_ssc_server_packets" lineno="54046">
<summary>
Do not audit attempts to send movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_movaz_ssc_server_packets" lineno="54065">
<summary>
Receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_movaz_ssc_server_packets" lineno="54084">
<summary>
Do not audit attempts to receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_movaz_ssc_server_packets" lineno="54103">
<summary>
Send and receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_movaz_ssc_server_packets" lineno="54119">
<summary>
Do not audit attempts to send and receive movaz_ssc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_movaz_ssc_server_packets" lineno="54134">
<summary>
Relabel packets to movaz_ssc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_mountd_port" lineno="54156">
<summary>
Send and receive TCP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_mountd_port" lineno="54175">
<summary>
Send UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_mountd_port" lineno="54194">
<summary>
Do not audit attempts to send UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_mountd_port" lineno="54213">
<summary>
Receive UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_mountd_port" lineno="54232">
<summary>
Do not audit attempts to receive UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_mountd_port" lineno="54251">
<summary>
Send and receive UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_mountd_port" lineno="54268">
<summary>
Do not audit attempts to send and receive
UDP traffic on the mountd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_mountd_port" lineno="54284">
<summary>
Bind TCP sockets to the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_mountd_port" lineno="54304">
<summary>
Bind UDP sockets to the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_mountd_port" lineno="54323">
<summary>
Make a TCP connection to the mountd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mountd_client_packets" lineno="54343">
<summary>
Send mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mountd_client_packets" lineno="54362">
<summary>
Do not audit attempts to send mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mountd_client_packets" lineno="54381">
<summary>
Receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mountd_client_packets" lineno="54400">
<summary>
Do not audit attempts to receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mountd_client_packets" lineno="54419">
<summary>
Send and receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mountd_client_packets" lineno="54435">
<summary>
Do not audit attempts to send and receive mountd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mountd_client_packets" lineno="54450">
<summary>
Relabel packets to mountd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_mountd_server_packets" lineno="54470">
<summary>
Send mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_mountd_server_packets" lineno="54489">
<summary>
Do not audit attempts to send mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_mountd_server_packets" lineno="54508">
<summary>
Receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_mountd_server_packets" lineno="54527">
<summary>
Do not audit attempts to receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_mountd_server_packets" lineno="54546">
<summary>
Send and receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_mountd_server_packets" lineno="54562">
<summary>
Do not audit attempts to send and receive mountd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_mountd_server_packets" lineno="54577">
<summary>
Relabel packets to mountd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nessus_port" lineno="54599">
<summary>
Send and receive TCP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nessus_port" lineno="54618">
<summary>
Send UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nessus_port" lineno="54637">
<summary>
Do not audit attempts to send UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nessus_port" lineno="54656">
<summary>
Receive UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nessus_port" lineno="54675">
<summary>
Do not audit attempts to receive UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nessus_port" lineno="54694">
<summary>
Send and receive UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nessus_port" lineno="54711">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nessus port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nessus_port" lineno="54727">
<summary>
Bind TCP sockets to the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nessus_port" lineno="54747">
<summary>
Bind UDP sockets to the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nessus_port" lineno="54766">
<summary>
Make a TCP connection to the nessus port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nessus_client_packets" lineno="54786">
<summary>
Send nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nessus_client_packets" lineno="54805">
<summary>
Do not audit attempts to send nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nessus_client_packets" lineno="54824">
<summary>
Receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nessus_client_packets" lineno="54843">
<summary>
Do not audit attempts to receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nessus_client_packets" lineno="54862">
<summary>
Send and receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nessus_client_packets" lineno="54878">
<summary>
Do not audit attempts to send and receive nessus_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nessus_client_packets" lineno="54893">
<summary>
Relabel packets to nessus_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nessus_server_packets" lineno="54913">
<summary>
Send nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nessus_server_packets" lineno="54932">
<summary>
Do not audit attempts to send nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nessus_server_packets" lineno="54951">
<summary>
Receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nessus_server_packets" lineno="54970">
<summary>
Do not audit attempts to receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nessus_server_packets" lineno="54989">
<summary>
Send and receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nessus_server_packets" lineno="55005">
<summary>
Do not audit attempts to send and receive nessus_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nessus_server_packets" lineno="55020">
<summary>
Relabel packets to nessus_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_netport_port" lineno="55042">
<summary>
Send and receive TCP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_netport_port" lineno="55061">
<summary>
Send UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_netport_port" lineno="55080">
<summary>
Do not audit attempts to send UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_netport_port" lineno="55099">
<summary>
Receive UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_netport_port" lineno="55118">
<summary>
Do not audit attempts to receive UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_netport_port" lineno="55137">
<summary>
Send and receive UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_netport_port" lineno="55154">
<summary>
Do not audit attempts to send and receive
UDP traffic on the netport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_netport_port" lineno="55170">
<summary>
Bind TCP sockets to the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_netport_port" lineno="55190">
<summary>
Bind UDP sockets to the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_netport_port" lineno="55209">
<summary>
Make a TCP connection to the netport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netport_client_packets" lineno="55229">
<summary>
Send netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netport_client_packets" lineno="55248">
<summary>
Do not audit attempts to send netport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netport_client_packets" lineno="55267">
<summary>
Receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netport_client_packets" lineno="55286">
<summary>
Do not audit attempts to receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netport_client_packets" lineno="55305">
<summary>
Send and receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netport_client_packets" lineno="55321">
<summary>
Do not audit attempts to send and receive netport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netport_client_packets" lineno="55336">
<summary>
Relabel packets to netport_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netport_server_packets" lineno="55356">
<summary>
Send netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netport_server_packets" lineno="55375">
<summary>
Do not audit attempts to send netport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netport_server_packets" lineno="55394">
<summary>
Receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netport_server_packets" lineno="55413">
<summary>
Do not audit attempts to receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netport_server_packets" lineno="55432">
<summary>
Send and receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netport_server_packets" lineno="55448">
<summary>
Do not audit attempts to send and receive netport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netport_server_packets" lineno="55463">
<summary>
Relabel packets to netport_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_netsupport_port" lineno="55485">
<summary>
Send and receive TCP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_netsupport_port" lineno="55504">
<summary>
Send UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_netsupport_port" lineno="55523">
<summary>
Do not audit attempts to send UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_netsupport_port" lineno="55542">
<summary>
Receive UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_netsupport_port" lineno="55561">
<summary>
Do not audit attempts to receive UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_netsupport_port" lineno="55580">
<summary>
Send and receive UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_netsupport_port" lineno="55597">
<summary>
Do not audit attempts to send and receive
UDP traffic on the netsupport port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_netsupport_port" lineno="55613">
<summary>
Bind TCP sockets to the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_netsupport_port" lineno="55633">
<summary>
Bind UDP sockets to the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_netsupport_port" lineno="55652">
<summary>
Make a TCP connection to the netsupport port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netsupport_client_packets" lineno="55672">
<summary>
Send netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netsupport_client_packets" lineno="55691">
<summary>
Do not audit attempts to send netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netsupport_client_packets" lineno="55710">
<summary>
Receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netsupport_client_packets" lineno="55729">
<summary>
Do not audit attempts to receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netsupport_client_packets" lineno="55748">
<summary>
Send and receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netsupport_client_packets" lineno="55764">
<summary>
Do not audit attempts to send and receive netsupport_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netsupport_client_packets" lineno="55779">
<summary>
Relabel packets to netsupport_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_netsupport_server_packets" lineno="55799">
<summary>
Send netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_netsupport_server_packets" lineno="55818">
<summary>
Do not audit attempts to send netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_netsupport_server_packets" lineno="55837">
<summary>
Receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_netsupport_server_packets" lineno="55856">
<summary>
Do not audit attempts to receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_netsupport_server_packets" lineno="55875">
<summary>
Send and receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_netsupport_server_packets" lineno="55891">
<summary>
Do not audit attempts to send and receive netsupport_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_netsupport_server_packets" lineno="55906">
<summary>
Relabel packets to netsupport_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nfs_port" lineno="55928">
<summary>
Send and receive TCP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nfs_port" lineno="55947">
<summary>
Send UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nfs_port" lineno="55966">
<summary>
Do not audit attempts to send UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nfs_port" lineno="55985">
<summary>
Receive UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nfs_port" lineno="56004">
<summary>
Do not audit attempts to receive UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nfs_port" lineno="56023">
<summary>
Send and receive UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nfs_port" lineno="56040">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nfs_port" lineno="56056">
<summary>
Bind TCP sockets to the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nfs_port" lineno="56076">
<summary>
Bind UDP sockets to the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nfs_port" lineno="56095">
<summary>
Make a TCP connection to the nfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nfs_client_packets" lineno="56115">
<summary>
Send nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nfs_client_packets" lineno="56134">
<summary>
Do not audit attempts to send nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nfs_client_packets" lineno="56153">
<summary>
Receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nfs_client_packets" lineno="56172">
<summary>
Do not audit attempts to receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nfs_client_packets" lineno="56191">
<summary>
Send and receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nfs_client_packets" lineno="56207">
<summary>
Do not audit attempts to send and receive nfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nfs_client_packets" lineno="56222">
<summary>
Relabel packets to nfs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nfs_server_packets" lineno="56242">
<summary>
Send nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nfs_server_packets" lineno="56261">
<summary>
Do not audit attempts to send nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nfs_server_packets" lineno="56280">
<summary>
Receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nfs_server_packets" lineno="56299">
<summary>
Do not audit attempts to receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nfs_server_packets" lineno="56318">
<summary>
Send and receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nfs_server_packets" lineno="56334">
<summary>
Do not audit attempts to send and receive nfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nfs_server_packets" lineno="56349">
<summary>
Relabel packets to nfs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nmbd_port" lineno="56371">
<summary>
Send and receive TCP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nmbd_port" lineno="56390">
<summary>
Send UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nmbd_port" lineno="56409">
<summary>
Do not audit attempts to send UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nmbd_port" lineno="56428">
<summary>
Receive UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nmbd_port" lineno="56447">
<summary>
Do not audit attempts to receive UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nmbd_port" lineno="56466">
<summary>
Send and receive UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nmbd_port" lineno="56483">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nmbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nmbd_port" lineno="56499">
<summary>
Bind TCP sockets to the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nmbd_port" lineno="56519">
<summary>
Bind UDP sockets to the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nmbd_port" lineno="56538">
<summary>
Make a TCP connection to the nmbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nmbd_client_packets" lineno="56558">
<summary>
Send nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nmbd_client_packets" lineno="56577">
<summary>
Do not audit attempts to send nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nmbd_client_packets" lineno="56596">
<summary>
Receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nmbd_client_packets" lineno="56615">
<summary>
Do not audit attempts to receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nmbd_client_packets" lineno="56634">
<summary>
Send and receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nmbd_client_packets" lineno="56650">
<summary>
Do not audit attempts to send and receive nmbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nmbd_client_packets" lineno="56665">
<summary>
Relabel packets to nmbd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nmbd_server_packets" lineno="56685">
<summary>
Send nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nmbd_server_packets" lineno="56704">
<summary>
Do not audit attempts to send nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nmbd_server_packets" lineno="56723">
<summary>
Receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nmbd_server_packets" lineno="56742">
<summary>
Do not audit attempts to receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nmbd_server_packets" lineno="56761">
<summary>
Send and receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nmbd_server_packets" lineno="56777">
<summary>
Do not audit attempts to send and receive nmbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nmbd_server_packets" lineno="56792">
<summary>
Relabel packets to nmbd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_nodejs_debug_port" lineno="56814">
<summary>
Send and receive TCP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_nodejs_debug_port" lineno="56833">
<summary>
Send UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_nodejs_debug_port" lineno="56852">
<summary>
Do not audit attempts to send UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_nodejs_debug_port" lineno="56871">
<summary>
Receive UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_nodejs_debug_port" lineno="56890">
<summary>
Do not audit attempts to receive UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_nodejs_debug_port" lineno="56909">
<summary>
Send and receive UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_nodejs_debug_port" lineno="56926">
<summary>
Do not audit attempts to send and receive
UDP traffic on the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_nodejs_debug_port" lineno="56942">
<summary>
Bind TCP sockets to the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_nodejs_debug_port" lineno="56962">
<summary>
Bind UDP sockets to the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_nodejs_debug_port" lineno="56981">
<summary>
Make a TCP connection to the nodejs_debug port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nodejs_debug_client_packets" lineno="57001">
<summary>
Send nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nodejs_debug_client_packets" lineno="57020">
<summary>
Do not audit attempts to send nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nodejs_debug_client_packets" lineno="57039">
<summary>
Receive nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nodejs_debug_client_packets" lineno="57058">
<summary>
Do not audit attempts to receive nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nodejs_debug_client_packets" lineno="57077">
<summary>
Send and receive nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nodejs_debug_client_packets" lineno="57093">
<summary>
Do not audit attempts to send and receive nodejs_debug_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nodejs_debug_client_packets" lineno="57108">
<summary>
Relabel packets to nodejs_debug_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_nodejs_debug_server_packets" lineno="57128">
<summary>
Send nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_nodejs_debug_server_packets" lineno="57147">
<summary>
Do not audit attempts to send nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_nodejs_debug_server_packets" lineno="57166">
<summary>
Receive nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_nodejs_debug_server_packets" lineno="57185">
<summary>
Do not audit attempts to receive nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_nodejs_debug_server_packets" lineno="57204">
<summary>
Send and receive nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_nodejs_debug_server_packets" lineno="57220">
<summary>
Do not audit attempts to send and receive nodejs_debug_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_nodejs_debug_server_packets" lineno="57235">
<summary>
Relabel packets to nodejs_debug_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ntp_port" lineno="57257">
<summary>
Send and receive TCP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ntp_port" lineno="57276">
<summary>
Send UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ntp_port" lineno="57295">
<summary>
Do not audit attempts to send UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ntp_port" lineno="57314">
<summary>
Receive UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ntp_port" lineno="57333">
<summary>
Do not audit attempts to receive UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ntp_port" lineno="57352">
<summary>
Send and receive UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ntp_port" lineno="57369">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ntp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ntp_port" lineno="57385">
<summary>
Bind TCP sockets to the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ntp_port" lineno="57405">
<summary>
Bind UDP sockets to the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ntp_port" lineno="57424">
<summary>
Make a TCP connection to the ntp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntp_client_packets" lineno="57444">
<summary>
Send ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntp_client_packets" lineno="57463">
<summary>
Do not audit attempts to send ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntp_client_packets" lineno="57482">
<summary>
Receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntp_client_packets" lineno="57501">
<summary>
Do not audit attempts to receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntp_client_packets" lineno="57520">
<summary>
Send and receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntp_client_packets" lineno="57536">
<summary>
Do not audit attempts to send and receive ntp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntp_client_packets" lineno="57551">
<summary>
Relabel packets to ntp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntp_server_packets" lineno="57571">
<summary>
Send ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntp_server_packets" lineno="57590">
<summary>
Do not audit attempts to send ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntp_server_packets" lineno="57609">
<summary>
Receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntp_server_packets" lineno="57628">
<summary>
Do not audit attempts to receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntp_server_packets" lineno="57647">
<summary>
Send and receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntp_server_packets" lineno="57663">
<summary>
Do not audit attempts to send and receive ntp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntp_server_packets" lineno="57678">
<summary>
Relabel packets to ntp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ntop_port" lineno="57700">
<summary>
Send and receive TCP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ntop_port" lineno="57719">
<summary>
Send UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ntop_port" lineno="57738">
<summary>
Do not audit attempts to send UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ntop_port" lineno="57757">
<summary>
Receive UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ntop_port" lineno="57776">
<summary>
Do not audit attempts to receive UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ntop_port" lineno="57795">
<summary>
Send and receive UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ntop_port" lineno="57812">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ntop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ntop_port" lineno="57828">
<summary>
Bind TCP sockets to the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ntop_port" lineno="57848">
<summary>
Bind UDP sockets to the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ntop_port" lineno="57867">
<summary>
Make a TCP connection to the ntop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntop_client_packets" lineno="57887">
<summary>
Send ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntop_client_packets" lineno="57906">
<summary>
Do not audit attempts to send ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntop_client_packets" lineno="57925">
<summary>
Receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntop_client_packets" lineno="57944">
<summary>
Do not audit attempts to receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntop_client_packets" lineno="57963">
<summary>
Send and receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntop_client_packets" lineno="57979">
<summary>
Do not audit attempts to send and receive ntop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntop_client_packets" lineno="57994">
<summary>
Relabel packets to ntop_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ntop_server_packets" lineno="58014">
<summary>
Send ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ntop_server_packets" lineno="58033">
<summary>
Do not audit attempts to send ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ntop_server_packets" lineno="58052">
<summary>
Receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ntop_server_packets" lineno="58071">
<summary>
Do not audit attempts to receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ntop_server_packets" lineno="58090">
<summary>
Send and receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ntop_server_packets" lineno="58106">
<summary>
Do not audit attempts to send and receive ntop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ntop_server_packets" lineno="58121">
<summary>
Relabel packets to ntop_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_oracle_port" lineno="58143">
<summary>
Send and receive TCP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_oracle_port" lineno="58162">
<summary>
Send UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_oracle_port" lineno="58181">
<summary>
Do not audit attempts to send UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_oracle_port" lineno="58200">
<summary>
Receive UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_oracle_port" lineno="58219">
<summary>
Do not audit attempts to receive UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_oracle_port" lineno="58238">
<summary>
Send and receive UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_oracle_port" lineno="58255">
<summary>
Do not audit attempts to send and receive
UDP traffic on the oracle port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_oracle_port" lineno="58271">
<summary>
Bind TCP sockets to the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_oracle_port" lineno="58291">
<summary>
Bind UDP sockets to the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_oracle_port" lineno="58310">
<summary>
Make a TCP connection to the oracle port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_oracle_client_packets" lineno="58330">
<summary>
Send oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_oracle_client_packets" lineno="58349">
<summary>
Do not audit attempts to send oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_oracle_client_packets" lineno="58368">
<summary>
Receive oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_oracle_client_packets" lineno="58387">
<summary>
Do not audit attempts to receive oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_oracle_client_packets" lineno="58406">
<summary>
Send and receive oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_oracle_client_packets" lineno="58422">
<summary>
Do not audit attempts to send and receive oracle_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_oracle_client_packets" lineno="58437">
<summary>
Relabel packets to oracle_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_oracle_server_packets" lineno="58457">
<summary>
Send oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_oracle_server_packets" lineno="58476">
<summary>
Do not audit attempts to send oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_oracle_server_packets" lineno="58495">
<summary>
Receive oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_oracle_server_packets" lineno="58514">
<summary>
Do not audit attempts to receive oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_oracle_server_packets" lineno="58533">
<summary>
Send and receive oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_oracle_server_packets" lineno="58549">
<summary>
Do not audit attempts to send and receive oracle_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_oracle_server_packets" lineno="58564">
<summary>
Relabel packets to oracle_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ocsp_port" lineno="58586">
<summary>
Send and receive TCP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ocsp_port" lineno="58605">
<summary>
Send UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ocsp_port" lineno="58624">
<summary>
Do not audit attempts to send UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ocsp_port" lineno="58643">
<summary>
Receive UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ocsp_port" lineno="58662">
<summary>
Do not audit attempts to receive UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ocsp_port" lineno="58681">
<summary>
Send and receive UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ocsp_port" lineno="58698">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ocsp_port" lineno="58714">
<summary>
Bind TCP sockets to the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ocsp_port" lineno="58734">
<summary>
Bind UDP sockets to the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ocsp_port" lineno="58753">
<summary>
Make a TCP connection to the ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ocsp_client_packets" lineno="58773">
<summary>
Send ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ocsp_client_packets" lineno="58792">
<summary>
Do not audit attempts to send ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ocsp_client_packets" lineno="58811">
<summary>
Receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ocsp_client_packets" lineno="58830">
<summary>
Do not audit attempts to receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ocsp_client_packets" lineno="58849">
<summary>
Send and receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ocsp_client_packets" lineno="58865">
<summary>
Do not audit attempts to send and receive ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ocsp_client_packets" lineno="58880">
<summary>
Relabel packets to ocsp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ocsp_server_packets" lineno="58900">
<summary>
Send ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ocsp_server_packets" lineno="58919">
<summary>
Do not audit attempts to send ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ocsp_server_packets" lineno="58938">
<summary>
Receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ocsp_server_packets" lineno="58957">
<summary>
Do not audit attempts to receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ocsp_server_packets" lineno="58976">
<summary>
Send and receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ocsp_server_packets" lineno="58992">
<summary>
Do not audit attempts to send and receive ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ocsp_server_packets" lineno="59007">
<summary>
Relabel packets to ocsp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_openhpid_port" lineno="59029">
<summary>
Send and receive TCP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_openhpid_port" lineno="59048">
<summary>
Send UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_openhpid_port" lineno="59067">
<summary>
Do not audit attempts to send UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_openhpid_port" lineno="59086">
<summary>
Receive UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_openhpid_port" lineno="59105">
<summary>
Do not audit attempts to receive UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_openhpid_port" lineno="59124">
<summary>
Send and receive UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_openhpid_port" lineno="59141">
<summary>
Do not audit attempts to send and receive
UDP traffic on the openhpid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_openhpid_port" lineno="59157">
<summary>
Bind TCP sockets to the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_openhpid_port" lineno="59177">
<summary>
Bind UDP sockets to the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_openhpid_port" lineno="59196">
<summary>
Make a TCP connection to the openhpid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openhpid_client_packets" lineno="59216">
<summary>
Send openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openhpid_client_packets" lineno="59235">
<summary>
Do not audit attempts to send openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openhpid_client_packets" lineno="59254">
<summary>
Receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openhpid_client_packets" lineno="59273">
<summary>
Do not audit attempts to receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openhpid_client_packets" lineno="59292">
<summary>
Send and receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openhpid_client_packets" lineno="59308">
<summary>
Do not audit attempts to send and receive openhpid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openhpid_client_packets" lineno="59323">
<summary>
Relabel packets to openhpid_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openhpid_server_packets" lineno="59343">
<summary>
Send openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openhpid_server_packets" lineno="59362">
<summary>
Do not audit attempts to send openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openhpid_server_packets" lineno="59381">
<summary>
Receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openhpid_server_packets" lineno="59400">
<summary>
Do not audit attempts to receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openhpid_server_packets" lineno="59419">
<summary>
Send and receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openhpid_server_packets" lineno="59435">
<summary>
Do not audit attempts to send and receive openhpid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openhpid_server_packets" lineno="59450">
<summary>
Relabel packets to openhpid_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_openvpn_port" lineno="59472">
<summary>
Send and receive TCP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_openvpn_port" lineno="59491">
<summary>
Send UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_openvpn_port" lineno="59510">
<summary>
Do not audit attempts to send UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_openvpn_port" lineno="59529">
<summary>
Receive UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_openvpn_port" lineno="59548">
<summary>
Do not audit attempts to receive UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_openvpn_port" lineno="59567">
<summary>
Send and receive UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_openvpn_port" lineno="59584">
<summary>
Do not audit attempts to send and receive
UDP traffic on the openvpn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_openvpn_port" lineno="59600">
<summary>
Bind TCP sockets to the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_openvpn_port" lineno="59620">
<summary>
Bind UDP sockets to the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_openvpn_port" lineno="59639">
<summary>
Make a TCP connection to the openvpn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openvpn_client_packets" lineno="59659">
<summary>
Send openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openvpn_client_packets" lineno="59678">
<summary>
Do not audit attempts to send openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openvpn_client_packets" lineno="59697">
<summary>
Receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openvpn_client_packets" lineno="59716">
<summary>
Do not audit attempts to receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openvpn_client_packets" lineno="59735">
<summary>
Send and receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openvpn_client_packets" lineno="59751">
<summary>
Do not audit attempts to send and receive openvpn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openvpn_client_packets" lineno="59766">
<summary>
Relabel packets to openvpn_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_openvpn_server_packets" lineno="59786">
<summary>
Send openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_openvpn_server_packets" lineno="59805">
<summary>
Do not audit attempts to send openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_openvpn_server_packets" lineno="59824">
<summary>
Receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_openvpn_server_packets" lineno="59843">
<summary>
Do not audit attempts to receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_openvpn_server_packets" lineno="59862">
<summary>
Send and receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_openvpn_server_packets" lineno="59878">
<summary>
Do not audit attempts to send and receive openvpn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_openvpn_server_packets" lineno="59893">
<summary>
Relabel packets to openvpn_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pktcable_port" lineno="59915">
<summary>
Send and receive TCP traffic on the pktcable port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pktcable_port" lineno="59934">
<summary>
Send UDP traffic on the pktcable port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pktcable_port" lineno="59953">
<summary>
Do not audit attempts to send UDP traffic on the pktcable port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pktcable_port" lineno="59972">
<summary>
Receive UDP traffic on the pktcable port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pktcable_port" lineno="59991">
<summary>
Do not audit attempts to receive UDP traffic on the pktcable port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pktcable_port" lineno="60010">
<summary>
Send and receive UDP traffic on the pktcable port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pktcable_port" lineno="60027">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pktcable port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pktcable_port" lineno="60043">
<summary>
Bind TCP sockets to the pktcable port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pktcable_port" lineno="60063">
<summary>
Bind UDP sockets to the pktcable port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pktcable_port" lineno="60082">
<summary>
Make a TCP connection to the pktcable port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pktcable_client_packets" lineno="60102">
<summary>
Send pktcable_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pktcable_client_packets" lineno="60121">
<summary>
Do not audit attempts to send pktcable_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pktcable_client_packets" lineno="60140">
<summary>
Receive pktcable_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pktcable_client_packets" lineno="60159">
<summary>
Do not audit attempts to receive pktcable_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pktcable_client_packets" lineno="60178">
<summary>
Send and receive pktcable_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pktcable_client_packets" lineno="60194">
<summary>
Do not audit attempts to send and receive pktcable_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pktcable_client_packets" lineno="60209">
<summary>
Relabel packets to pktcable_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pktcable_server_packets" lineno="60229">
<summary>
Send pktcable_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pktcable_server_packets" lineno="60248">
<summary>
Do not audit attempts to send pktcable_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pktcable_server_packets" lineno="60267">
<summary>
Receive pktcable_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pktcable_server_packets" lineno="60286">
<summary>
Do not audit attempts to receive pktcable_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pktcable_server_packets" lineno="60305">
<summary>
Send and receive pktcable_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pktcable_server_packets" lineno="60321">
<summary>
Do not audit attempts to send and receive pktcable_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pktcable_server_packets" lineno="60336">
<summary>
Relabel packets to pktcable_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pegasus_http_port" lineno="60358">
<summary>
Send and receive TCP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pegasus_http_port" lineno="60377">
<summary>
Send UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pegasus_http_port" lineno="60396">
<summary>
Do not audit attempts to send UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pegasus_http_port" lineno="60415">
<summary>
Receive UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pegasus_http_port" lineno="60434">
<summary>
Do not audit attempts to receive UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pegasus_http_port" lineno="60453">
<summary>
Send and receive UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pegasus_http_port" lineno="60470">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pegasus_http_port" lineno="60486">
<summary>
Bind TCP sockets to the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pegasus_http_port" lineno="60506">
<summary>
Bind UDP sockets to the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pegasus_http_port" lineno="60525">
<summary>
Make a TCP connection to the pegasus_http port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_http_client_packets" lineno="60545">
<summary>
Send pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_http_client_packets" lineno="60564">
<summary>
Do not audit attempts to send pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_http_client_packets" lineno="60583">
<summary>
Receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_http_client_packets" lineno="60602">
<summary>
Do not audit attempts to receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_http_client_packets" lineno="60621">
<summary>
Send and receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_http_client_packets" lineno="60637">
<summary>
Do not audit attempts to send and receive pegasus_http_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_http_client_packets" lineno="60652">
<summary>
Relabel packets to pegasus_http_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_http_server_packets" lineno="60672">
<summary>
Send pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_http_server_packets" lineno="60691">
<summary>
Do not audit attempts to send pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_http_server_packets" lineno="60710">
<summary>
Receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_http_server_packets" lineno="60729">
<summary>
Do not audit attempts to receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_http_server_packets" lineno="60748">
<summary>
Send and receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_http_server_packets" lineno="60764">
<summary>
Do not audit attempts to send and receive pegasus_http_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_http_server_packets" lineno="60779">
<summary>
Relabel packets to pegasus_http_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pegasus_https_port" lineno="60801">
<summary>
Send and receive TCP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pegasus_https_port" lineno="60820">
<summary>
Send UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pegasus_https_port" lineno="60839">
<summary>
Do not audit attempts to send UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pegasus_https_port" lineno="60858">
<summary>
Receive UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pegasus_https_port" lineno="60877">
<summary>
Do not audit attempts to receive UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pegasus_https_port" lineno="60896">
<summary>
Send and receive UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pegasus_https_port" lineno="60913">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pegasus_https_port" lineno="60929">
<summary>
Bind TCP sockets to the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pegasus_https_port" lineno="60949">
<summary>
Bind UDP sockets to the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pegasus_https_port" lineno="60968">
<summary>
Make a TCP connection to the pegasus_https port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_https_client_packets" lineno="60988">
<summary>
Send pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_https_client_packets" lineno="61007">
<summary>
Do not audit attempts to send pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_https_client_packets" lineno="61026">
<summary>
Receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_https_client_packets" lineno="61045">
<summary>
Do not audit attempts to receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_https_client_packets" lineno="61064">
<summary>
Send and receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_https_client_packets" lineno="61080">
<summary>
Do not audit attempts to send and receive pegasus_https_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_https_client_packets" lineno="61095">
<summary>
Relabel packets to pegasus_https_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pegasus_https_server_packets" lineno="61115">
<summary>
Send pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pegasus_https_server_packets" lineno="61134">
<summary>
Do not audit attempts to send pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pegasus_https_server_packets" lineno="61153">
<summary>
Receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pegasus_https_server_packets" lineno="61172">
<summary>
Do not audit attempts to receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pegasus_https_server_packets" lineno="61191">
<summary>
Send and receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pegasus_https_server_packets" lineno="61207">
<summary>
Do not audit attempts to send and receive pegasus_https_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pegasus_https_server_packets" lineno="61222">
<summary>
Relabel packets to pegasus_https_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pgpkeyserver_port" lineno="61244">
<summary>
Send and receive TCP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pgpkeyserver_port" lineno="61263">
<summary>
Send UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pgpkeyserver_port" lineno="61282">
<summary>
Do not audit attempts to send UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pgpkeyserver_port" lineno="61301">
<summary>
Receive UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pgpkeyserver_port" lineno="61320">
<summary>
Do not audit attempts to receive UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pgpkeyserver_port" lineno="61339">
<summary>
Send and receive UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pgpkeyserver_port" lineno="61356">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pgpkeyserver_port" lineno="61372">
<summary>
Bind TCP sockets to the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pgpkeyserver_port" lineno="61392">
<summary>
Bind UDP sockets to the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pgpkeyserver_port" lineno="61411">
<summary>
Make a TCP connection to the pgpkeyserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pgpkeyserver_client_packets" lineno="61431">
<summary>
Send pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pgpkeyserver_client_packets" lineno="61450">
<summary>
Do not audit attempts to send pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pgpkeyserver_client_packets" lineno="61469">
<summary>
Receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pgpkeyserver_client_packets" lineno="61488">
<summary>
Do not audit attempts to receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pgpkeyserver_client_packets" lineno="61507">
<summary>
Send and receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_client_packets" lineno="61523">
<summary>
Do not audit attempts to send and receive pgpkeyserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pgpkeyserver_client_packets" lineno="61538">
<summary>
Relabel packets to pgpkeyserver_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pgpkeyserver_server_packets" lineno="61558">
<summary>
Send pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pgpkeyserver_server_packets" lineno="61577">
<summary>
Do not audit attempts to send pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pgpkeyserver_server_packets" lineno="61596">
<summary>
Receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pgpkeyserver_server_packets" lineno="61615">
<summary>
Do not audit attempts to receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pgpkeyserver_server_packets" lineno="61634">
<summary>
Send and receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pgpkeyserver_server_packets" lineno="61650">
<summary>
Do not audit attempts to send and receive pgpkeyserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pgpkeyserver_server_packets" lineno="61665">
<summary>
Relabel packets to pgpkeyserver_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pingd_port" lineno="61687">
<summary>
Send and receive TCP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pingd_port" lineno="61706">
<summary>
Send UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pingd_port" lineno="61725">
<summary>
Do not audit attempts to send UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pingd_port" lineno="61744">
<summary>
Receive UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pingd_port" lineno="61763">
<summary>
Do not audit attempts to receive UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pingd_port" lineno="61782">
<summary>
Send and receive UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pingd_port" lineno="61799">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pingd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pingd_port" lineno="61815">
<summary>
Bind TCP sockets to the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pingd_port" lineno="61835">
<summary>
Bind UDP sockets to the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pingd_port" lineno="61854">
<summary>
Make a TCP connection to the pingd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pingd_client_packets" lineno="61874">
<summary>
Send pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pingd_client_packets" lineno="61893">
<summary>
Do not audit attempts to send pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pingd_client_packets" lineno="61912">
<summary>
Receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pingd_client_packets" lineno="61931">
<summary>
Do not audit attempts to receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pingd_client_packets" lineno="61950">
<summary>
Send and receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pingd_client_packets" lineno="61966">
<summary>
Do not audit attempts to send and receive pingd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pingd_client_packets" lineno="61981">
<summary>
Relabel packets to pingd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pingd_server_packets" lineno="62001">
<summary>
Send pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pingd_server_packets" lineno="62020">
<summary>
Do not audit attempts to send pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pingd_server_packets" lineno="62039">
<summary>
Receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pingd_server_packets" lineno="62058">
<summary>
Do not audit attempts to receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pingd_server_packets" lineno="62077">
<summary>
Send and receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pingd_server_packets" lineno="62093">
<summary>
Do not audit attempts to send and receive pingd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pingd_server_packets" lineno="62108">
<summary>
Relabel packets to pingd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_piranha_port" lineno="62130">
<summary>
Send and receive TCP traffic on the piranha port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_piranha_port" lineno="62149">
<summary>
Send UDP traffic on the piranha port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_piranha_port" lineno="62168">
<summary>
Do not audit attempts to send UDP traffic on the piranha port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_piranha_port" lineno="62187">
<summary>
Receive UDP traffic on the piranha port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_piranha_port" lineno="62206">
<summary>
Do not audit attempts to receive UDP traffic on the piranha port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_piranha_port" lineno="62225">
<summary>
Send and receive UDP traffic on the piranha port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_piranha_port" lineno="62242">
<summary>
Do not audit attempts to send and receive
UDP traffic on the piranha port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_piranha_port" lineno="62258">
<summary>
Bind TCP sockets to the piranha port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_piranha_port" lineno="62278">
<summary>
Bind UDP sockets to the piranha port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_piranha_port" lineno="62297">
<summary>
Make a TCP connection to the piranha port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_piranha_client_packets" lineno="62317">
<summary>
Send piranha_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_piranha_client_packets" lineno="62336">
<summary>
Do not audit attempts to send piranha_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_piranha_client_packets" lineno="62355">
<summary>
Receive piranha_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_piranha_client_packets" lineno="62374">
<summary>
Do not audit attempts to receive piranha_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_piranha_client_packets" lineno="62393">
<summary>
Send and receive piranha_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_piranha_client_packets" lineno="62409">
<summary>
Do not audit attempts to send and receive piranha_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_piranha_client_packets" lineno="62424">
<summary>
Relabel packets to piranha_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_piranha_server_packets" lineno="62444">
<summary>
Send piranha_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_piranha_server_packets" lineno="62463">
<summary>
Do not audit attempts to send piranha_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_piranha_server_packets" lineno="62482">
<summary>
Receive piranha_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_piranha_server_packets" lineno="62501">
<summary>
Do not audit attempts to receive piranha_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_piranha_server_packets" lineno="62520">
<summary>
Send and receive piranha_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_piranha_server_packets" lineno="62536">
<summary>
Do not audit attempts to send and receive piranha_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_piranha_server_packets" lineno="62551">
<summary>
Relabel packets to piranha_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_ca_port" lineno="62573">
<summary>
Send and receive TCP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_ca_port" lineno="62592">
<summary>
Send UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_ca_port" lineno="62611">
<summary>
Do not audit attempts to send UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_ca_port" lineno="62630">
<summary>
Receive UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_ca_port" lineno="62649">
<summary>
Do not audit attempts to receive UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_ca_port" lineno="62668">
<summary>
Send and receive UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_ca_port" lineno="62685">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_ca_port" lineno="62701">
<summary>
Bind TCP sockets to the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_ca_port" lineno="62721">
<summary>
Bind UDP sockets to the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_ca_port" lineno="62740">
<summary>
Make a TCP connection to the pki_ca port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ca_client_packets" lineno="62760">
<summary>
Send pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ca_client_packets" lineno="62779">
<summary>
Do not audit attempts to send pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ca_client_packets" lineno="62798">
<summary>
Receive pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ca_client_packets" lineno="62817">
<summary>
Do not audit attempts to receive pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ca_client_packets" lineno="62836">
<summary>
Send and receive pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ca_client_packets" lineno="62852">
<summary>
Do not audit attempts to send and receive pki_ca_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ca_client_packets" lineno="62867">
<summary>
Relabel packets to pki_ca_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ca_server_packets" lineno="62887">
<summary>
Send pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ca_server_packets" lineno="62906">
<summary>
Do not audit attempts to send pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ca_server_packets" lineno="62925">
<summary>
Receive pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ca_server_packets" lineno="62944">
<summary>
Do not audit attempts to receive pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ca_server_packets" lineno="62963">
<summary>
Send and receive pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ca_server_packets" lineno="62979">
<summary>
Do not audit attempts to send and receive pki_ca_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ca_server_packets" lineno="62994">
<summary>
Relabel packets to pki_ca_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_kra_port" lineno="63016">
<summary>
Send and receive TCP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_kra_port" lineno="63035">
<summary>
Send UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_kra_port" lineno="63054">
<summary>
Do not audit attempts to send UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_kra_port" lineno="63073">
<summary>
Receive UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_kra_port" lineno="63092">
<summary>
Do not audit attempts to receive UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_kra_port" lineno="63111">
<summary>
Send and receive UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_kra_port" lineno="63128">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_kra_port" lineno="63144">
<summary>
Bind TCP sockets to the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_kra_port" lineno="63164">
<summary>
Bind UDP sockets to the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_kra_port" lineno="63183">
<summary>
Make a TCP connection to the pki_kra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_kra_client_packets" lineno="63203">
<summary>
Send pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_kra_client_packets" lineno="63222">
<summary>
Do not audit attempts to send pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_kra_client_packets" lineno="63241">
<summary>
Receive pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_kra_client_packets" lineno="63260">
<summary>
Do not audit attempts to receive pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_kra_client_packets" lineno="63279">
<summary>
Send and receive pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_kra_client_packets" lineno="63295">
<summary>
Do not audit attempts to send and receive pki_kra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_kra_client_packets" lineno="63310">
<summary>
Relabel packets to pki_kra_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_kra_server_packets" lineno="63330">
<summary>
Send pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_kra_server_packets" lineno="63349">
<summary>
Do not audit attempts to send pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_kra_server_packets" lineno="63368">
<summary>
Receive pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_kra_server_packets" lineno="63387">
<summary>
Do not audit attempts to receive pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_kra_server_packets" lineno="63406">
<summary>
Send and receive pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_kra_server_packets" lineno="63422">
<summary>
Do not audit attempts to send and receive pki_kra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_kra_server_packets" lineno="63437">
<summary>
Relabel packets to pki_kra_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_ocsp_port" lineno="63459">
<summary>
Send and receive TCP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_ocsp_port" lineno="63478">
<summary>
Send UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_ocsp_port" lineno="63497">
<summary>
Do not audit attempts to send UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_ocsp_port" lineno="63516">
<summary>
Receive UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_ocsp_port" lineno="63535">
<summary>
Do not audit attempts to receive UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_ocsp_port" lineno="63554">
<summary>
Send and receive UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_ocsp_port" lineno="63571">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_ocsp_port" lineno="63587">
<summary>
Bind TCP sockets to the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_ocsp_port" lineno="63607">
<summary>
Bind UDP sockets to the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_ocsp_port" lineno="63626">
<summary>
Make a TCP connection to the pki_ocsp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ocsp_client_packets" lineno="63646">
<summary>
Send pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ocsp_client_packets" lineno="63665">
<summary>
Do not audit attempts to send pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ocsp_client_packets" lineno="63684">
<summary>
Receive pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ocsp_client_packets" lineno="63703">
<summary>
Do not audit attempts to receive pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ocsp_client_packets" lineno="63722">
<summary>
Send and receive pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ocsp_client_packets" lineno="63738">
<summary>
Do not audit attempts to send and receive pki_ocsp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ocsp_client_packets" lineno="63753">
<summary>
Relabel packets to pki_ocsp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ocsp_server_packets" lineno="63773">
<summary>
Send pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ocsp_server_packets" lineno="63792">
<summary>
Do not audit attempts to send pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ocsp_server_packets" lineno="63811">
<summary>
Receive pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ocsp_server_packets" lineno="63830">
<summary>
Do not audit attempts to receive pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ocsp_server_packets" lineno="63849">
<summary>
Send and receive pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ocsp_server_packets" lineno="63865">
<summary>
Do not audit attempts to send and receive pki_ocsp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ocsp_server_packets" lineno="63880">
<summary>
Relabel packets to pki_ocsp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_tks_port" lineno="63902">
<summary>
Send and receive TCP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_tks_port" lineno="63921">
<summary>
Send UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_tks_port" lineno="63940">
<summary>
Do not audit attempts to send UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_tks_port" lineno="63959">
<summary>
Receive UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_tks_port" lineno="63978">
<summary>
Do not audit attempts to receive UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_tks_port" lineno="63997">
<summary>
Send and receive UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_tks_port" lineno="64014">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_tks_port" lineno="64030">
<summary>
Bind TCP sockets to the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_tks_port" lineno="64050">
<summary>
Bind UDP sockets to the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_tks_port" lineno="64069">
<summary>
Make a TCP connection to the pki_tks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_tks_client_packets" lineno="64089">
<summary>
Send pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_tks_client_packets" lineno="64108">
<summary>
Do not audit attempts to send pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_tks_client_packets" lineno="64127">
<summary>
Receive pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_tks_client_packets" lineno="64146">
<summary>
Do not audit attempts to receive pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_tks_client_packets" lineno="64165">
<summary>
Send and receive pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_tks_client_packets" lineno="64181">
<summary>
Do not audit attempts to send and receive pki_tks_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_tks_client_packets" lineno="64196">
<summary>
Relabel packets to pki_tks_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_tks_server_packets" lineno="64216">
<summary>
Send pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_tks_server_packets" lineno="64235">
<summary>
Do not audit attempts to send pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_tks_server_packets" lineno="64254">
<summary>
Receive pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_tks_server_packets" lineno="64273">
<summary>
Do not audit attempts to receive pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_tks_server_packets" lineno="64292">
<summary>
Send and receive pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_tks_server_packets" lineno="64308">
<summary>
Do not audit attempts to send and receive pki_tks_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_tks_server_packets" lineno="64323">
<summary>
Relabel packets to pki_tks_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_ra_port" lineno="64345">
<summary>
Send and receive TCP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_ra_port" lineno="64364">
<summary>
Send UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_ra_port" lineno="64383">
<summary>
Do not audit attempts to send UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_ra_port" lineno="64402">
<summary>
Receive UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_ra_port" lineno="64421">
<summary>
Do not audit attempts to receive UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_ra_port" lineno="64440">
<summary>
Send and receive UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_ra_port" lineno="64457">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_ra_port" lineno="64473">
<summary>
Bind TCP sockets to the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_ra_port" lineno="64493">
<summary>
Bind UDP sockets to the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_ra_port" lineno="64512">
<summary>
Make a TCP connection to the pki_ra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ra_client_packets" lineno="64532">
<summary>
Send pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ra_client_packets" lineno="64551">
<summary>
Do not audit attempts to send pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ra_client_packets" lineno="64570">
<summary>
Receive pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ra_client_packets" lineno="64589">
<summary>
Do not audit attempts to receive pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ra_client_packets" lineno="64608">
<summary>
Send and receive pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ra_client_packets" lineno="64624">
<summary>
Do not audit attempts to send and receive pki_ra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ra_client_packets" lineno="64639">
<summary>
Relabel packets to pki_ra_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_ra_server_packets" lineno="64659">
<summary>
Send pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_ra_server_packets" lineno="64678">
<summary>
Do not audit attempts to send pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_ra_server_packets" lineno="64697">
<summary>
Receive pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_ra_server_packets" lineno="64716">
<summary>
Do not audit attempts to receive pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_ra_server_packets" lineno="64735">
<summary>
Send and receive pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_ra_server_packets" lineno="64751">
<summary>
Do not audit attempts to send and receive pki_ra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_ra_server_packets" lineno="64766">
<summary>
Relabel packets to pki_ra_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pki_tps_port" lineno="64788">
<summary>
Send and receive TCP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pki_tps_port" lineno="64807">
<summary>
Send UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pki_tps_port" lineno="64826">
<summary>
Do not audit attempts to send UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pki_tps_port" lineno="64845">
<summary>
Receive UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pki_tps_port" lineno="64864">
<summary>
Do not audit attempts to receive UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pki_tps_port" lineno="64883">
<summary>
Send and receive UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pki_tps_port" lineno="64900">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pki_tps_port" lineno="64916">
<summary>
Bind TCP sockets to the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pki_tps_port" lineno="64936">
<summary>
Bind UDP sockets to the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pki_tps_port" lineno="64955">
<summary>
Make a TCP connection to the pki_tps port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_tps_client_packets" lineno="64975">
<summary>
Send pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_tps_client_packets" lineno="64994">
<summary>
Do not audit attempts to send pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_tps_client_packets" lineno="65013">
<summary>
Receive pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_tps_client_packets" lineno="65032">
<summary>
Do not audit attempts to receive pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_tps_client_packets" lineno="65051">
<summary>
Send and receive pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_tps_client_packets" lineno="65067">
<summary>
Do not audit attempts to send and receive pki_tps_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_tps_client_packets" lineno="65082">
<summary>
Relabel packets to pki_tps_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pki_tps_server_packets" lineno="65102">
<summary>
Send pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pki_tps_server_packets" lineno="65121">
<summary>
Do not audit attempts to send pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pki_tps_server_packets" lineno="65140">
<summary>
Receive pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pki_tps_server_packets" lineno="65159">
<summary>
Do not audit attempts to receive pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pki_tps_server_packets" lineno="65178">
<summary>
Send and receive pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pki_tps_server_packets" lineno="65194">
<summary>
Do not audit attempts to send and receive pki_tps_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pki_tps_server_packets" lineno="65209">
<summary>
Relabel packets to pki_tps_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pop_port" lineno="65231">
<summary>
Send and receive TCP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pop_port" lineno="65250">
<summary>
Send UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pop_port" lineno="65269">
<summary>
Do not audit attempts to send UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pop_port" lineno="65288">
<summary>
Receive UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pop_port" lineno="65307">
<summary>
Do not audit attempts to receive UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pop_port" lineno="65326">
<summary>
Send and receive UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pop_port" lineno="65343">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pop port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pop_port" lineno="65359">
<summary>
Bind TCP sockets to the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pop_port" lineno="65379">
<summary>
Bind UDP sockets to the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pop_port" lineno="65398">
<summary>
Make a TCP connection to the pop port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pop_client_packets" lineno="65418">
<summary>
Send pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pop_client_packets" lineno="65437">
<summary>
Do not audit attempts to send pop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pop_client_packets" lineno="65456">
<summary>
Receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pop_client_packets" lineno="65475">
<summary>
Do not audit attempts to receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pop_client_packets" lineno="65494">
<summary>
Send and receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pop_client_packets" lineno="65510">
<summary>
Do not audit attempts to send and receive pop_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pop_client_packets" lineno="65525">
<summary>
Relabel packets to pop_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pop_server_packets" lineno="65545">
<summary>
Send pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pop_server_packets" lineno="65564">
<summary>
Do not audit attempts to send pop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pop_server_packets" lineno="65583">
<summary>
Receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pop_server_packets" lineno="65602">
<summary>
Do not audit attempts to receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pop_server_packets" lineno="65621">
<summary>
Send and receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pop_server_packets" lineno="65637">
<summary>
Do not audit attempts to send and receive pop_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pop_server_packets" lineno="65652">
<summary>
Relabel packets to pop_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_portmap_port" lineno="65674">
<summary>
Send and receive TCP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_portmap_port" lineno="65693">
<summary>
Send UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_portmap_port" lineno="65712">
<summary>
Do not audit attempts to send UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_portmap_port" lineno="65731">
<summary>
Receive UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_portmap_port" lineno="65750">
<summary>
Do not audit attempts to receive UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_portmap_port" lineno="65769">
<summary>
Send and receive UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_portmap_port" lineno="65786">
<summary>
Do not audit attempts to send and receive
UDP traffic on the portmap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_portmap_port" lineno="65802">
<summary>
Bind TCP sockets to the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_portmap_port" lineno="65822">
<summary>
Bind UDP sockets to the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_portmap_port" lineno="65841">
<summary>
Make a TCP connection to the portmap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_portmap_client_packets" lineno="65861">
<summary>
Send portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_portmap_client_packets" lineno="65880">
<summary>
Do not audit attempts to send portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_portmap_client_packets" lineno="65899">
<summary>
Receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_portmap_client_packets" lineno="65918">
<summary>
Do not audit attempts to receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_portmap_client_packets" lineno="65937">
<summary>
Send and receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_portmap_client_packets" lineno="65953">
<summary>
Do not audit attempts to send and receive portmap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_portmap_client_packets" lineno="65968">
<summary>
Relabel packets to portmap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_portmap_server_packets" lineno="65988">
<summary>
Send portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_portmap_server_packets" lineno="66007">
<summary>
Do not audit attempts to send portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_portmap_server_packets" lineno="66026">
<summary>
Receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_portmap_server_packets" lineno="66045">
<summary>
Do not audit attempts to receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_portmap_server_packets" lineno="66064">
<summary>
Send and receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_portmap_server_packets" lineno="66080">
<summary>
Do not audit attempts to send and receive portmap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_portmap_server_packets" lineno="66095">
<summary>
Relabel packets to portmap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_postfix_policyd_port" lineno="66117">
<summary>
Send and receive TCP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_postfix_policyd_port" lineno="66136">
<summary>
Send UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_postfix_policyd_port" lineno="66155">
<summary>
Do not audit attempts to send UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_postfix_policyd_port" lineno="66174">
<summary>
Receive UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_postfix_policyd_port" lineno="66193">
<summary>
Do not audit attempts to receive UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_postfix_policyd_port" lineno="66212">
<summary>
Send and receive UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_postfix_policyd_port" lineno="66229">
<summary>
Do not audit attempts to send and receive
UDP traffic on the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_postfix_policyd_port" lineno="66245">
<summary>
Bind TCP sockets to the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_postfix_policyd_port" lineno="66265">
<summary>
Bind UDP sockets to the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_postfix_policyd_port" lineno="66284">
<summary>
Make a TCP connection to the postfix_policyd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postfix_policyd_client_packets" lineno="66304">
<summary>
Send postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postfix_policyd_client_packets" lineno="66323">
<summary>
Do not audit attempts to send postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postfix_policyd_client_packets" lineno="66342">
<summary>
Receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postfix_policyd_client_packets" lineno="66361">
<summary>
Do not audit attempts to receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postfix_policyd_client_packets" lineno="66380">
<summary>
Send and receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postfix_policyd_client_packets" lineno="66396">
<summary>
Do not audit attempts to send and receive postfix_policyd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postfix_policyd_client_packets" lineno="66411">
<summary>
Relabel packets to postfix_policyd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postfix_policyd_server_packets" lineno="66431">
<summary>
Send postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postfix_policyd_server_packets" lineno="66450">
<summary>
Do not audit attempts to send postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postfix_policyd_server_packets" lineno="66469">
<summary>
Receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postfix_policyd_server_packets" lineno="66488">
<summary>
Do not audit attempts to receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postfix_policyd_server_packets" lineno="66507">
<summary>
Send and receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postfix_policyd_server_packets" lineno="66523">
<summary>
Do not audit attempts to send and receive postfix_policyd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postfix_policyd_server_packets" lineno="66538">
<summary>
Relabel packets to postfix_policyd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_postgresql_port" lineno="66560">
<summary>
Send and receive TCP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_postgresql_port" lineno="66579">
<summary>
Send UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_postgresql_port" lineno="66598">
<summary>
Do not audit attempts to send UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_postgresql_port" lineno="66617">
<summary>
Receive UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_postgresql_port" lineno="66636">
<summary>
Do not audit attempts to receive UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_postgresql_port" lineno="66655">
<summary>
Send and receive UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_postgresql_port" lineno="66672">
<summary>
Do not audit attempts to send and receive
UDP traffic on the postgresql port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_postgresql_port" lineno="66688">
<summary>
Bind TCP sockets to the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_postgresql_port" lineno="66708">
<summary>
Bind UDP sockets to the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_postgresql_port" lineno="66727">
<summary>
Make a TCP connection to the postgresql port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgresql_client_packets" lineno="66747">
<summary>
Send postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgresql_client_packets" lineno="66766">
<summary>
Do not audit attempts to send postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgresql_client_packets" lineno="66785">
<summary>
Receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgresql_client_packets" lineno="66804">
<summary>
Do not audit attempts to receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgresql_client_packets" lineno="66823">
<summary>
Send and receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgresql_client_packets" lineno="66839">
<summary>
Do not audit attempts to send and receive postgresql_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgresql_client_packets" lineno="66854">
<summary>
Relabel packets to postgresql_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgresql_server_packets" lineno="66874">
<summary>
Send postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgresql_server_packets" lineno="66893">
<summary>
Do not audit attempts to send postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgresql_server_packets" lineno="66912">
<summary>
Receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgresql_server_packets" lineno="66931">
<summary>
Do not audit attempts to receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgresql_server_packets" lineno="66950">
<summary>
Send and receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgresql_server_packets" lineno="66966">
<summary>
Do not audit attempts to send and receive postgresql_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgresql_server_packets" lineno="66981">
<summary>
Relabel packets to postgresql_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_postgrey_port" lineno="67003">
<summary>
Send and receive TCP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_postgrey_port" lineno="67022">
<summary>
Send UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_postgrey_port" lineno="67041">
<summary>
Do not audit attempts to send UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_postgrey_port" lineno="67060">
<summary>
Receive UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_postgrey_port" lineno="67079">
<summary>
Do not audit attempts to receive UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_postgrey_port" lineno="67098">
<summary>
Send and receive UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_postgrey_port" lineno="67115">
<summary>
Do not audit attempts to send and receive
UDP traffic on the postgrey port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_postgrey_port" lineno="67131">
<summary>
Bind TCP sockets to the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_postgrey_port" lineno="67151">
<summary>
Bind UDP sockets to the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_postgrey_port" lineno="67170">
<summary>
Make a TCP connection to the postgrey port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgrey_client_packets" lineno="67190">
<summary>
Send postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgrey_client_packets" lineno="67209">
<summary>
Do not audit attempts to send postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgrey_client_packets" lineno="67228">
<summary>
Receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgrey_client_packets" lineno="67247">
<summary>
Do not audit attempts to receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgrey_client_packets" lineno="67266">
<summary>
Send and receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgrey_client_packets" lineno="67282">
<summary>
Do not audit attempts to send and receive postgrey_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgrey_client_packets" lineno="67297">
<summary>
Relabel packets to postgrey_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_postgrey_server_packets" lineno="67317">
<summary>
Send postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_postgrey_server_packets" lineno="67336">
<summary>
Do not audit attempts to send postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_postgrey_server_packets" lineno="67355">
<summary>
Receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_postgrey_server_packets" lineno="67374">
<summary>
Do not audit attempts to receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_postgrey_server_packets" lineno="67393">
<summary>
Send and receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_postgrey_server_packets" lineno="67409">
<summary>
Do not audit attempts to send and receive postgrey_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_postgrey_server_packets" lineno="67424">
<summary>
Relabel packets to postgrey_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_prelude_port" lineno="67446">
<summary>
Send and receive TCP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_prelude_port" lineno="67465">
<summary>
Send UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_prelude_port" lineno="67484">
<summary>
Do not audit attempts to send UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_prelude_port" lineno="67503">
<summary>
Receive UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_prelude_port" lineno="67522">
<summary>
Do not audit attempts to receive UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_prelude_port" lineno="67541">
<summary>
Send and receive UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_prelude_port" lineno="67558">
<summary>
Do not audit attempts to send and receive
UDP traffic on the prelude port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_prelude_port" lineno="67574">
<summary>
Bind TCP sockets to the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_prelude_port" lineno="67594">
<summary>
Bind UDP sockets to the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_prelude_port" lineno="67613">
<summary>
Make a TCP connection to the prelude port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_prelude_client_packets" lineno="67633">
<summary>
Send prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_prelude_client_packets" lineno="67652">
<summary>
Do not audit attempts to send prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_prelude_client_packets" lineno="67671">
<summary>
Receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_prelude_client_packets" lineno="67690">
<summary>
Do not audit attempts to receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_prelude_client_packets" lineno="67709">
<summary>
Send and receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_prelude_client_packets" lineno="67725">
<summary>
Do not audit attempts to send and receive prelude_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_prelude_client_packets" lineno="67740">
<summary>
Relabel packets to prelude_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_prelude_server_packets" lineno="67760">
<summary>
Send prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_prelude_server_packets" lineno="67779">
<summary>
Do not audit attempts to send prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_prelude_server_packets" lineno="67798">
<summary>
Receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_prelude_server_packets" lineno="67817">
<summary>
Do not audit attempts to receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_prelude_server_packets" lineno="67836">
<summary>
Send and receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_prelude_server_packets" lineno="67852">
<summary>
Do not audit attempts to send and receive prelude_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_prelude_server_packets" lineno="67867">
<summary>
Relabel packets to prelude_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_presence_port" lineno="67889">
<summary>
Send and receive TCP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_presence_port" lineno="67908">
<summary>
Send UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_presence_port" lineno="67927">
<summary>
Do not audit attempts to send UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_presence_port" lineno="67946">
<summary>
Receive UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_presence_port" lineno="67965">
<summary>
Do not audit attempts to receive UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_presence_port" lineno="67984">
<summary>
Send and receive UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_presence_port" lineno="68001">
<summary>
Do not audit attempts to send and receive
UDP traffic on the presence port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_presence_port" lineno="68017">
<summary>
Bind TCP sockets to the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_presence_port" lineno="68037">
<summary>
Bind UDP sockets to the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_presence_port" lineno="68056">
<summary>
Make a TCP connection to the presence port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_presence_client_packets" lineno="68076">
<summary>
Send presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_presence_client_packets" lineno="68095">
<summary>
Do not audit attempts to send presence_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_presence_client_packets" lineno="68114">
<summary>
Receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_presence_client_packets" lineno="68133">
<summary>
Do not audit attempts to receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_presence_client_packets" lineno="68152">
<summary>
Send and receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_presence_client_packets" lineno="68168">
<summary>
Do not audit attempts to send and receive presence_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_presence_client_packets" lineno="68183">
<summary>
Relabel packets to presence_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_presence_server_packets" lineno="68203">
<summary>
Send presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_presence_server_packets" lineno="68222">
<summary>
Do not audit attempts to send presence_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_presence_server_packets" lineno="68241">
<summary>
Receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_presence_server_packets" lineno="68260">
<summary>
Do not audit attempts to receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_presence_server_packets" lineno="68279">
<summary>
Send and receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_presence_server_packets" lineno="68295">
<summary>
Do not audit attempts to send and receive presence_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_presence_server_packets" lineno="68310">
<summary>
Relabel packets to presence_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_preupgrade_port" lineno="68332">
<summary>
Send and receive TCP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_preupgrade_port" lineno="68351">
<summary>
Send UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_preupgrade_port" lineno="68370">
<summary>
Do not audit attempts to send UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_preupgrade_port" lineno="68389">
<summary>
Receive UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_preupgrade_port" lineno="68408">
<summary>
Do not audit attempts to receive UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_preupgrade_port" lineno="68427">
<summary>
Send and receive UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_preupgrade_port" lineno="68444">
<summary>
Do not audit attempts to send and receive
UDP traffic on the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_preupgrade_port" lineno="68460">
<summary>
Bind TCP sockets to the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_preupgrade_port" lineno="68480">
<summary>
Bind UDP sockets to the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_preupgrade_port" lineno="68499">
<summary>
Make a TCP connection to the preupgrade port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_preupgrade_client_packets" lineno="68519">
<summary>
Send preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_preupgrade_client_packets" lineno="68538">
<summary>
Do not audit attempts to send preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_preupgrade_client_packets" lineno="68557">
<summary>
Receive preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_preupgrade_client_packets" lineno="68576">
<summary>
Do not audit attempts to receive preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_preupgrade_client_packets" lineno="68595">
<summary>
Send and receive preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_preupgrade_client_packets" lineno="68611">
<summary>
Do not audit attempts to send and receive preupgrade_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_preupgrade_client_packets" lineno="68626">
<summary>
Relabel packets to preupgrade_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_preupgrade_server_packets" lineno="68646">
<summary>
Send preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_preupgrade_server_packets" lineno="68665">
<summary>
Do not audit attempts to send preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_preupgrade_server_packets" lineno="68684">
<summary>
Receive preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_preupgrade_server_packets" lineno="68703">
<summary>
Do not audit attempts to receive preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_preupgrade_server_packets" lineno="68722">
<summary>
Send and receive preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_preupgrade_server_packets" lineno="68738">
<summary>
Do not audit attempts to send and receive preupgrade_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_preupgrade_server_packets" lineno="68753">
<summary>
Relabel packets to preupgrade_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_printer_port" lineno="68775">
<summary>
Send and receive TCP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_printer_port" lineno="68794">
<summary>
Send UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_printer_port" lineno="68813">
<summary>
Do not audit attempts to send UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_printer_port" lineno="68832">
<summary>
Receive UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_printer_port" lineno="68851">
<summary>
Do not audit attempts to receive UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_printer_port" lineno="68870">
<summary>
Send and receive UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_printer_port" lineno="68887">
<summary>
Do not audit attempts to send and receive
UDP traffic on the printer port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_printer_port" lineno="68903">
<summary>
Bind TCP sockets to the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_printer_port" lineno="68923">
<summary>
Bind UDP sockets to the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_printer_port" lineno="68942">
<summary>
Make a TCP connection to the printer port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_printer_client_packets" lineno="68962">
<summary>
Send printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_printer_client_packets" lineno="68981">
<summary>
Do not audit attempts to send printer_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_printer_client_packets" lineno="69000">
<summary>
Receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_printer_client_packets" lineno="69019">
<summary>
Do not audit attempts to receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_printer_client_packets" lineno="69038">
<summary>
Send and receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_printer_client_packets" lineno="69054">
<summary>
Do not audit attempts to send and receive printer_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_printer_client_packets" lineno="69069">
<summary>
Relabel packets to printer_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_printer_server_packets" lineno="69089">
<summary>
Send printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_printer_server_packets" lineno="69108">
<summary>
Do not audit attempts to send printer_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_printer_server_packets" lineno="69127">
<summary>
Receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_printer_server_packets" lineno="69146">
<summary>
Do not audit attempts to receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_printer_server_packets" lineno="69165">
<summary>
Send and receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_printer_server_packets" lineno="69181">
<summary>
Do not audit attempts to send and receive printer_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_printer_server_packets" lineno="69196">
<summary>
Relabel packets to printer_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ptal_port" lineno="69218">
<summary>
Send and receive TCP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ptal_port" lineno="69237">
<summary>
Send UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ptal_port" lineno="69256">
<summary>
Do not audit attempts to send UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ptal_port" lineno="69275">
<summary>
Receive UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ptal_port" lineno="69294">
<summary>
Do not audit attempts to receive UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ptal_port" lineno="69313">
<summary>
Send and receive UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ptal_port" lineno="69330">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ptal port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ptal_port" lineno="69346">
<summary>
Bind TCP sockets to the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ptal_port" lineno="69366">
<summary>
Bind UDP sockets to the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ptal_port" lineno="69385">
<summary>
Make a TCP connection to the ptal port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ptal_client_packets" lineno="69405">
<summary>
Send ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ptal_client_packets" lineno="69424">
<summary>
Do not audit attempts to send ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ptal_client_packets" lineno="69443">
<summary>
Receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ptal_client_packets" lineno="69462">
<summary>
Do not audit attempts to receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ptal_client_packets" lineno="69481">
<summary>
Send and receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ptal_client_packets" lineno="69497">
<summary>
Do not audit attempts to send and receive ptal_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ptal_client_packets" lineno="69512">
<summary>
Relabel packets to ptal_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ptal_server_packets" lineno="69532">
<summary>
Send ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ptal_server_packets" lineno="69551">
<summary>
Do not audit attempts to send ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ptal_server_packets" lineno="69570">
<summary>
Receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ptal_server_packets" lineno="69589">
<summary>
Do not audit attempts to receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ptal_server_packets" lineno="69608">
<summary>
Send and receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ptal_server_packets" lineno="69624">
<summary>
Do not audit attempts to send and receive ptal_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ptal_server_packets" lineno="69639">
<summary>
Relabel packets to ptal_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pulseaudio_port" lineno="69661">
<summary>
Send and receive TCP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pulseaudio_port" lineno="69680">
<summary>
Send UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pulseaudio_port" lineno="69699">
<summary>
Do not audit attempts to send UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pulseaudio_port" lineno="69718">
<summary>
Receive UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pulseaudio_port" lineno="69737">
<summary>
Do not audit attempts to receive UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pulseaudio_port" lineno="69756">
<summary>
Send and receive UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pulseaudio_port" lineno="69773">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pulseaudio_port" lineno="69789">
<summary>
Bind TCP sockets to the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pulseaudio_port" lineno="69809">
<summary>
Bind UDP sockets to the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pulseaudio_port" lineno="69828">
<summary>
Make a TCP connection to the pulseaudio port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pulseaudio_client_packets" lineno="69848">
<summary>
Send pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pulseaudio_client_packets" lineno="69867">
<summary>
Do not audit attempts to send pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pulseaudio_client_packets" lineno="69886">
<summary>
Receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pulseaudio_client_packets" lineno="69905">
<summary>
Do not audit attempts to receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pulseaudio_client_packets" lineno="69924">
<summary>
Send and receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pulseaudio_client_packets" lineno="69940">
<summary>
Do not audit attempts to send and receive pulseaudio_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pulseaudio_client_packets" lineno="69955">
<summary>
Relabel packets to pulseaudio_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pulseaudio_server_packets" lineno="69975">
<summary>
Send pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pulseaudio_server_packets" lineno="69994">
<summary>
Do not audit attempts to send pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pulseaudio_server_packets" lineno="70013">
<summary>
Receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pulseaudio_server_packets" lineno="70032">
<summary>
Do not audit attempts to receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pulseaudio_server_packets" lineno="70051">
<summary>
Send and receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pulseaudio_server_packets" lineno="70067">
<summary>
Do not audit attempts to send and receive pulseaudio_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pulseaudio_server_packets" lineno="70082">
<summary>
Relabel packets to pulseaudio_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_puppet_port" lineno="70104">
<summary>
Send and receive TCP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_puppet_port" lineno="70123">
<summary>
Send UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_puppet_port" lineno="70142">
<summary>
Do not audit attempts to send UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_puppet_port" lineno="70161">
<summary>
Receive UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_puppet_port" lineno="70180">
<summary>
Do not audit attempts to receive UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_puppet_port" lineno="70199">
<summary>
Send and receive UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_puppet_port" lineno="70216">
<summary>
Do not audit attempts to send and receive
UDP traffic on the puppet port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_puppet_port" lineno="70232">
<summary>
Bind TCP sockets to the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_puppet_port" lineno="70252">
<summary>
Bind UDP sockets to the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_puppet_port" lineno="70271">
<summary>
Make a TCP connection to the puppet port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_puppet_client_packets" lineno="70291">
<summary>
Send puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_puppet_client_packets" lineno="70310">
<summary>
Do not audit attempts to send puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_puppet_client_packets" lineno="70329">
<summary>
Receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_puppet_client_packets" lineno="70348">
<summary>
Do not audit attempts to receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_puppet_client_packets" lineno="70367">
<summary>
Send and receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_puppet_client_packets" lineno="70383">
<summary>
Do not audit attempts to send and receive puppet_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_puppet_client_packets" lineno="70398">
<summary>
Relabel packets to puppet_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_puppet_server_packets" lineno="70418">
<summary>
Send puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_puppet_server_packets" lineno="70437">
<summary>
Do not audit attempts to send puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_puppet_server_packets" lineno="70456">
<summary>
Receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_puppet_server_packets" lineno="70475">
<summary>
Do not audit attempts to receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_puppet_server_packets" lineno="70494">
<summary>
Send and receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_puppet_server_packets" lineno="70510">
<summary>
Do not audit attempts to send and receive puppet_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_puppet_server_packets" lineno="70525">
<summary>
Relabel packets to puppet_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pxe_port" lineno="70547">
<summary>
Send and receive TCP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pxe_port" lineno="70566">
<summary>
Send UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pxe_port" lineno="70585">
<summary>
Do not audit attempts to send UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pxe_port" lineno="70604">
<summary>
Receive UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pxe_port" lineno="70623">
<summary>
Do not audit attempts to receive UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pxe_port" lineno="70642">
<summary>
Send and receive UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pxe_port" lineno="70659">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pxe port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pxe_port" lineno="70675">
<summary>
Bind TCP sockets to the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pxe_port" lineno="70695">
<summary>
Bind UDP sockets to the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pxe_port" lineno="70714">
<summary>
Make a TCP connection to the pxe port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pxe_client_packets" lineno="70734">
<summary>
Send pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pxe_client_packets" lineno="70753">
<summary>
Do not audit attempts to send pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pxe_client_packets" lineno="70772">
<summary>
Receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pxe_client_packets" lineno="70791">
<summary>
Do not audit attempts to receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pxe_client_packets" lineno="70810">
<summary>
Send and receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pxe_client_packets" lineno="70826">
<summary>
Do not audit attempts to send and receive pxe_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pxe_client_packets" lineno="70841">
<summary>
Relabel packets to pxe_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pxe_server_packets" lineno="70861">
<summary>
Send pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pxe_server_packets" lineno="70880">
<summary>
Do not audit attempts to send pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pxe_server_packets" lineno="70899">
<summary>
Receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pxe_server_packets" lineno="70918">
<summary>
Do not audit attempts to receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pxe_server_packets" lineno="70937">
<summary>
Send and receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pxe_server_packets" lineno="70953">
<summary>
Do not audit attempts to send and receive pxe_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pxe_server_packets" lineno="70968">
<summary>
Relabel packets to pxe_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_pyzor_port" lineno="70990">
<summary>
Send and receive TCP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_pyzor_port" lineno="71009">
<summary>
Send UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_pyzor_port" lineno="71028">
<summary>
Do not audit attempts to send UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_pyzor_port" lineno="71047">
<summary>
Receive UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_pyzor_port" lineno="71066">
<summary>
Do not audit attempts to receive UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_pyzor_port" lineno="71085">
<summary>
Send and receive UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_pyzor_port" lineno="71102">
<summary>
Do not audit attempts to send and receive
UDP traffic on the pyzor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_pyzor_port" lineno="71118">
<summary>
Bind TCP sockets to the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_pyzor_port" lineno="71138">
<summary>
Bind UDP sockets to the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_pyzor_port" lineno="71157">
<summary>
Make a TCP connection to the pyzor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pyzor_client_packets" lineno="71177">
<summary>
Send pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pyzor_client_packets" lineno="71196">
<summary>
Do not audit attempts to send pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pyzor_client_packets" lineno="71215">
<summary>
Receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pyzor_client_packets" lineno="71234">
<summary>
Do not audit attempts to receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pyzor_client_packets" lineno="71253">
<summary>
Send and receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pyzor_client_packets" lineno="71269">
<summary>
Do not audit attempts to send and receive pyzor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pyzor_client_packets" lineno="71284">
<summary>
Relabel packets to pyzor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_pyzor_server_packets" lineno="71304">
<summary>
Send pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_pyzor_server_packets" lineno="71323">
<summary>
Do not audit attempts to send pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_pyzor_server_packets" lineno="71342">
<summary>
Receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_pyzor_server_packets" lineno="71361">
<summary>
Do not audit attempts to receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_pyzor_server_packets" lineno="71380">
<summary>
Send and receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_pyzor_server_packets" lineno="71396">
<summary>
Do not audit attempts to send and receive pyzor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_pyzor_server_packets" lineno="71411">
<summary>
Relabel packets to pyzor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_neutron_port" lineno="71433">
<summary>
Send and receive TCP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_neutron_port" lineno="71452">
<summary>
Send UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_neutron_port" lineno="71471">
<summary>
Do not audit attempts to send UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_neutron_port" lineno="71490">
<summary>
Receive UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_neutron_port" lineno="71509">
<summary>
Do not audit attempts to receive UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_neutron_port" lineno="71528">
<summary>
Send and receive UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_neutron_port" lineno="71545">
<summary>
Do not audit attempts to send and receive
UDP traffic on the neutron port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_neutron_port" lineno="71561">
<summary>
Bind TCP sockets to the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_neutron_port" lineno="71581">
<summary>
Bind UDP sockets to the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_neutron_port" lineno="71600">
<summary>
Make a TCP connection to the neutron port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_neutron_client_packets" lineno="71620">
<summary>
Send neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_neutron_client_packets" lineno="71639">
<summary>
Do not audit attempts to send neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_neutron_client_packets" lineno="71658">
<summary>
Receive neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_neutron_client_packets" lineno="71677">
<summary>
Do not audit attempts to receive neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_neutron_client_packets" lineno="71696">
<summary>
Send and receive neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_neutron_client_packets" lineno="71712">
<summary>
Do not audit attempts to send and receive neutron_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_neutron_client_packets" lineno="71727">
<summary>
Relabel packets to neutron_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_neutron_server_packets" lineno="71747">
<summary>
Send neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_neutron_server_packets" lineno="71766">
<summary>
Do not audit attempts to send neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_neutron_server_packets" lineno="71785">
<summary>
Receive neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_neutron_server_packets" lineno="71804">
<summary>
Do not audit attempts to receive neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_neutron_server_packets" lineno="71823">
<summary>
Send and receive neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_neutron_server_packets" lineno="71839">
<summary>
Do not audit attempts to send and receive neutron_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_neutron_server_packets" lineno="71854">
<summary>
Relabel packets to neutron_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_radacct_port" lineno="71876">
<summary>
Send and receive TCP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_radacct_port" lineno="71895">
<summary>
Send UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_radacct_port" lineno="71914">
<summary>
Do not audit attempts to send UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_radacct_port" lineno="71933">
<summary>
Receive UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_radacct_port" lineno="71952">
<summary>
Do not audit attempts to receive UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_radacct_port" lineno="71971">
<summary>
Send and receive UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_radacct_port" lineno="71988">
<summary>
Do not audit attempts to send and receive
UDP traffic on the radacct port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_radacct_port" lineno="72004">
<summary>
Bind TCP sockets to the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_radacct_port" lineno="72024">
<summary>
Bind UDP sockets to the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_radacct_port" lineno="72043">
<summary>
Make a TCP connection to the radacct port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radacct_client_packets" lineno="72063">
<summary>
Send radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radacct_client_packets" lineno="72082">
<summary>
Do not audit attempts to send radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radacct_client_packets" lineno="72101">
<summary>
Receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radacct_client_packets" lineno="72120">
<summary>
Do not audit attempts to receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radacct_client_packets" lineno="72139">
<summary>
Send and receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radacct_client_packets" lineno="72155">
<summary>
Do not audit attempts to send and receive radacct_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radacct_client_packets" lineno="72170">
<summary>
Relabel packets to radacct_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radacct_server_packets" lineno="72190">
<summary>
Send radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radacct_server_packets" lineno="72209">
<summary>
Do not audit attempts to send radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radacct_server_packets" lineno="72228">
<summary>
Receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radacct_server_packets" lineno="72247">
<summary>
Do not audit attempts to receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radacct_server_packets" lineno="72266">
<summary>
Send and receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radacct_server_packets" lineno="72282">
<summary>
Do not audit attempts to send and receive radacct_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radacct_server_packets" lineno="72297">
<summary>
Relabel packets to radacct_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_radius_port" lineno="72319">
<summary>
Send and receive TCP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_radius_port" lineno="72338">
<summary>
Send UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_radius_port" lineno="72357">
<summary>
Do not audit attempts to send UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_radius_port" lineno="72376">
<summary>
Receive UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_radius_port" lineno="72395">
<summary>
Do not audit attempts to receive UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_radius_port" lineno="72414">
<summary>
Send and receive UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_radius_port" lineno="72431">
<summary>
Do not audit attempts to send and receive
UDP traffic on the radius port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_radius_port" lineno="72447">
<summary>
Bind TCP sockets to the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_radius_port" lineno="72467">
<summary>
Bind UDP sockets to the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_radius_port" lineno="72486">
<summary>
Make a TCP connection to the radius port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radius_client_packets" lineno="72506">
<summary>
Send radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radius_client_packets" lineno="72525">
<summary>
Do not audit attempts to send radius_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radius_client_packets" lineno="72544">
<summary>
Receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radius_client_packets" lineno="72563">
<summary>
Do not audit attempts to receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radius_client_packets" lineno="72582">
<summary>
Send and receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radius_client_packets" lineno="72598">
<summary>
Do not audit attempts to send and receive radius_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radius_client_packets" lineno="72613">
<summary>
Relabel packets to radius_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radius_server_packets" lineno="72633">
<summary>
Send radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radius_server_packets" lineno="72652">
<summary>
Do not audit attempts to send radius_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radius_server_packets" lineno="72671">
<summary>
Receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radius_server_packets" lineno="72690">
<summary>
Do not audit attempts to receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radius_server_packets" lineno="72709">
<summary>
Send and receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radius_server_packets" lineno="72725">
<summary>
Do not audit attempts to send and receive radius_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radius_server_packets" lineno="72740">
<summary>
Relabel packets to radius_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_radsec_port" lineno="72762">
<summary>
Send and receive TCP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_radsec_port" lineno="72781">
<summary>
Send UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_radsec_port" lineno="72800">
<summary>
Do not audit attempts to send UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_radsec_port" lineno="72819">
<summary>
Receive UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_radsec_port" lineno="72838">
<summary>
Do not audit attempts to receive UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_radsec_port" lineno="72857">
<summary>
Send and receive UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_radsec_port" lineno="72874">
<summary>
Do not audit attempts to send and receive
UDP traffic on the radsec port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_radsec_port" lineno="72890">
<summary>
Bind TCP sockets to the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_radsec_port" lineno="72910">
<summary>
Bind UDP sockets to the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_radsec_port" lineno="72929">
<summary>
Make a TCP connection to the radsec port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radsec_client_packets" lineno="72949">
<summary>
Send radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radsec_client_packets" lineno="72968">
<summary>
Do not audit attempts to send radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radsec_client_packets" lineno="72987">
<summary>
Receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radsec_client_packets" lineno="73006">
<summary>
Do not audit attempts to receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radsec_client_packets" lineno="73025">
<summary>
Send and receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radsec_client_packets" lineno="73041">
<summary>
Do not audit attempts to send and receive radsec_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radsec_client_packets" lineno="73056">
<summary>
Relabel packets to radsec_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_radsec_server_packets" lineno="73076">
<summary>
Send radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_radsec_server_packets" lineno="73095">
<summary>
Do not audit attempts to send radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_radsec_server_packets" lineno="73114">
<summary>
Receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_radsec_server_packets" lineno="73133">
<summary>
Do not audit attempts to receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_radsec_server_packets" lineno="73152">
<summary>
Send and receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_radsec_server_packets" lineno="73168">
<summary>
Do not audit attempts to send and receive radsec_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_radsec_server_packets" lineno="73183">
<summary>
Relabel packets to radsec_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_razor_port" lineno="73205">
<summary>
Send and receive TCP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_razor_port" lineno="73224">
<summary>
Send UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_razor_port" lineno="73243">
<summary>
Do not audit attempts to send UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_razor_port" lineno="73262">
<summary>
Receive UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_razor_port" lineno="73281">
<summary>
Do not audit attempts to receive UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_razor_port" lineno="73300">
<summary>
Send and receive UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_razor_port" lineno="73317">
<summary>
Do not audit attempts to send and receive
UDP traffic on the razor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_razor_port" lineno="73333">
<summary>
Bind TCP sockets to the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_razor_port" lineno="73353">
<summary>
Bind UDP sockets to the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_razor_port" lineno="73372">
<summary>
Make a TCP connection to the razor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_razor_client_packets" lineno="73392">
<summary>
Send razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_razor_client_packets" lineno="73411">
<summary>
Do not audit attempts to send razor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_razor_client_packets" lineno="73430">
<summary>
Receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_razor_client_packets" lineno="73449">
<summary>
Do not audit attempts to receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_razor_client_packets" lineno="73468">
<summary>
Send and receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_razor_client_packets" lineno="73484">
<summary>
Do not audit attempts to send and receive razor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_razor_client_packets" lineno="73499">
<summary>
Relabel packets to razor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_razor_server_packets" lineno="73519">
<summary>
Send razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_razor_server_packets" lineno="73538">
<summary>
Do not audit attempts to send razor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_razor_server_packets" lineno="73557">
<summary>
Receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_razor_server_packets" lineno="73576">
<summary>
Do not audit attempts to receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_razor_server_packets" lineno="73595">
<summary>
Send and receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_razor_server_packets" lineno="73611">
<summary>
Do not audit attempts to send and receive razor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_razor_server_packets" lineno="73626">
<summary>
Relabel packets to razor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_repository_port" lineno="73648">
<summary>
Send and receive TCP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_repository_port" lineno="73667">
<summary>
Send UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_repository_port" lineno="73686">
<summary>
Do not audit attempts to send UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_repository_port" lineno="73705">
<summary>
Receive UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_repository_port" lineno="73724">
<summary>
Do not audit attempts to receive UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_repository_port" lineno="73743">
<summary>
Send and receive UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_repository_port" lineno="73760">
<summary>
Do not audit attempts to send and receive
UDP traffic on the repository port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_repository_port" lineno="73776">
<summary>
Bind TCP sockets to the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_repository_port" lineno="73796">
<summary>
Bind UDP sockets to the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_repository_port" lineno="73815">
<summary>
Make a TCP connection to the repository port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_repository_client_packets" lineno="73835">
<summary>
Send repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_repository_client_packets" lineno="73854">
<summary>
Do not audit attempts to send repository_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_repository_client_packets" lineno="73873">
<summary>
Receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_repository_client_packets" lineno="73892">
<summary>
Do not audit attempts to receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_repository_client_packets" lineno="73911">
<summary>
Send and receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_repository_client_packets" lineno="73927">
<summary>
Do not audit attempts to send and receive repository_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_repository_client_packets" lineno="73942">
<summary>
Relabel packets to repository_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_repository_server_packets" lineno="73962">
<summary>
Send repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_repository_server_packets" lineno="73981">
<summary>
Do not audit attempts to send repository_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_repository_server_packets" lineno="74000">
<summary>
Receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_repository_server_packets" lineno="74019">
<summary>
Do not audit attempts to receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_repository_server_packets" lineno="74038">
<summary>
Send and receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_repository_server_packets" lineno="74054">
<summary>
Do not audit attempts to send and receive repository_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_repository_server_packets" lineno="74069">
<summary>
Relabel packets to repository_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ricci_port" lineno="74091">
<summary>
Send and receive TCP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ricci_port" lineno="74110">
<summary>
Send UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ricci_port" lineno="74129">
<summary>
Do not audit attempts to send UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ricci_port" lineno="74148">
<summary>
Receive UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ricci_port" lineno="74167">
<summary>
Do not audit attempts to receive UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ricci_port" lineno="74186">
<summary>
Send and receive UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ricci_port" lineno="74203">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ricci port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ricci_port" lineno="74219">
<summary>
Bind TCP sockets to the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ricci_port" lineno="74239">
<summary>
Bind UDP sockets to the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ricci_port" lineno="74258">
<summary>
Make a TCP connection to the ricci port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_client_packets" lineno="74278">
<summary>
Send ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_client_packets" lineno="74297">
<summary>
Do not audit attempts to send ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_client_packets" lineno="74316">
<summary>
Receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_client_packets" lineno="74335">
<summary>
Do not audit attempts to receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_client_packets" lineno="74354">
<summary>
Send and receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_client_packets" lineno="74370">
<summary>
Do not audit attempts to send and receive ricci_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_client_packets" lineno="74385">
<summary>
Relabel packets to ricci_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_server_packets" lineno="74405">
<summary>
Send ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_server_packets" lineno="74424">
<summary>
Do not audit attempts to send ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_server_packets" lineno="74443">
<summary>
Receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_server_packets" lineno="74462">
<summary>
Do not audit attempts to receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_server_packets" lineno="74481">
<summary>
Send and receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_server_packets" lineno="74497">
<summary>
Do not audit attempts to send and receive ricci_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_server_packets" lineno="74512">
<summary>
Relabel packets to ricci_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ricci_modcluster_port" lineno="74534">
<summary>
Send and receive TCP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ricci_modcluster_port" lineno="74553">
<summary>
Send UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ricci_modcluster_port" lineno="74572">
<summary>
Do not audit attempts to send UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ricci_modcluster_port" lineno="74591">
<summary>
Receive UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ricci_modcluster_port" lineno="74610">
<summary>
Do not audit attempts to receive UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ricci_modcluster_port" lineno="74629">
<summary>
Send and receive UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ricci_modcluster_port" lineno="74646">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ricci_modcluster_port" lineno="74662">
<summary>
Bind TCP sockets to the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ricci_modcluster_port" lineno="74682">
<summary>
Bind UDP sockets to the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ricci_modcluster_port" lineno="74701">
<summary>
Make a TCP connection to the ricci_modcluster port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_modcluster_client_packets" lineno="74721">
<summary>
Send ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_modcluster_client_packets" lineno="74740">
<summary>
Do not audit attempts to send ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_modcluster_client_packets" lineno="74759">
<summary>
Receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_modcluster_client_packets" lineno="74778">
<summary>
Do not audit attempts to receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_modcluster_client_packets" lineno="74797">
<summary>
Send and receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_client_packets" lineno="74813">
<summary>
Do not audit attempts to send and receive ricci_modcluster_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_modcluster_client_packets" lineno="74828">
<summary>
Relabel packets to ricci_modcluster_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ricci_modcluster_server_packets" lineno="74848">
<summary>
Send ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ricci_modcluster_server_packets" lineno="74867">
<summary>
Do not audit attempts to send ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ricci_modcluster_server_packets" lineno="74886">
<summary>
Receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ricci_modcluster_server_packets" lineno="74905">
<summary>
Do not audit attempts to receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ricci_modcluster_server_packets" lineno="74924">
<summary>
Send and receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ricci_modcluster_server_packets" lineno="74940">
<summary>
Do not audit attempts to send and receive ricci_modcluster_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ricci_modcluster_server_packets" lineno="74955">
<summary>
Relabel packets to ricci_modcluster_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rlogind_port" lineno="74977">
<summary>
Send and receive TCP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rlogind_port" lineno="74996">
<summary>
Send UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rlogind_port" lineno="75015">
<summary>
Do not audit attempts to send UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rlogind_port" lineno="75034">
<summary>
Receive UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rlogind_port" lineno="75053">
<summary>
Do not audit attempts to receive UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rlogind_port" lineno="75072">
<summary>
Send and receive UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rlogind_port" lineno="75089">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rlogind port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rlogind_port" lineno="75105">
<summary>
Bind TCP sockets to the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rlogind_port" lineno="75125">
<summary>
Bind UDP sockets to the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rlogind_port" lineno="75144">
<summary>
Make a TCP connection to the rlogind port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rlogind_client_packets" lineno="75164">
<summary>
Send rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rlogind_client_packets" lineno="75183">
<summary>
Do not audit attempts to send rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rlogind_client_packets" lineno="75202">
<summary>
Receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rlogind_client_packets" lineno="75221">
<summary>
Do not audit attempts to receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rlogind_client_packets" lineno="75240">
<summary>
Send and receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rlogind_client_packets" lineno="75256">
<summary>
Do not audit attempts to send and receive rlogind_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rlogind_client_packets" lineno="75271">
<summary>
Relabel packets to rlogind_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rlogind_server_packets" lineno="75291">
<summary>
Send rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rlogind_server_packets" lineno="75310">
<summary>
Do not audit attempts to send rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rlogind_server_packets" lineno="75329">
<summary>
Receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rlogind_server_packets" lineno="75348">
<summary>
Do not audit attempts to receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rlogind_server_packets" lineno="75367">
<summary>
Send and receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rlogind_server_packets" lineno="75383">
<summary>
Do not audit attempts to send and receive rlogind_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rlogind_server_packets" lineno="75398">
<summary>
Relabel packets to rlogind_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rndc_port" lineno="75420">
<summary>
Send and receive TCP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rndc_port" lineno="75439">
<summary>
Send UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rndc_port" lineno="75458">
<summary>
Do not audit attempts to send UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rndc_port" lineno="75477">
<summary>
Receive UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rndc_port" lineno="75496">
<summary>
Do not audit attempts to receive UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rndc_port" lineno="75515">
<summary>
Send and receive UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rndc_port" lineno="75532">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rndc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rndc_port" lineno="75548">
<summary>
Bind TCP sockets to the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rndc_port" lineno="75568">
<summary>
Bind UDP sockets to the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rndc_port" lineno="75587">
<summary>
Make a TCP connection to the rndc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rndc_client_packets" lineno="75607">
<summary>
Send rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rndc_client_packets" lineno="75626">
<summary>
Do not audit attempts to send rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rndc_client_packets" lineno="75645">
<summary>
Receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rndc_client_packets" lineno="75664">
<summary>
Do not audit attempts to receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rndc_client_packets" lineno="75683">
<summary>
Send and receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rndc_client_packets" lineno="75699">
<summary>
Do not audit attempts to send and receive rndc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rndc_client_packets" lineno="75714">
<summary>
Relabel packets to rndc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rndc_server_packets" lineno="75734">
<summary>
Send rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rndc_server_packets" lineno="75753">
<summary>
Do not audit attempts to send rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rndc_server_packets" lineno="75772">
<summary>
Receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rndc_server_packets" lineno="75791">
<summary>
Do not audit attempts to receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rndc_server_packets" lineno="75810">
<summary>
Send and receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rndc_server_packets" lineno="75826">
<summary>
Do not audit attempts to send and receive rndc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rndc_server_packets" lineno="75841">
<summary>
Relabel packets to rndc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_router_port" lineno="75863">
<summary>
Send and receive TCP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_router_port" lineno="75882">
<summary>
Send UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_router_port" lineno="75901">
<summary>
Do not audit attempts to send UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_router_port" lineno="75920">
<summary>
Receive UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_router_port" lineno="75939">
<summary>
Do not audit attempts to receive UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_router_port" lineno="75958">
<summary>
Send and receive UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_router_port" lineno="75975">
<summary>
Do not audit attempts to send and receive
UDP traffic on the router port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_router_port" lineno="75991">
<summary>
Bind TCP sockets to the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_router_port" lineno="76011">
<summary>
Bind UDP sockets to the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_router_port" lineno="76030">
<summary>
Make a TCP connection to the router port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_router_client_packets" lineno="76050">
<summary>
Send router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_router_client_packets" lineno="76069">
<summary>
Do not audit attempts to send router_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_router_client_packets" lineno="76088">
<summary>
Receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_router_client_packets" lineno="76107">
<summary>
Do not audit attempts to receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_router_client_packets" lineno="76126">
<summary>
Send and receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_router_client_packets" lineno="76142">
<summary>
Do not audit attempts to send and receive router_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_router_client_packets" lineno="76157">
<summary>
Relabel packets to router_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_router_server_packets" lineno="76177">
<summary>
Send router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_router_server_packets" lineno="76196">
<summary>
Do not audit attempts to send router_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_router_server_packets" lineno="76215">
<summary>
Receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_router_server_packets" lineno="76234">
<summary>
Do not audit attempts to receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_router_server_packets" lineno="76253">
<summary>
Send and receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_router_server_packets" lineno="76269">
<summary>
Do not audit attempts to send and receive router_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_router_server_packets" lineno="76284">
<summary>
Relabel packets to router_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rsh_port" lineno="76306">
<summary>
Send and receive TCP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rsh_port" lineno="76325">
<summary>
Send UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rsh_port" lineno="76344">
<summary>
Do not audit attempts to send UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rsh_port" lineno="76363">
<summary>
Receive UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rsh_port" lineno="76382">
<summary>
Do not audit attempts to receive UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rsh_port" lineno="76401">
<summary>
Send and receive UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rsh_port" lineno="76418">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rsh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rsh_port" lineno="76434">
<summary>
Bind TCP sockets to the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rsh_port" lineno="76454">
<summary>
Bind UDP sockets to the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rsh_port" lineno="76473">
<summary>
Make a TCP connection to the rsh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsh_client_packets" lineno="76493">
<summary>
Send rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsh_client_packets" lineno="76512">
<summary>
Do not audit attempts to send rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsh_client_packets" lineno="76531">
<summary>
Receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsh_client_packets" lineno="76550">
<summary>
Do not audit attempts to receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsh_client_packets" lineno="76569">
<summary>
Send and receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsh_client_packets" lineno="76585">
<summary>
Do not audit attempts to send and receive rsh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsh_client_packets" lineno="76600">
<summary>
Relabel packets to rsh_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsh_server_packets" lineno="76620">
<summary>
Send rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsh_server_packets" lineno="76639">
<summary>
Do not audit attempts to send rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsh_server_packets" lineno="76658">
<summary>
Receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsh_server_packets" lineno="76677">
<summary>
Do not audit attempts to receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsh_server_packets" lineno="76696">
<summary>
Send and receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsh_server_packets" lineno="76712">
<summary>
Do not audit attempts to send and receive rsh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsh_server_packets" lineno="76727">
<summary>
Relabel packets to rsh_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rsync_port" lineno="76749">
<summary>
Send and receive TCP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rsync_port" lineno="76768">
<summary>
Send UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rsync_port" lineno="76787">
<summary>
Do not audit attempts to send UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rsync_port" lineno="76806">
<summary>
Receive UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rsync_port" lineno="76825">
<summary>
Do not audit attempts to receive UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rsync_port" lineno="76844">
<summary>
Send and receive UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rsync_port" lineno="76861">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rsync port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rsync_port" lineno="76877">
<summary>
Bind TCP sockets to the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rsync_port" lineno="76897">
<summary>
Bind UDP sockets to the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rsync_port" lineno="76916">
<summary>
Make a TCP connection to the rsync port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsync_client_packets" lineno="76936">
<summary>
Send rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsync_client_packets" lineno="76955">
<summary>
Do not audit attempts to send rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsync_client_packets" lineno="76974">
<summary>
Receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsync_client_packets" lineno="76993">
<summary>
Do not audit attempts to receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsync_client_packets" lineno="77012">
<summary>
Send and receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsync_client_packets" lineno="77028">
<summary>
Do not audit attempts to send and receive rsync_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsync_client_packets" lineno="77043">
<summary>
Relabel packets to rsync_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rsync_server_packets" lineno="77063">
<summary>
Send rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rsync_server_packets" lineno="77082">
<summary>
Do not audit attempts to send rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rsync_server_packets" lineno="77101">
<summary>
Receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rsync_server_packets" lineno="77120">
<summary>
Do not audit attempts to receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rsync_server_packets" lineno="77139">
<summary>
Send and receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rsync_server_packets" lineno="77155">
<summary>
Do not audit attempts to send and receive rsync_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rsync_server_packets" lineno="77170">
<summary>
Relabel packets to rsync_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_rwho_port" lineno="77192">
<summary>
Send and receive TCP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_rwho_port" lineno="77211">
<summary>
Send UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_rwho_port" lineno="77230">
<summary>
Do not audit attempts to send UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_rwho_port" lineno="77249">
<summary>
Receive UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_rwho_port" lineno="77268">
<summary>
Do not audit attempts to receive UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_rwho_port" lineno="77287">
<summary>
Send and receive UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_rwho_port" lineno="77304">
<summary>
Do not audit attempts to send and receive
UDP traffic on the rwho port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_rwho_port" lineno="77320">
<summary>
Bind TCP sockets to the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_rwho_port" lineno="77340">
<summary>
Bind UDP sockets to the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_rwho_port" lineno="77359">
<summary>
Make a TCP connection to the rwho port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rwho_client_packets" lineno="77379">
<summary>
Send rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rwho_client_packets" lineno="77398">
<summary>
Do not audit attempts to send rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rwho_client_packets" lineno="77417">
<summary>
Receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rwho_client_packets" lineno="77436">
<summary>
Do not audit attempts to receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rwho_client_packets" lineno="77455">
<summary>
Send and receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rwho_client_packets" lineno="77471">
<summary>
Do not audit attempts to send and receive rwho_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rwho_client_packets" lineno="77486">
<summary>
Relabel packets to rwho_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_rwho_server_packets" lineno="77506">
<summary>
Send rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_rwho_server_packets" lineno="77525">
<summary>
Do not audit attempts to send rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_rwho_server_packets" lineno="77544">
<summary>
Receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_rwho_server_packets" lineno="77563">
<summary>
Do not audit attempts to receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_rwho_server_packets" lineno="77582">
<summary>
Send and receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_rwho_server_packets" lineno="77598">
<summary>
Do not audit attempts to send and receive rwho_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_rwho_server_packets" lineno="77613">
<summary>
Relabel packets to rwho_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sap_port" lineno="77635">
<summary>
Send and receive TCP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sap_port" lineno="77654">
<summary>
Send UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sap_port" lineno="77673">
<summary>
Do not audit attempts to send UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sap_port" lineno="77692">
<summary>
Receive UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sap_port" lineno="77711">
<summary>
Do not audit attempts to receive UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sap_port" lineno="77730">
<summary>
Send and receive UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sap_port" lineno="77747">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sap port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sap_port" lineno="77763">
<summary>
Bind TCP sockets to the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sap_port" lineno="77783">
<summary>
Bind UDP sockets to the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sap_port" lineno="77802">
<summary>
Make a TCP connection to the sap port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sap_client_packets" lineno="77822">
<summary>
Send sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sap_client_packets" lineno="77841">
<summary>
Do not audit attempts to send sap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sap_client_packets" lineno="77860">
<summary>
Receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sap_client_packets" lineno="77879">
<summary>
Do not audit attempts to receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sap_client_packets" lineno="77898">
<summary>
Send and receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sap_client_packets" lineno="77914">
<summary>
Do not audit attempts to send and receive sap_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sap_client_packets" lineno="77929">
<summary>
Relabel packets to sap_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sap_server_packets" lineno="77949">
<summary>
Send sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sap_server_packets" lineno="77968">
<summary>
Do not audit attempts to send sap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sap_server_packets" lineno="77987">
<summary>
Receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sap_server_packets" lineno="78006">
<summary>
Do not audit attempts to receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sap_server_packets" lineno="78025">
<summary>
Send and receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sap_server_packets" lineno="78041">
<summary>
Do not audit attempts to send and receive sap_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sap_server_packets" lineno="78056">
<summary>
Relabel packets to sap_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_saphostctrl_port" lineno="78078">
<summary>
Send and receive TCP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_saphostctrl_port" lineno="78097">
<summary>
Send UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_saphostctrl_port" lineno="78116">
<summary>
Do not audit attempts to send UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_saphostctrl_port" lineno="78135">
<summary>
Receive UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_saphostctrl_port" lineno="78154">
<summary>
Do not audit attempts to receive UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_saphostctrl_port" lineno="78173">
<summary>
Send and receive UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_saphostctrl_port" lineno="78190">
<summary>
Do not audit attempts to send and receive
UDP traffic on the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_saphostctrl_port" lineno="78206">
<summary>
Bind TCP sockets to the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_saphostctrl_port" lineno="78226">
<summary>
Bind UDP sockets to the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_saphostctrl_port" lineno="78245">
<summary>
Make a TCP connection to the saphostctrl port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_saphostctrl_client_packets" lineno="78265">
<summary>
Send saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_saphostctrl_client_packets" lineno="78284">
<summary>
Do not audit attempts to send saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_saphostctrl_client_packets" lineno="78303">
<summary>
Receive saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_saphostctrl_client_packets" lineno="78322">
<summary>
Do not audit attempts to receive saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_saphostctrl_client_packets" lineno="78341">
<summary>
Send and receive saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_saphostctrl_client_packets" lineno="78357">
<summary>
Do not audit attempts to send and receive saphostctrl_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_saphostctrl_client_packets" lineno="78372">
<summary>
Relabel packets to saphostctrl_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_saphostctrl_server_packets" lineno="78392">
<summary>
Send saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_saphostctrl_server_packets" lineno="78411">
<summary>
Do not audit attempts to send saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_saphostctrl_server_packets" lineno="78430">
<summary>
Receive saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_saphostctrl_server_packets" lineno="78449">
<summary>
Do not audit attempts to receive saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_saphostctrl_server_packets" lineno="78468">
<summary>
Send and receive saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_saphostctrl_server_packets" lineno="78484">
<summary>
Do not audit attempts to send and receive saphostctrl_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_saphostctrl_server_packets" lineno="78499">
<summary>
Relabel packets to saphostctrl_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sieve_port" lineno="78521">
<summary>
Send and receive TCP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sieve_port" lineno="78540">
<summary>
Send UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sieve_port" lineno="78559">
<summary>
Do not audit attempts to send UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sieve_port" lineno="78578">
<summary>
Receive UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sieve_port" lineno="78597">
<summary>
Do not audit attempts to receive UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sieve_port" lineno="78616">
<summary>
Send and receive UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sieve_port" lineno="78633">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sieve port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sieve_port" lineno="78649">
<summary>
Bind TCP sockets to the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sieve_port" lineno="78669">
<summary>
Bind UDP sockets to the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sieve_port" lineno="78688">
<summary>
Make a TCP connection to the sieve port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sieve_client_packets" lineno="78708">
<summary>
Send sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sieve_client_packets" lineno="78727">
<summary>
Do not audit attempts to send sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sieve_client_packets" lineno="78746">
<summary>
Receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sieve_client_packets" lineno="78765">
<summary>
Do not audit attempts to receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sieve_client_packets" lineno="78784">
<summary>
Send and receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sieve_client_packets" lineno="78800">
<summary>
Do not audit attempts to send and receive sieve_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sieve_client_packets" lineno="78815">
<summary>
Relabel packets to sieve_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sieve_server_packets" lineno="78835">
<summary>
Send sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sieve_server_packets" lineno="78854">
<summary>
Do not audit attempts to send sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sieve_server_packets" lineno="78873">
<summary>
Receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sieve_server_packets" lineno="78892">
<summary>
Do not audit attempts to receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sieve_server_packets" lineno="78911">
<summary>
Send and receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sieve_server_packets" lineno="78927">
<summary>
Do not audit attempts to send and receive sieve_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sieve_server_packets" lineno="78942">
<summary>
Relabel packets to sieve_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sip_port" lineno="78964">
<summary>
Send and receive TCP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sip_port" lineno="78983">
<summary>
Send UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sip_port" lineno="79002">
<summary>
Do not audit attempts to send UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sip_port" lineno="79021">
<summary>
Receive UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sip_port" lineno="79040">
<summary>
Do not audit attempts to receive UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sip_port" lineno="79059">
<summary>
Send and receive UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sip_port" lineno="79076">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sip port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sip_port" lineno="79092">
<summary>
Bind TCP sockets to the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sip_port" lineno="79112">
<summary>
Bind UDP sockets to the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sip_port" lineno="79131">
<summary>
Make a TCP connection to the sip port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sip_client_packets" lineno="79151">
<summary>
Send sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sip_client_packets" lineno="79170">
<summary>
Do not audit attempts to send sip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sip_client_packets" lineno="79189">
<summary>
Receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sip_client_packets" lineno="79208">
<summary>
Do not audit attempts to receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sip_client_packets" lineno="79227">
<summary>
Send and receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sip_client_packets" lineno="79243">
<summary>
Do not audit attempts to send and receive sip_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sip_client_packets" lineno="79258">
<summary>
Relabel packets to sip_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sip_server_packets" lineno="79278">
<summary>
Send sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sip_server_packets" lineno="79297">
<summary>
Do not audit attempts to send sip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sip_server_packets" lineno="79316">
<summary>
Receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sip_server_packets" lineno="79335">
<summary>
Do not audit attempts to receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sip_server_packets" lineno="79354">
<summary>
Send and receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sip_server_packets" lineno="79370">
<summary>
Do not audit attempts to send and receive sip_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sip_server_packets" lineno="79385">
<summary>
Relabel packets to sip_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sixxsconfig_port" lineno="79407">
<summary>
Send and receive TCP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sixxsconfig_port" lineno="79426">
<summary>
Send UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sixxsconfig_port" lineno="79445">
<summary>
Do not audit attempts to send UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sixxsconfig_port" lineno="79464">
<summary>
Receive UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sixxsconfig_port" lineno="79483">
<summary>
Do not audit attempts to receive UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sixxsconfig_port" lineno="79502">
<summary>
Send and receive UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sixxsconfig_port" lineno="79519">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sixxsconfig_port" lineno="79535">
<summary>
Bind TCP sockets to the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sixxsconfig_port" lineno="79555">
<summary>
Bind UDP sockets to the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sixxsconfig_port" lineno="79574">
<summary>
Make a TCP connection to the sixxsconfig port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sixxsconfig_client_packets" lineno="79594">
<summary>
Send sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sixxsconfig_client_packets" lineno="79613">
<summary>
Do not audit attempts to send sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sixxsconfig_client_packets" lineno="79632">
<summary>
Receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sixxsconfig_client_packets" lineno="79651">
<summary>
Do not audit attempts to receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sixxsconfig_client_packets" lineno="79670">
<summary>
Send and receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sixxsconfig_client_packets" lineno="79686">
<summary>
Do not audit attempts to send and receive sixxsconfig_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sixxsconfig_client_packets" lineno="79701">
<summary>
Relabel packets to sixxsconfig_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sixxsconfig_server_packets" lineno="79721">
<summary>
Send sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sixxsconfig_server_packets" lineno="79740">
<summary>
Do not audit attempts to send sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sixxsconfig_server_packets" lineno="79759">
<summary>
Receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sixxsconfig_server_packets" lineno="79778">
<summary>
Do not audit attempts to receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sixxsconfig_server_packets" lineno="79797">
<summary>
Send and receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sixxsconfig_server_packets" lineno="79813">
<summary>
Do not audit attempts to send and receive sixxsconfig_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sixxsconfig_server_packets" lineno="79828">
<summary>
Relabel packets to sixxsconfig_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_smbd_port" lineno="79850">
<summary>
Send and receive TCP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_smbd_port" lineno="79869">
<summary>
Send UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_smbd_port" lineno="79888">
<summary>
Do not audit attempts to send UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_smbd_port" lineno="79907">
<summary>
Receive UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_smbd_port" lineno="79926">
<summary>
Do not audit attempts to receive UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_smbd_port" lineno="79945">
<summary>
Send and receive UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_smbd_port" lineno="79962">
<summary>
Do not audit attempts to send and receive
UDP traffic on the smbd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_smbd_port" lineno="79978">
<summary>
Bind TCP sockets to the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_smbd_port" lineno="79998">
<summary>
Bind UDP sockets to the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_smbd_port" lineno="80017">
<summary>
Make a TCP connection to the smbd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smbd_client_packets" lineno="80037">
<summary>
Send smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smbd_client_packets" lineno="80056">
<summary>
Do not audit attempts to send smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smbd_client_packets" lineno="80075">
<summary>
Receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smbd_client_packets" lineno="80094">
<summary>
Do not audit attempts to receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smbd_client_packets" lineno="80113">
<summary>
Send and receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smbd_client_packets" lineno="80129">
<summary>
Do not audit attempts to send and receive smbd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smbd_client_packets" lineno="80144">
<summary>
Relabel packets to smbd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smbd_server_packets" lineno="80164">
<summary>
Send smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smbd_server_packets" lineno="80183">
<summary>
Do not audit attempts to send smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smbd_server_packets" lineno="80202">
<summary>
Receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smbd_server_packets" lineno="80221">
<summary>
Do not audit attempts to receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smbd_server_packets" lineno="80240">
<summary>
Send and receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smbd_server_packets" lineno="80256">
<summary>
Do not audit attempts to send and receive smbd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smbd_server_packets" lineno="80271">
<summary>
Relabel packets to smbd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_smtp_port" lineno="80293">
<summary>
Send and receive TCP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_smtp_port" lineno="80312">
<summary>
Send UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_smtp_port" lineno="80331">
<summary>
Do not audit attempts to send UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_smtp_port" lineno="80350">
<summary>
Receive UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_smtp_port" lineno="80369">
<summary>
Do not audit attempts to receive UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_smtp_port" lineno="80388">
<summary>
Send and receive UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_smtp_port" lineno="80405">
<summary>
Do not audit attempts to send and receive
UDP traffic on the smtp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_smtp_port" lineno="80421">
<summary>
Bind TCP sockets to the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_smtp_port" lineno="80441">
<summary>
Bind UDP sockets to the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_smtp_port" lineno="80460">
<summary>
Make a TCP connection to the smtp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smtp_client_packets" lineno="80480">
<summary>
Send smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smtp_client_packets" lineno="80499">
<summary>
Do not audit attempts to send smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smtp_client_packets" lineno="80518">
<summary>
Receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smtp_client_packets" lineno="80537">
<summary>
Do not audit attempts to receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smtp_client_packets" lineno="80556">
<summary>
Send and receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smtp_client_packets" lineno="80572">
<summary>
Do not audit attempts to send and receive smtp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smtp_client_packets" lineno="80587">
<summary>
Relabel packets to smtp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_smtp_server_packets" lineno="80607">
<summary>
Send smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_smtp_server_packets" lineno="80626">
<summary>
Do not audit attempts to send smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_smtp_server_packets" lineno="80645">
<summary>
Receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_smtp_server_packets" lineno="80664">
<summary>
Do not audit attempts to receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_smtp_server_packets" lineno="80683">
<summary>
Send and receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_smtp_server_packets" lineno="80699">
<summary>
Do not audit attempts to send and receive smtp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_smtp_server_packets" lineno="80714">
<summary>
Relabel packets to smtp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_snmp_port" lineno="80736">
<summary>
Send and receive TCP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_snmp_port" lineno="80755">
<summary>
Send UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_snmp_port" lineno="80774">
<summary>
Do not audit attempts to send UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_snmp_port" lineno="80793">
<summary>
Receive UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_snmp_port" lineno="80812">
<summary>
Do not audit attempts to receive UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_snmp_port" lineno="80831">
<summary>
Send and receive UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_snmp_port" lineno="80848">
<summary>
Do not audit attempts to send and receive
UDP traffic on the snmp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_snmp_port" lineno="80864">
<summary>
Bind TCP sockets to the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_snmp_port" lineno="80884">
<summary>
Bind UDP sockets to the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_snmp_port" lineno="80903">
<summary>
Make a TCP connection to the snmp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_snmp_client_packets" lineno="80923">
<summary>
Send snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_snmp_client_packets" lineno="80942">
<summary>
Do not audit attempts to send snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_snmp_client_packets" lineno="80961">
<summary>
Receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_snmp_client_packets" lineno="80980">
<summary>
Do not audit attempts to receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_snmp_client_packets" lineno="80999">
<summary>
Send and receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_snmp_client_packets" lineno="81015">
<summary>
Do not audit attempts to send and receive snmp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_snmp_client_packets" lineno="81030">
<summary>
Relabel packets to snmp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_snmp_server_packets" lineno="81050">
<summary>
Send snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_snmp_server_packets" lineno="81069">
<summary>
Do not audit attempts to send snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_snmp_server_packets" lineno="81088">
<summary>
Receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_snmp_server_packets" lineno="81107">
<summary>
Do not audit attempts to receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_snmp_server_packets" lineno="81126">
<summary>
Send and receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_snmp_server_packets" lineno="81142">
<summary>
Do not audit attempts to send and receive snmp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_snmp_server_packets" lineno="81157">
<summary>
Relabel packets to snmp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_soundd_port" lineno="81179">
<summary>
Send and receive TCP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_soundd_port" lineno="81198">
<summary>
Send UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_soundd_port" lineno="81217">
<summary>
Do not audit attempts to send UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_soundd_port" lineno="81236">
<summary>
Receive UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_soundd_port" lineno="81255">
<summary>
Do not audit attempts to receive UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_soundd_port" lineno="81274">
<summary>
Send and receive UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_soundd_port" lineno="81291">
<summary>
Do not audit attempts to send and receive
UDP traffic on the soundd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_soundd_port" lineno="81307">
<summary>
Bind TCP sockets to the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_soundd_port" lineno="81327">
<summary>
Bind UDP sockets to the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_soundd_port" lineno="81346">
<summary>
Make a TCP connection to the soundd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_soundd_client_packets" lineno="81366">
<summary>
Send soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_soundd_client_packets" lineno="81385">
<summary>
Do not audit attempts to send soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_soundd_client_packets" lineno="81404">
<summary>
Receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_soundd_client_packets" lineno="81423">
<summary>
Do not audit attempts to receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_soundd_client_packets" lineno="81442">
<summary>
Send and receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_soundd_client_packets" lineno="81458">
<summary>
Do not audit attempts to send and receive soundd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_soundd_client_packets" lineno="81473">
<summary>
Relabel packets to soundd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_soundd_server_packets" lineno="81493">
<summary>
Send soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_soundd_server_packets" lineno="81512">
<summary>
Do not audit attempts to send soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_soundd_server_packets" lineno="81531">
<summary>
Receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_soundd_server_packets" lineno="81550">
<summary>
Do not audit attempts to receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_soundd_server_packets" lineno="81569">
<summary>
Send and receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_soundd_server_packets" lineno="81585">
<summary>
Do not audit attempts to send and receive soundd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_soundd_server_packets" lineno="81600">
<summary>
Relabel packets to soundd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_spamd_port" lineno="81622">
<summary>
Send and receive TCP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_spamd_port" lineno="81641">
<summary>
Send UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_spamd_port" lineno="81660">
<summary>
Do not audit attempts to send UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_spamd_port" lineno="81679">
<summary>
Receive UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_spamd_port" lineno="81698">
<summary>
Do not audit attempts to receive UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_spamd_port" lineno="81717">
<summary>
Send and receive UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_spamd_port" lineno="81734">
<summary>
Do not audit attempts to send and receive
UDP traffic on the spamd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_spamd_port" lineno="81750">
<summary>
Bind TCP sockets to the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_spamd_port" lineno="81770">
<summary>
Bind UDP sockets to the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_spamd_port" lineno="81789">
<summary>
Make a TCP connection to the spamd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_spamd_client_packets" lineno="81809">
<summary>
Send spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_spamd_client_packets" lineno="81828">
<summary>
Do not audit attempts to send spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_spamd_client_packets" lineno="81847">
<summary>
Receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_spamd_client_packets" lineno="81866">
<summary>
Do not audit attempts to receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_spamd_client_packets" lineno="81885">
<summary>
Send and receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_spamd_client_packets" lineno="81901">
<summary>
Do not audit attempts to send and receive spamd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_spamd_client_packets" lineno="81916">
<summary>
Relabel packets to spamd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_spamd_server_packets" lineno="81936">
<summary>
Send spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_spamd_server_packets" lineno="81955">
<summary>
Do not audit attempts to send spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_spamd_server_packets" lineno="81974">
<summary>
Receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_spamd_server_packets" lineno="81993">
<summary>
Do not audit attempts to receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_spamd_server_packets" lineno="82012">
<summary>
Send and receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_spamd_server_packets" lineno="82028">
<summary>
Do not audit attempts to send and receive spamd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_spamd_server_packets" lineno="82043">
<summary>
Relabel packets to spamd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_speech_port" lineno="82065">
<summary>
Send and receive TCP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_speech_port" lineno="82084">
<summary>
Send UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_speech_port" lineno="82103">
<summary>
Do not audit attempts to send UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_speech_port" lineno="82122">
<summary>
Receive UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_speech_port" lineno="82141">
<summary>
Do not audit attempts to receive UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_speech_port" lineno="82160">
<summary>
Send and receive UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_speech_port" lineno="82177">
<summary>
Do not audit attempts to send and receive
UDP traffic on the speech port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_speech_port" lineno="82193">
<summary>
Bind TCP sockets to the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_speech_port" lineno="82213">
<summary>
Bind UDP sockets to the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_speech_port" lineno="82232">
<summary>
Make a TCP connection to the speech port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_speech_client_packets" lineno="82252">
<summary>
Send speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_speech_client_packets" lineno="82271">
<summary>
Do not audit attempts to send speech_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_speech_client_packets" lineno="82290">
<summary>
Receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_speech_client_packets" lineno="82309">
<summary>
Do not audit attempts to receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_speech_client_packets" lineno="82328">
<summary>
Send and receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_speech_client_packets" lineno="82344">
<summary>
Do not audit attempts to send and receive speech_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_speech_client_packets" lineno="82359">
<summary>
Relabel packets to speech_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_speech_server_packets" lineno="82379">
<summary>
Send speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_speech_server_packets" lineno="82398">
<summary>
Do not audit attempts to send speech_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_speech_server_packets" lineno="82417">
<summary>
Receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_speech_server_packets" lineno="82436">
<summary>
Do not audit attempts to receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_speech_server_packets" lineno="82455">
<summary>
Send and receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_speech_server_packets" lineno="82471">
<summary>
Do not audit attempts to send and receive speech_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_speech_server_packets" lineno="82486">
<summary>
Relabel packets to speech_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_squid_port" lineno="82508">
<summary>
Send and receive TCP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_squid_port" lineno="82527">
<summary>
Send UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_squid_port" lineno="82546">
<summary>
Do not audit attempts to send UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_squid_port" lineno="82565">
<summary>
Receive UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_squid_port" lineno="82584">
<summary>
Do not audit attempts to receive UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_squid_port" lineno="82603">
<summary>
Send and receive UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_squid_port" lineno="82620">
<summary>
Do not audit attempts to send and receive
UDP traffic on the squid port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_squid_port" lineno="82636">
<summary>
Bind TCP sockets to the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_squid_port" lineno="82656">
<summary>
Bind UDP sockets to the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_squid_port" lineno="82675">
<summary>
Make a TCP connection to the squid port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_squid_client_packets" lineno="82695">
<summary>
Send squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_squid_client_packets" lineno="82714">
<summary>
Do not audit attempts to send squid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_squid_client_packets" lineno="82733">
<summary>
Receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_squid_client_packets" lineno="82752">
<summary>
Do not audit attempts to receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_squid_client_packets" lineno="82771">
<summary>
Send and receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_squid_client_packets" lineno="82787">
<summary>
Do not audit attempts to send and receive squid_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_squid_client_packets" lineno="82802">
<summary>
Relabel packets to squid_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_squid_server_packets" lineno="82822">
<summary>
Send squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_squid_server_packets" lineno="82841">
<summary>
Do not audit attempts to send squid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_squid_server_packets" lineno="82860">
<summary>
Receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_squid_server_packets" lineno="82879">
<summary>
Do not audit attempts to receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_squid_server_packets" lineno="82898">
<summary>
Send and receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_squid_server_packets" lineno="82914">
<summary>
Do not audit attempts to send and receive squid_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_squid_server_packets" lineno="82929">
<summary>
Relabel packets to squid_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ssh_port" lineno="82951">
<summary>
Send and receive TCP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ssh_port" lineno="82970">
<summary>
Send UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ssh_port" lineno="82989">
<summary>
Do not audit attempts to send UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ssh_port" lineno="83008">
<summary>
Receive UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ssh_port" lineno="83027">
<summary>
Do not audit attempts to receive UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ssh_port" lineno="83046">
<summary>
Send and receive UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ssh_port" lineno="83063">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ssh port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ssh_port" lineno="83079">
<summary>
Bind TCP sockets to the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ssh_port" lineno="83099">
<summary>
Bind UDP sockets to the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ssh_port" lineno="83118">
<summary>
Make a TCP connection to the ssh port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ssh_client_packets" lineno="83138">
<summary>
Send ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ssh_client_packets" lineno="83157">
<summary>
Do not audit attempts to send ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ssh_client_packets" lineno="83176">
<summary>
Receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ssh_client_packets" lineno="83195">
<summary>
Do not audit attempts to receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ssh_client_packets" lineno="83214">
<summary>
Send and receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ssh_client_packets" lineno="83230">
<summary>
Do not audit attempts to send and receive ssh_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ssh_client_packets" lineno="83245">
<summary>
Relabel packets to ssh_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ssh_server_packets" lineno="83265">
<summary>
Send ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ssh_server_packets" lineno="83284">
<summary>
Do not audit attempts to send ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ssh_server_packets" lineno="83303">
<summary>
Receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ssh_server_packets" lineno="83322">
<summary>
Do not audit attempts to receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ssh_server_packets" lineno="83341">
<summary>
Send and receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ssh_server_packets" lineno="83357">
<summary>
Do not audit attempts to send and receive ssh_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ssh_server_packets" lineno="83372">
<summary>
Relabel packets to ssh_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_streaming_port" lineno="83394">
<summary>
Send and receive TCP traffic on the streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_streaming_port" lineno="83413">
<summary>
Send UDP traffic on the streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_streaming_port" lineno="83432">
<summary>
Do not audit attempts to send UDP traffic on the streaming port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_streaming_port" lineno="83451">
<summary>
Receive UDP traffic on the streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_streaming_port" lineno="83470">
<summary>
Do not audit attempts to receive UDP traffic on the streaming port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_streaming_port" lineno="83489">
<summary>
Send and receive UDP traffic on the streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_streaming_port" lineno="83506">
<summary>
Do not audit attempts to send and receive
UDP traffic on the streaming port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_streaming_port" lineno="83522">
<summary>
Bind TCP sockets to the streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_streaming_port" lineno="83542">
<summary>
Bind UDP sockets to the streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_streaming_port" lineno="83561">
<summary>
Make a TCP connection to the streaming port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_streaming_client_packets" lineno="83581">
<summary>
Send streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_streaming_client_packets" lineno="83600">
<summary>
Do not audit attempts to send streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_streaming_client_packets" lineno="83619">
<summary>
Receive streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_streaming_client_packets" lineno="83638">
<summary>
Do not audit attempts to receive streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_streaming_client_packets" lineno="83657">
<summary>
Send and receive streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_streaming_client_packets" lineno="83673">
<summary>
Do not audit attempts to send and receive streaming_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_streaming_client_packets" lineno="83688">
<summary>
Relabel packets to streaming_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_streaming_server_packets" lineno="83708">
<summary>
Send streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_streaming_server_packets" lineno="83727">
<summary>
Do not audit attempts to send streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_streaming_server_packets" lineno="83746">
<summary>
Receive streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_streaming_server_packets" lineno="83765">
<summary>
Do not audit attempts to receive streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_streaming_server_packets" lineno="83784">
<summary>
Send and receive streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_streaming_server_packets" lineno="83800">
<summary>
Do not audit attempts to send and receive streaming_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_streaming_server_packets" lineno="83815">
<summary>
Relabel packets to streaming_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_svn_port" lineno="83837">
<summary>
Send and receive TCP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_svn_port" lineno="83856">
<summary>
Send UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_svn_port" lineno="83875">
<summary>
Do not audit attempts to send UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_svn_port" lineno="83894">
<summary>
Receive UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_svn_port" lineno="83913">
<summary>
Do not audit attempts to receive UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_svn_port" lineno="83932">
<summary>
Send and receive UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_svn_port" lineno="83949">
<summary>
Do not audit attempts to send and receive
UDP traffic on the svn port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_svn_port" lineno="83965">
<summary>
Bind TCP sockets to the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_svn_port" lineno="83985">
<summary>
Bind UDP sockets to the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_svn_port" lineno="84004">
<summary>
Make a TCP connection to the svn port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_svn_client_packets" lineno="84024">
<summary>
Send svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_svn_client_packets" lineno="84043">
<summary>
Do not audit attempts to send svn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_svn_client_packets" lineno="84062">
<summary>
Receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_svn_client_packets" lineno="84081">
<summary>
Do not audit attempts to receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_svn_client_packets" lineno="84100">
<summary>
Send and receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_svn_client_packets" lineno="84116">
<summary>
Do not audit attempts to send and receive svn_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_svn_client_packets" lineno="84131">
<summary>
Relabel packets to svn_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_svn_server_packets" lineno="84151">
<summary>
Send svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_svn_server_packets" lineno="84170">
<summary>
Do not audit attempts to send svn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_svn_server_packets" lineno="84189">
<summary>
Receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_svn_server_packets" lineno="84208">
<summary>
Do not audit attempts to receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_svn_server_packets" lineno="84227">
<summary>
Send and receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_svn_server_packets" lineno="84243">
<summary>
Do not audit attempts to send and receive svn_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_svn_server_packets" lineno="84258">
<summary>
Relabel packets to svn_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_swat_port" lineno="84280">
<summary>
Send and receive TCP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_swat_port" lineno="84299">
<summary>
Send UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_swat_port" lineno="84318">
<summary>
Do not audit attempts to send UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_swat_port" lineno="84337">
<summary>
Receive UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_swat_port" lineno="84356">
<summary>
Do not audit attempts to receive UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_swat_port" lineno="84375">
<summary>
Send and receive UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_swat_port" lineno="84392">
<summary>
Do not audit attempts to send and receive
UDP traffic on the swat port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_swat_port" lineno="84408">
<summary>
Bind TCP sockets to the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_swat_port" lineno="84428">
<summary>
Bind UDP sockets to the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_swat_port" lineno="84447">
<summary>
Make a TCP connection to the swat port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_swat_client_packets" lineno="84467">
<summary>
Send swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_swat_client_packets" lineno="84486">
<summary>
Do not audit attempts to send swat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_swat_client_packets" lineno="84505">
<summary>
Receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_swat_client_packets" lineno="84524">
<summary>
Do not audit attempts to receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_swat_client_packets" lineno="84543">
<summary>
Send and receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_swat_client_packets" lineno="84559">
<summary>
Do not audit attempts to send and receive swat_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_swat_client_packets" lineno="84574">
<summary>
Relabel packets to swat_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_swat_server_packets" lineno="84594">
<summary>
Send swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_swat_server_packets" lineno="84613">
<summary>
Do not audit attempts to send swat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_swat_server_packets" lineno="84632">
<summary>
Receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_swat_server_packets" lineno="84651">
<summary>
Do not audit attempts to receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_swat_server_packets" lineno="84670">
<summary>
Send and receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_swat_server_packets" lineno="84686">
<summary>
Do not audit attempts to send and receive swat_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_swat_server_packets" lineno="84701">
<summary>
Relabel packets to swat_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_sype_port" lineno="84723">
<summary>
Send and receive TCP traffic on the sype port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_sype_port" lineno="84742">
<summary>
Send UDP traffic on the sype port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_sype_port" lineno="84761">
<summary>
Do not audit attempts to send UDP traffic on the sype port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_sype_port" lineno="84780">
<summary>
Receive UDP traffic on the sype port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_sype_port" lineno="84799">
<summary>
Do not audit attempts to receive UDP traffic on the sype port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_sype_port" lineno="84818">
<summary>
Send and receive UDP traffic on the sype port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_sype_port" lineno="84835">
<summary>
Do not audit attempts to send and receive
UDP traffic on the sype port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_sype_port" lineno="84851">
<summary>
Bind TCP sockets to the sype port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_sype_port" lineno="84871">
<summary>
Bind UDP sockets to the sype port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_sype_port" lineno="84890">
<summary>
Make a TCP connection to the sype port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sype_client_packets" lineno="84910">
<summary>
Send sype_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sype_client_packets" lineno="84929">
<summary>
Do not audit attempts to send sype_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sype_client_packets" lineno="84948">
<summary>
Receive sype_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sype_client_packets" lineno="84967">
<summary>
Do not audit attempts to receive sype_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sype_client_packets" lineno="84986">
<summary>
Send and receive sype_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sype_client_packets" lineno="85002">
<summary>
Do not audit attempts to send and receive sype_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sype_client_packets" lineno="85017">
<summary>
Relabel packets to sype_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_sype_server_packets" lineno="85037">
<summary>
Send sype_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_sype_server_packets" lineno="85056">
<summary>
Do not audit attempts to send sype_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_sype_server_packets" lineno="85075">
<summary>
Receive sype_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_sype_server_packets" lineno="85094">
<summary>
Do not audit attempts to receive sype_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_sype_server_packets" lineno="85113">
<summary>
Send and receive sype_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_sype_server_packets" lineno="85129">
<summary>
Do not audit attempts to send and receive sype_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_sype_server_packets" lineno="85144">
<summary>
Relabel packets to sype_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_syslogd_port" lineno="85166">
<summary>
Send and receive TCP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_syslogd_port" lineno="85185">
<summary>
Send UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_syslogd_port" lineno="85204">
<summary>
Do not audit attempts to send UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_syslogd_port" lineno="85223">
<summary>
Receive UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_syslogd_port" lineno="85242">
<summary>
Do not audit attempts to receive UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_syslogd_port" lineno="85261">
<summary>
Send and receive UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_syslogd_port" lineno="85278">
<summary>
Do not audit attempts to send and receive
UDP traffic on the syslogd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_syslogd_port" lineno="85294">
<summary>
Bind TCP sockets to the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_syslogd_port" lineno="85314">
<summary>
Bind UDP sockets to the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_syslogd_port" lineno="85333">
<summary>
Make a TCP connection to the syslogd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syslogd_client_packets" lineno="85353">
<summary>
Send syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syslogd_client_packets" lineno="85372">
<summary>
Do not audit attempts to send syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syslogd_client_packets" lineno="85391">
<summary>
Receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syslogd_client_packets" lineno="85410">
<summary>
Do not audit attempts to receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syslogd_client_packets" lineno="85429">
<summary>
Send and receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syslogd_client_packets" lineno="85445">
<summary>
Do not audit attempts to send and receive syslogd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syslogd_client_packets" lineno="85460">
<summary>
Relabel packets to syslogd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_syslogd_server_packets" lineno="85480">
<summary>
Send syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_syslogd_server_packets" lineno="85499">
<summary>
Do not audit attempts to send syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_syslogd_server_packets" lineno="85518">
<summary>
Receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_syslogd_server_packets" lineno="85537">
<summary>
Do not audit attempts to receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_syslogd_server_packets" lineno="85556">
<summary>
Send and receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_syslogd_server_packets" lineno="85572">
<summary>
Do not audit attempts to send and receive syslogd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_syslogd_server_packets" lineno="85587">
<summary>
Relabel packets to syslogd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_telnetd_port" lineno="85609">
<summary>
Send and receive TCP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_telnetd_port" lineno="85628">
<summary>
Send UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_telnetd_port" lineno="85647">
<summary>
Do not audit attempts to send UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_telnetd_port" lineno="85666">
<summary>
Receive UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_telnetd_port" lineno="85685">
<summary>
Do not audit attempts to receive UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_telnetd_port" lineno="85704">
<summary>
Send and receive UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_telnetd_port" lineno="85721">
<summary>
Do not audit attempts to send and receive
UDP traffic on the telnetd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_telnetd_port" lineno="85737">
<summary>
Bind TCP sockets to the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_telnetd_port" lineno="85757">
<summary>
Bind UDP sockets to the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_telnetd_port" lineno="85776">
<summary>
Make a TCP connection to the telnetd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_telnetd_client_packets" lineno="85796">
<summary>
Send telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_telnetd_client_packets" lineno="85815">
<summary>
Do not audit attempts to send telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_telnetd_client_packets" lineno="85834">
<summary>
Receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_telnetd_client_packets" lineno="85853">
<summary>
Do not audit attempts to receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_telnetd_client_packets" lineno="85872">
<summary>
Send and receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_telnetd_client_packets" lineno="85888">
<summary>
Do not audit attempts to send and receive telnetd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_telnetd_client_packets" lineno="85903">
<summary>
Relabel packets to telnetd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_telnetd_server_packets" lineno="85923">
<summary>
Send telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_telnetd_server_packets" lineno="85942">
<summary>
Do not audit attempts to send telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_telnetd_server_packets" lineno="85961">
<summary>
Receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_telnetd_server_packets" lineno="85980">
<summary>
Do not audit attempts to receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_telnetd_server_packets" lineno="85999">
<summary>
Send and receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_telnetd_server_packets" lineno="86015">
<summary>
Do not audit attempts to send and receive telnetd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_telnetd_server_packets" lineno="86030">
<summary>
Relabel packets to telnetd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_tftp_port" lineno="86052">
<summary>
Send and receive TCP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_tftp_port" lineno="86071">
<summary>
Send UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_tftp_port" lineno="86090">
<summary>
Do not audit attempts to send UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_tftp_port" lineno="86109">
<summary>
Receive UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_tftp_port" lineno="86128">
<summary>
Do not audit attempts to receive UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_tftp_port" lineno="86147">
<summary>
Send and receive UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_tftp_port" lineno="86164">
<summary>
Do not audit attempts to send and receive
UDP traffic on the tftp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_tftp_port" lineno="86180">
<summary>
Bind TCP sockets to the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_tftp_port" lineno="86200">
<summary>
Bind UDP sockets to the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_tftp_port" lineno="86219">
<summary>
Make a TCP connection to the tftp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tftp_client_packets" lineno="86239">
<summary>
Send tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tftp_client_packets" lineno="86258">
<summary>
Do not audit attempts to send tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tftp_client_packets" lineno="86277">
<summary>
Receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tftp_client_packets" lineno="86296">
<summary>
Do not audit attempts to receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tftp_client_packets" lineno="86315">
<summary>
Send and receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tftp_client_packets" lineno="86331">
<summary>
Do not audit attempts to send and receive tftp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tftp_client_packets" lineno="86346">
<summary>
Relabel packets to tftp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tftp_server_packets" lineno="86366">
<summary>
Send tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tftp_server_packets" lineno="86385">
<summary>
Do not audit attempts to send tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tftp_server_packets" lineno="86404">
<summary>
Receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tftp_server_packets" lineno="86423">
<summary>
Do not audit attempts to receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tftp_server_packets" lineno="86442">
<summary>
Send and receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tftp_server_packets" lineno="86458">
<summary>
Do not audit attempts to send and receive tftp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tftp_server_packets" lineno="86473">
<summary>
Relabel packets to tftp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_tor_port" lineno="86495">
<summary>
Send and receive TCP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_tor_port" lineno="86514">
<summary>
Send UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_tor_port" lineno="86533">
<summary>
Do not audit attempts to send UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_tor_port" lineno="86552">
<summary>
Receive UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_tor_port" lineno="86571">
<summary>
Do not audit attempts to receive UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_tor_port" lineno="86590">
<summary>
Send and receive UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_tor_port" lineno="86607">
<summary>
Do not audit attempts to send and receive
UDP traffic on the tor port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_tor_port" lineno="86623">
<summary>
Bind TCP sockets to the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_tor_port" lineno="86643">
<summary>
Bind UDP sockets to the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_tor_port" lineno="86662">
<summary>
Make a TCP connection to the tor port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tor_client_packets" lineno="86682">
<summary>
Send tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tor_client_packets" lineno="86701">
<summary>
Do not audit attempts to send tor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tor_client_packets" lineno="86720">
<summary>
Receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tor_client_packets" lineno="86739">
<summary>
Do not audit attempts to receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tor_client_packets" lineno="86758">
<summary>
Send and receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tor_client_packets" lineno="86774">
<summary>
Do not audit attempts to send and receive tor_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tor_client_packets" lineno="86789">
<summary>
Relabel packets to tor_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tor_server_packets" lineno="86809">
<summary>
Send tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tor_server_packets" lineno="86828">
<summary>
Do not audit attempts to send tor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tor_server_packets" lineno="86847">
<summary>
Receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tor_server_packets" lineno="86866">
<summary>
Do not audit attempts to receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tor_server_packets" lineno="86885">
<summary>
Send and receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tor_server_packets" lineno="86901">
<summary>
Do not audit attempts to send and receive tor_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tor_server_packets" lineno="86916">
<summary>
Relabel packets to tor_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_tor_socks_port" lineno="86938">
<summary>
Send and receive TCP traffic on the tor_socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_tor_socks_port" lineno="86957">
<summary>
Send UDP traffic on the tor_socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_tor_socks_port" lineno="86976">
<summary>
Do not audit attempts to send UDP traffic on the tor_socks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_tor_socks_port" lineno="86995">
<summary>
Receive UDP traffic on the tor_socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_tor_socks_port" lineno="87014">
<summary>
Do not audit attempts to receive UDP traffic on the tor_socks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_tor_socks_port" lineno="87033">
<summary>
Send and receive UDP traffic on the tor_socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_tor_socks_port" lineno="87050">
<summary>
Do not audit attempts to send and receive
UDP traffic on the tor_socks port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_tor_socks_port" lineno="87066">
<summary>
Bind TCP sockets to the tor_socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_tor_socks_port" lineno="87086">
<summary>
Bind UDP sockets to the tor_socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_tor_socks_port" lineno="87105">
<summary>
Make a TCP connection to the tor_socks port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tor_socks_client_packets" lineno="87125">
<summary>
Send tor_socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tor_socks_client_packets" lineno="87144">
<summary>
Do not audit attempts to send tor_socks_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tor_socks_client_packets" lineno="87163">
<summary>
Receive tor_socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tor_socks_client_packets" lineno="87182">
<summary>
Do not audit attempts to receive tor_socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tor_socks_client_packets" lineno="87201">
<summary>
Send and receive tor_socks_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tor_socks_client_packets" lineno="87217">
<summary>
Do not audit attempts to send and receive tor_socks_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tor_socks_client_packets" lineno="87232">
<summary>
Relabel packets to tor_socks_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_tor_socks_server_packets" lineno="87252">
<summary>
Send tor_socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_tor_socks_server_packets" lineno="87271">
<summary>
Do not audit attempts to send tor_socks_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_tor_socks_server_packets" lineno="87290">
<summary>
Receive tor_socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_tor_socks_server_packets" lineno="87309">
<summary>
Do not audit attempts to receive tor_socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_tor_socks_server_packets" lineno="87328">
<summary>
Send and receive tor_socks_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_tor_socks_server_packets" lineno="87344">
<summary>
Do not audit attempts to send and receive tor_socks_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_tor_socks_server_packets" lineno="87359">
<summary>
Relabel packets to tor_socks_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_traceroute_port" lineno="87381">
<summary>
Send and receive TCP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_traceroute_port" lineno="87400">
<summary>
Send UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_traceroute_port" lineno="87419">
<summary>
Do not audit attempts to send UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_traceroute_port" lineno="87438">
<summary>
Receive UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_traceroute_port" lineno="87457">
<summary>
Do not audit attempts to receive UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_traceroute_port" lineno="87476">
<summary>
Send and receive UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_traceroute_port" lineno="87493">
<summary>
Do not audit attempts to send and receive
UDP traffic on the traceroute port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_traceroute_port" lineno="87509">
<summary>
Bind TCP sockets to the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_traceroute_port" lineno="87529">
<summary>
Bind UDP sockets to the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_traceroute_port" lineno="87548">
<summary>
Make a TCP connection to the traceroute port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_traceroute_client_packets" lineno="87568">
<summary>
Send traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_traceroute_client_packets" lineno="87587">
<summary>
Do not audit attempts to send traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_traceroute_client_packets" lineno="87606">
<summary>
Receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_traceroute_client_packets" lineno="87625">
<summary>
Do not audit attempts to receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_traceroute_client_packets" lineno="87644">
<summary>
Send and receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_traceroute_client_packets" lineno="87660">
<summary>
Do not audit attempts to send and receive traceroute_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_traceroute_client_packets" lineno="87675">
<summary>
Relabel packets to traceroute_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_traceroute_server_packets" lineno="87695">
<summary>
Send traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_traceroute_server_packets" lineno="87714">
<summary>
Do not audit attempts to send traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_traceroute_server_packets" lineno="87733">
<summary>
Receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_traceroute_server_packets" lineno="87752">
<summary>
Do not audit attempts to receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_traceroute_server_packets" lineno="87771">
<summary>
Send and receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_traceroute_server_packets" lineno="87787">
<summary>
Do not audit attempts to send and receive traceroute_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_traceroute_server_packets" lineno="87802">
<summary>
Relabel packets to traceroute_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_transproxy_port" lineno="87824">
<summary>
Send and receive TCP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_transproxy_port" lineno="87843">
<summary>
Send UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_transproxy_port" lineno="87862">
<summary>
Do not audit attempts to send UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_transproxy_port" lineno="87881">
<summary>
Receive UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_transproxy_port" lineno="87900">
<summary>
Do not audit attempts to receive UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_transproxy_port" lineno="87919">
<summary>
Send and receive UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_transproxy_port" lineno="87936">
<summary>
Do not audit attempts to send and receive
UDP traffic on the transproxy port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_transproxy_port" lineno="87952">
<summary>
Bind TCP sockets to the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_transproxy_port" lineno="87972">
<summary>
Bind UDP sockets to the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_transproxy_port" lineno="87991">
<summary>
Make a TCP connection to the transproxy port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_transproxy_client_packets" lineno="88011">
<summary>
Send transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_transproxy_client_packets" lineno="88030">
<summary>
Do not audit attempts to send transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_transproxy_client_packets" lineno="88049">
<summary>
Receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_transproxy_client_packets" lineno="88068">
<summary>
Do not audit attempts to receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_transproxy_client_packets" lineno="88087">
<summary>
Send and receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_transproxy_client_packets" lineno="88103">
<summary>
Do not audit attempts to send and receive transproxy_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_transproxy_client_packets" lineno="88118">
<summary>
Relabel packets to transproxy_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_transproxy_server_packets" lineno="88138">
<summary>
Send transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_transproxy_server_packets" lineno="88157">
<summary>
Do not audit attempts to send transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_transproxy_server_packets" lineno="88176">
<summary>
Receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_transproxy_server_packets" lineno="88195">
<summary>
Do not audit attempts to receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_transproxy_server_packets" lineno="88214">
<summary>
Send and receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_transproxy_server_packets" lineno="88230">
<summary>
Do not audit attempts to send and receive transproxy_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_transproxy_server_packets" lineno="88245">
<summary>
Relabel packets to transproxy_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_ups_port" lineno="88267">
<summary>
Send and receive TCP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_ups_port" lineno="88286">
<summary>
Send UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_ups_port" lineno="88305">
<summary>
Do not audit attempts to send UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_ups_port" lineno="88324">
<summary>
Receive UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_ups_port" lineno="88343">
<summary>
Do not audit attempts to receive UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_ups_port" lineno="88362">
<summary>
Send and receive UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_ups_port" lineno="88379">
<summary>
Do not audit attempts to send and receive
UDP traffic on the ups port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_ups_port" lineno="88395">
<summary>
Bind TCP sockets to the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_ups_port" lineno="88415">
<summary>
Bind UDP sockets to the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_ups_port" lineno="88434">
<summary>
Make a TCP connection to the ups port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ups_client_packets" lineno="88454">
<summary>
Send ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ups_client_packets" lineno="88473">
<summary>
Do not audit attempts to send ups_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ups_client_packets" lineno="88492">
<summary>
Receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ups_client_packets" lineno="88511">
<summary>
Do not audit attempts to receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ups_client_packets" lineno="88530">
<summary>
Send and receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ups_client_packets" lineno="88546">
<summary>
Do not audit attempts to send and receive ups_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ups_client_packets" lineno="88561">
<summary>
Relabel packets to ups_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_ups_server_packets" lineno="88581">
<summary>
Send ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_ups_server_packets" lineno="88600">
<summary>
Do not audit attempts to send ups_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_ups_server_packets" lineno="88619">
<summary>
Receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_ups_server_packets" lineno="88638">
<summary>
Do not audit attempts to receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_ups_server_packets" lineno="88657">
<summary>
Send and receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_ups_server_packets" lineno="88673">
<summary>
Do not audit attempts to send and receive ups_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_ups_server_packets" lineno="88688">
<summary>
Relabel packets to ups_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_uucpd_port" lineno="88710">
<summary>
Send and receive TCP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_uucpd_port" lineno="88729">
<summary>
Send UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_uucpd_port" lineno="88748">
<summary>
Do not audit attempts to send UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_uucpd_port" lineno="88767">
<summary>
Receive UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_uucpd_port" lineno="88786">
<summary>
Do not audit attempts to receive UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_uucpd_port" lineno="88805">
<summary>
Send and receive UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_uucpd_port" lineno="88822">
<summary>
Do not audit attempts to send and receive
UDP traffic on the uucpd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_uucpd_port" lineno="88838">
<summary>
Bind TCP sockets to the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_uucpd_port" lineno="88858">
<summary>
Bind UDP sockets to the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_uucpd_port" lineno="88877">
<summary>
Make a TCP connection to the uucpd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_uucpd_client_packets" lineno="88897">
<summary>
Send uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_uucpd_client_packets" lineno="88916">
<summary>
Do not audit attempts to send uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_uucpd_client_packets" lineno="88935">
<summary>
Receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_uucpd_client_packets" lineno="88954">
<summary>
Do not audit attempts to receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_uucpd_client_packets" lineno="88973">
<summary>
Send and receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_uucpd_client_packets" lineno="88989">
<summary>
Do not audit attempts to send and receive uucpd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_uucpd_client_packets" lineno="89004">
<summary>
Relabel packets to uucpd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_uucpd_server_packets" lineno="89024">
<summary>
Send uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_uucpd_server_packets" lineno="89043">
<summary>
Do not audit attempts to send uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_uucpd_server_packets" lineno="89062">
<summary>
Receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_uucpd_server_packets" lineno="89081">
<summary>
Do not audit attempts to receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_uucpd_server_packets" lineno="89100">
<summary>
Send and receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_uucpd_server_packets" lineno="89116">
<summary>
Do not audit attempts to send and receive uucpd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_uucpd_server_packets" lineno="89131">
<summary>
Relabel packets to uucpd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_varnishd_port" lineno="89153">
<summary>
Send and receive TCP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_varnishd_port" lineno="89172">
<summary>
Send UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_varnishd_port" lineno="89191">
<summary>
Do not audit attempts to send UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_varnishd_port" lineno="89210">
<summary>
Receive UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_varnishd_port" lineno="89229">
<summary>
Do not audit attempts to receive UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_varnishd_port" lineno="89248">
<summary>
Send and receive UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_varnishd_port" lineno="89265">
<summary>
Do not audit attempts to send and receive
UDP traffic on the varnishd port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_varnishd_port" lineno="89281">
<summary>
Bind TCP sockets to the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_varnishd_port" lineno="89301">
<summary>
Bind UDP sockets to the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_varnishd_port" lineno="89320">
<summary>
Make a TCP connection to the varnishd port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_varnishd_client_packets" lineno="89340">
<summary>
Send varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_varnishd_client_packets" lineno="89359">
<summary>
Do not audit attempts to send varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_varnishd_client_packets" lineno="89378">
<summary>
Receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_varnishd_client_packets" lineno="89397">
<summary>
Do not audit attempts to receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_varnishd_client_packets" lineno="89416">
<summary>
Send and receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_varnishd_client_packets" lineno="89432">
<summary>
Do not audit attempts to send and receive varnishd_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_varnishd_client_packets" lineno="89447">
<summary>
Relabel packets to varnishd_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_varnishd_server_packets" lineno="89467">
<summary>
Send varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_varnishd_server_packets" lineno="89486">
<summary>
Do not audit attempts to send varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_varnishd_server_packets" lineno="89505">
<summary>
Receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_varnishd_server_packets" lineno="89524">
<summary>
Do not audit attempts to receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_varnishd_server_packets" lineno="89543">
<summary>
Send and receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_varnishd_server_packets" lineno="89559">
<summary>
Do not audit attempts to send and receive varnishd_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_varnishd_server_packets" lineno="89574">
<summary>
Relabel packets to varnishd_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_virt_port" lineno="89596">
<summary>
Send and receive TCP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_virt_port" lineno="89615">
<summary>
Send UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_virt_port" lineno="89634">
<summary>
Do not audit attempts to send UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_virt_port" lineno="89653">
<summary>
Receive UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_virt_port" lineno="89672">
<summary>
Do not audit attempts to receive UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_virt_port" lineno="89691">
<summary>
Send and receive UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_virt_port" lineno="89708">
<summary>
Do not audit attempts to send and receive
UDP traffic on the virt port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_virt_port" lineno="89724">
<summary>
Bind TCP sockets to the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_virt_port" lineno="89744">
<summary>
Bind UDP sockets to the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_virt_port" lineno="89763">
<summary>
Make a TCP connection to the virt port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_client_packets" lineno="89783">
<summary>
Send virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_client_packets" lineno="89802">
<summary>
Do not audit attempts to send virt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_client_packets" lineno="89821">
<summary>
Receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_client_packets" lineno="89840">
<summary>
Do not audit attempts to receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_client_packets" lineno="89859">
<summary>
Send and receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_client_packets" lineno="89875">
<summary>
Do not audit attempts to send and receive virt_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_client_packets" lineno="89890">
<summary>
Relabel packets to virt_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_server_packets" lineno="89910">
<summary>
Send virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_server_packets" lineno="89929">
<summary>
Do not audit attempts to send virt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_server_packets" lineno="89948">
<summary>
Receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_server_packets" lineno="89967">
<summary>
Do not audit attempts to receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_server_packets" lineno="89986">
<summary>
Send and receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_server_packets" lineno="90002">
<summary>
Do not audit attempts to send and receive virt_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_server_packets" lineno="90017">
<summary>
Relabel packets to virt_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_virt_migration_port" lineno="90039">
<summary>
Send and receive TCP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_virt_migration_port" lineno="90058">
<summary>
Send UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_virt_migration_port" lineno="90077">
<summary>
Do not audit attempts to send UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_virt_migration_port" lineno="90096">
<summary>
Receive UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_virt_migration_port" lineno="90115">
<summary>
Do not audit attempts to receive UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_virt_migration_port" lineno="90134">
<summary>
Send and receive UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_virt_migration_port" lineno="90151">
<summary>
Do not audit attempts to send and receive
UDP traffic on the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_virt_migration_port" lineno="90167">
<summary>
Bind TCP sockets to the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_virt_migration_port" lineno="90187">
<summary>
Bind UDP sockets to the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_virt_migration_port" lineno="90206">
<summary>
Make a TCP connection to the virt_migration port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_migration_client_packets" lineno="90226">
<summary>
Send virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_migration_client_packets" lineno="90245">
<summary>
Do not audit attempts to send virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_migration_client_packets" lineno="90264">
<summary>
Receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_migration_client_packets" lineno="90283">
<summary>
Do not audit attempts to receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_migration_client_packets" lineno="90302">
<summary>
Send and receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_migration_client_packets" lineno="90318">
<summary>
Do not audit attempts to send and receive virt_migration_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_migration_client_packets" lineno="90333">
<summary>
Relabel packets to virt_migration_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_virt_migration_server_packets" lineno="90353">
<summary>
Send virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_virt_migration_server_packets" lineno="90372">
<summary>
Do not audit attempts to send virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_virt_migration_server_packets" lineno="90391">
<summary>
Receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_virt_migration_server_packets" lineno="90410">
<summary>
Do not audit attempts to receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_virt_migration_server_packets" lineno="90429">
<summary>
Send and receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_virt_migration_server_packets" lineno="90445">
<summary>
Do not audit attempts to send and receive virt_migration_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_virt_migration_server_packets" lineno="90460">
<summary>
Relabel packets to virt_migration_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_vnc_port" lineno="90482">
<summary>
Send and receive TCP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_vnc_port" lineno="90501">
<summary>
Send UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_vnc_port" lineno="90520">
<summary>
Do not audit attempts to send UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_vnc_port" lineno="90539">
<summary>
Receive UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_vnc_port" lineno="90558">
<summary>
Do not audit attempts to receive UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_vnc_port" lineno="90577">
<summary>
Send and receive UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_vnc_port" lineno="90594">
<summary>
Do not audit attempts to send and receive
UDP traffic on the vnc port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_vnc_port" lineno="90610">
<summary>
Bind TCP sockets to the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_vnc_port" lineno="90630">
<summary>
Bind UDP sockets to the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_vnc_port" lineno="90649">
<summary>
Make a TCP connection to the vnc port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_vnc_client_packets" lineno="90669">
<summary>
Send vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_vnc_client_packets" lineno="90688">
<summary>
Do not audit attempts to send vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_vnc_client_packets" lineno="90707">
<summary>
Receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_vnc_client_packets" lineno="90726">
<summary>
Do not audit attempts to receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_vnc_client_packets" lineno="90745">
<summary>
Send and receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_vnc_client_packets" lineno="90761">
<summary>
Do not audit attempts to send and receive vnc_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_vnc_client_packets" lineno="90776">
<summary>
Relabel packets to vnc_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_vnc_server_packets" lineno="90796">
<summary>
Send vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_vnc_server_packets" lineno="90815">
<summary>
Do not audit attempts to send vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_vnc_server_packets" lineno="90834">
<summary>
Receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_vnc_server_packets" lineno="90853">
<summary>
Do not audit attempts to receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_vnc_server_packets" lineno="90872">
<summary>
Send and receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_vnc_server_packets" lineno="90888">
<summary>
Do not audit attempts to send and receive vnc_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_vnc_server_packets" lineno="90903">
<summary>
Relabel packets to vnc_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_wccp_port" lineno="90925">
<summary>
Send and receive TCP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_wccp_port" lineno="90944">
<summary>
Send UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_wccp_port" lineno="90963">
<summary>
Do not audit attempts to send UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_wccp_port" lineno="90982">
<summary>
Receive UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_wccp_port" lineno="91001">
<summary>
Do not audit attempts to receive UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_wccp_port" lineno="91020">
<summary>
Send and receive UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_wccp_port" lineno="91037">
<summary>
Do not audit attempts to send and receive
UDP traffic on the wccp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_wccp_port" lineno="91053">
<summary>
Bind TCP sockets to the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_wccp_port" lineno="91073">
<summary>
Bind UDP sockets to the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_wccp_port" lineno="91092">
<summary>
Make a TCP connection to the wccp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wccp_client_packets" lineno="91112">
<summary>
Send wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wccp_client_packets" lineno="91131">
<summary>
Do not audit attempts to send wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wccp_client_packets" lineno="91150">
<summary>
Receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wccp_client_packets" lineno="91169">
<summary>
Do not audit attempts to receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wccp_client_packets" lineno="91188">
<summary>
Send and receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wccp_client_packets" lineno="91204">
<summary>
Do not audit attempts to send and receive wccp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wccp_client_packets" lineno="91219">
<summary>
Relabel packets to wccp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_wccp_server_packets" lineno="91239">
<summary>
Send wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_wccp_server_packets" lineno="91258">
<summary>
Do not audit attempts to send wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_wccp_server_packets" lineno="91277">
<summary>
Receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_wccp_server_packets" lineno="91296">
<summary>
Do not audit attempts to receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_wccp_server_packets" lineno="91315">
<summary>
Send and receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_wccp_server_packets" lineno="91331">
<summary>
Do not audit attempts to send and receive wccp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_wccp_server_packets" lineno="91346">
<summary>
Relabel packets to wccp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_websm_port" lineno="91368">
<summary>
Send and receive TCP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_websm_port" lineno="91387">
<summary>
Send UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_websm_port" lineno="91406">
<summary>
Do not audit attempts to send UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_websm_port" lineno="91425">
<summary>
Receive UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_websm_port" lineno="91444">
<summary>
Do not audit attempts to receive UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_websm_port" lineno="91463">
<summary>
Send and receive UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_websm_port" lineno="91480">
<summary>
Do not audit attempts to send and receive
UDP traffic on the websm port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_websm_port" lineno="91496">
<summary>
Bind TCP sockets to the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_websm_port" lineno="91516">
<summary>
Bind UDP sockets to the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_websm_port" lineno="91535">
<summary>
Make a TCP connection to the websm port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_websm_client_packets" lineno="91555">
<summary>
Send websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_websm_client_packets" lineno="91574">
<summary>
Do not audit attempts to send websm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_websm_client_packets" lineno="91593">
<summary>
Receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_websm_client_packets" lineno="91612">
<summary>
Do not audit attempts to receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_websm_client_packets" lineno="91631">
<summary>
Send and receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_websm_client_packets" lineno="91647">
<summary>
Do not audit attempts to send and receive websm_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_websm_client_packets" lineno="91662">
<summary>
Relabel packets to websm_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_websm_server_packets" lineno="91682">
<summary>
Send websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_websm_server_packets" lineno="91701">
<summary>
Do not audit attempts to send websm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_websm_server_packets" lineno="91720">
<summary>
Receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_websm_server_packets" lineno="91739">
<summary>
Do not audit attempts to receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_websm_server_packets" lineno="91758">
<summary>
Send and receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_websm_server_packets" lineno="91774">
<summary>
Do not audit attempts to send and receive websm_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_websm_server_packets" lineno="91789">
<summary>
Relabel packets to websm_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_whois_port" lineno="91811">
<summary>
Send and receive TCP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_whois_port" lineno="91830">
<summary>
Send UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_whois_port" lineno="91849">
<summary>
Do not audit attempts to send UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_whois_port" lineno="91868">
<summary>
Receive UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_whois_port" lineno="91887">
<summary>
Do not audit attempts to receive UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_whois_port" lineno="91906">
<summary>
Send and receive UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_whois_port" lineno="91923">
<summary>
Do not audit attempts to send and receive
UDP traffic on the whois port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_whois_port" lineno="91939">
<summary>
Bind TCP sockets to the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_whois_port" lineno="91959">
<summary>
Bind UDP sockets to the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_whois_port" lineno="91978">
<summary>
Make a TCP connection to the whois port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_whois_client_packets" lineno="91998">
<summary>
Send whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_whois_client_packets" lineno="92017">
<summary>
Do not audit attempts to send whois_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_whois_client_packets" lineno="92036">
<summary>
Receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_whois_client_packets" lineno="92055">
<summary>
Do not audit attempts to receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_whois_client_packets" lineno="92074">
<summary>
Send and receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_whois_client_packets" lineno="92090">
<summary>
Do not audit attempts to send and receive whois_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_whois_client_packets" lineno="92105">
<summary>
Relabel packets to whois_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_whois_server_packets" lineno="92125">
<summary>
Send whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_whois_server_packets" lineno="92144">
<summary>
Do not audit attempts to send whois_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_whois_server_packets" lineno="92163">
<summary>
Receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_whois_server_packets" lineno="92182">
<summary>
Do not audit attempts to receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_whois_server_packets" lineno="92201">
<summary>
Send and receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_whois_server_packets" lineno="92217">
<summary>
Do not audit attempts to send and receive whois_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_whois_server_packets" lineno="92232">
<summary>
Relabel packets to whois_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_winshadow_port" lineno="92254">
<summary>
Send and receive TCP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_winshadow_port" lineno="92273">
<summary>
Send UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_winshadow_port" lineno="92292">
<summary>
Do not audit attempts to send UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_winshadow_port" lineno="92311">
<summary>
Receive UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_winshadow_port" lineno="92330">
<summary>
Do not audit attempts to receive UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_winshadow_port" lineno="92349">
<summary>
Send and receive UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_winshadow_port" lineno="92366">
<summary>
Do not audit attempts to send and receive
UDP traffic on the winshadow port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_winshadow_port" lineno="92382">
<summary>
Bind TCP sockets to the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_winshadow_port" lineno="92402">
<summary>
Bind UDP sockets to the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_winshadow_port" lineno="92421">
<summary>
Make a TCP connection to the winshadow port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_winshadow_client_packets" lineno="92441">
<summary>
Send winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_winshadow_client_packets" lineno="92460">
<summary>
Do not audit attempts to send winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_winshadow_client_packets" lineno="92479">
<summary>
Receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_winshadow_client_packets" lineno="92498">
<summary>
Do not audit attempts to receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_winshadow_client_packets" lineno="92517">
<summary>
Send and receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_winshadow_client_packets" lineno="92533">
<summary>
Do not audit attempts to send and receive winshadow_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_winshadow_client_packets" lineno="92548">
<summary>
Relabel packets to winshadow_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_winshadow_server_packets" lineno="92568">
<summary>
Send winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_winshadow_server_packets" lineno="92587">
<summary>
Do not audit attempts to send winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_winshadow_server_packets" lineno="92606">
<summary>
Receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_winshadow_server_packets" lineno="92625">
<summary>
Do not audit attempts to receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_winshadow_server_packets" lineno="92644">
<summary>
Send and receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_winshadow_server_packets" lineno="92660">
<summary>
Do not audit attempts to send and receive winshadow_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_winshadow_server_packets" lineno="92675">
<summary>
Relabel packets to winshadow_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xdmcp_port" lineno="92697">
<summary>
Send and receive TCP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xdmcp_port" lineno="92716">
<summary>
Send UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xdmcp_port" lineno="92735">
<summary>
Do not audit attempts to send UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xdmcp_port" lineno="92754">
<summary>
Receive UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xdmcp_port" lineno="92773">
<summary>
Do not audit attempts to receive UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xdmcp_port" lineno="92792">
<summary>
Send and receive UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xdmcp_port" lineno="92809">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xdmcp_port" lineno="92825">
<summary>
Bind TCP sockets to the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xdmcp_port" lineno="92845">
<summary>
Bind UDP sockets to the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xdmcp_port" lineno="92864">
<summary>
Make a TCP connection to the xdmcp port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xdmcp_client_packets" lineno="92884">
<summary>
Send xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xdmcp_client_packets" lineno="92903">
<summary>
Do not audit attempts to send xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xdmcp_client_packets" lineno="92922">
<summary>
Receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xdmcp_client_packets" lineno="92941">
<summary>
Do not audit attempts to receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xdmcp_client_packets" lineno="92960">
<summary>
Send and receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xdmcp_client_packets" lineno="92976">
<summary>
Do not audit attempts to send and receive xdmcp_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xdmcp_client_packets" lineno="92991">
<summary>
Relabel packets to xdmcp_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xdmcp_server_packets" lineno="93011">
<summary>
Send xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xdmcp_server_packets" lineno="93030">
<summary>
Do not audit attempts to send xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xdmcp_server_packets" lineno="93049">
<summary>
Receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xdmcp_server_packets" lineno="93068">
<summary>
Do not audit attempts to receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xdmcp_server_packets" lineno="93087">
<summary>
Send and receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xdmcp_server_packets" lineno="93103">
<summary>
Do not audit attempts to send and receive xdmcp_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xdmcp_server_packets" lineno="93118">
<summary>
Relabel packets to xdmcp_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xen_port" lineno="93140">
<summary>
Send and receive TCP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xen_port" lineno="93159">
<summary>
Send UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xen_port" lineno="93178">
<summary>
Do not audit attempts to send UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xen_port" lineno="93197">
<summary>
Receive UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xen_port" lineno="93216">
<summary>
Do not audit attempts to receive UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xen_port" lineno="93235">
<summary>
Send and receive UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xen_port" lineno="93252">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xen port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xen_port" lineno="93268">
<summary>
Bind TCP sockets to the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xen_port" lineno="93288">
<summary>
Bind UDP sockets to the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xen_port" lineno="93307">
<summary>
Make a TCP connection to the xen port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xen_client_packets" lineno="93327">
<summary>
Send xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xen_client_packets" lineno="93346">
<summary>
Do not audit attempts to send xen_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xen_client_packets" lineno="93365">
<summary>
Receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xen_client_packets" lineno="93384">
<summary>
Do not audit attempts to receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xen_client_packets" lineno="93403">
<summary>
Send and receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xen_client_packets" lineno="93419">
<summary>
Do not audit attempts to send and receive xen_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xen_client_packets" lineno="93434">
<summary>
Relabel packets to xen_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xen_server_packets" lineno="93454">
<summary>
Send xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xen_server_packets" lineno="93473">
<summary>
Do not audit attempts to send xen_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xen_server_packets" lineno="93492">
<summary>
Receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xen_server_packets" lineno="93511">
<summary>
Do not audit attempts to receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xen_server_packets" lineno="93530">
<summary>
Send and receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xen_server_packets" lineno="93546">
<summary>
Do not audit attempts to send and receive xen_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xen_server_packets" lineno="93561">
<summary>
Relabel packets to xen_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xfs_port" lineno="93583">
<summary>
Send and receive TCP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xfs_port" lineno="93602">
<summary>
Send UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xfs_port" lineno="93621">
<summary>
Do not audit attempts to send UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xfs_port" lineno="93640">
<summary>
Receive UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xfs_port" lineno="93659">
<summary>
Do not audit attempts to receive UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xfs_port" lineno="93678">
<summary>
Send and receive UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xfs_port" lineno="93695">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xfs port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xfs_port" lineno="93711">
<summary>
Bind TCP sockets to the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xfs_port" lineno="93731">
<summary>
Bind UDP sockets to the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xfs_port" lineno="93750">
<summary>
Make a TCP connection to the xfs port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xfs_client_packets" lineno="93770">
<summary>
Send xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xfs_client_packets" lineno="93789">
<summary>
Do not audit attempts to send xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xfs_client_packets" lineno="93808">
<summary>
Receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xfs_client_packets" lineno="93827">
<summary>
Do not audit attempts to receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xfs_client_packets" lineno="93846">
<summary>
Send and receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xfs_client_packets" lineno="93862">
<summary>
Do not audit attempts to send and receive xfs_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xfs_client_packets" lineno="93877">
<summary>
Relabel packets to xfs_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xfs_server_packets" lineno="93897">
<summary>
Send xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xfs_server_packets" lineno="93916">
<summary>
Do not audit attempts to send xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xfs_server_packets" lineno="93935">
<summary>
Receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xfs_server_packets" lineno="93954">
<summary>
Do not audit attempts to receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xfs_server_packets" lineno="93973">
<summary>
Send and receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xfs_server_packets" lineno="93989">
<summary>
Do not audit attempts to send and receive xfs_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xfs_server_packets" lineno="94004">
<summary>
Relabel packets to xfs_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_xserver_port" lineno="94026">
<summary>
Send and receive TCP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_xserver_port" lineno="94045">
<summary>
Send UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_xserver_port" lineno="94064">
<summary>
Do not audit attempts to send UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_xserver_port" lineno="94083">
<summary>
Receive UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_xserver_port" lineno="94102">
<summary>
Do not audit attempts to receive UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_xserver_port" lineno="94121">
<summary>
Send and receive UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_xserver_port" lineno="94138">
<summary>
Do not audit attempts to send and receive
UDP traffic on the xserver port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_xserver_port" lineno="94154">
<summary>
Bind TCP sockets to the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_xserver_port" lineno="94174">
<summary>
Bind UDP sockets to the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_xserver_port" lineno="94193">
<summary>
Make a TCP connection to the xserver port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xserver_client_packets" lineno="94213">
<summary>
Send xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xserver_client_packets" lineno="94232">
<summary>
Do not audit attempts to send xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xserver_client_packets" lineno="94251">
<summary>
Receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xserver_client_packets" lineno="94270">
<summary>
Do not audit attempts to receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xserver_client_packets" lineno="94289">
<summary>
Send and receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xserver_client_packets" lineno="94305">
<summary>
Do not audit attempts to send and receive xserver_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xserver_client_packets" lineno="94320">
<summary>
Relabel packets to xserver_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_xserver_server_packets" lineno="94340">
<summary>
Send xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_xserver_server_packets" lineno="94359">
<summary>
Do not audit attempts to send xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_xserver_server_packets" lineno="94378">
<summary>
Receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_xserver_server_packets" lineno="94397">
<summary>
Do not audit attempts to receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_xserver_server_packets" lineno="94416">
<summary>
Send and receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_xserver_server_packets" lineno="94432">
<summary>
Do not audit attempts to send and receive xserver_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_xserver_server_packets" lineno="94447">
<summary>
Relabel packets to xserver_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zarafa_port" lineno="94469">
<summary>
Send and receive TCP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zarafa_port" lineno="94488">
<summary>
Send UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zarafa_port" lineno="94507">
<summary>
Do not audit attempts to send UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zarafa_port" lineno="94526">
<summary>
Receive UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zarafa_port" lineno="94545">
<summary>
Do not audit attempts to receive UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zarafa_port" lineno="94564">
<summary>
Send and receive UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zarafa_port" lineno="94581">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zarafa port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zarafa_port" lineno="94597">
<summary>
Bind TCP sockets to the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zarafa_port" lineno="94617">
<summary>
Bind UDP sockets to the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zarafa_port" lineno="94636">
<summary>
Make a TCP connection to the zarafa port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zarafa_client_packets" lineno="94656">
<summary>
Send zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zarafa_client_packets" lineno="94675">
<summary>
Do not audit attempts to send zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zarafa_client_packets" lineno="94694">
<summary>
Receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zarafa_client_packets" lineno="94713">
<summary>
Do not audit attempts to receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zarafa_client_packets" lineno="94732">
<summary>
Send and receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zarafa_client_packets" lineno="94748">
<summary>
Do not audit attempts to send and receive zarafa_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zarafa_client_packets" lineno="94763">
<summary>
Relabel packets to zarafa_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zarafa_server_packets" lineno="94783">
<summary>
Send zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zarafa_server_packets" lineno="94802">
<summary>
Do not audit attempts to send zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zarafa_server_packets" lineno="94821">
<summary>
Receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zarafa_server_packets" lineno="94840">
<summary>
Do not audit attempts to receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zarafa_server_packets" lineno="94859">
<summary>
Send and receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zarafa_server_packets" lineno="94875">
<summary>
Do not audit attempts to send and receive zarafa_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zarafa_server_packets" lineno="94890">
<summary>
Relabel packets to zarafa_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zabbix_port" lineno="94912">
<summary>
Send and receive TCP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zabbix_port" lineno="94931">
<summary>
Send UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zabbix_port" lineno="94950">
<summary>
Do not audit attempts to send UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zabbix_port" lineno="94969">
<summary>
Receive UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zabbix_port" lineno="94988">
<summary>
Do not audit attempts to receive UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zabbix_port" lineno="95007">
<summary>
Send and receive UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zabbix_port" lineno="95024">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zabbix port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zabbix_port" lineno="95040">
<summary>
Bind TCP sockets to the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zabbix_port" lineno="95060">
<summary>
Bind UDP sockets to the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zabbix_port" lineno="95079">
<summary>
Make a TCP connection to the zabbix port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_client_packets" lineno="95099">
<summary>
Send zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_client_packets" lineno="95118">
<summary>
Do not audit attempts to send zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_client_packets" lineno="95137">
<summary>
Receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_client_packets" lineno="95156">
<summary>
Do not audit attempts to receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_client_packets" lineno="95175">
<summary>
Send and receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_client_packets" lineno="95191">
<summary>
Do not audit attempts to send and receive zabbix_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_client_packets" lineno="95206">
<summary>
Relabel packets to zabbix_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_server_packets" lineno="95226">
<summary>
Send zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_server_packets" lineno="95245">
<summary>
Do not audit attempts to send zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_server_packets" lineno="95264">
<summary>
Receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_server_packets" lineno="95283">
<summary>
Do not audit attempts to receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_server_packets" lineno="95302">
<summary>
Send and receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_server_packets" lineno="95318">
<summary>
Do not audit attempts to send and receive zabbix_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_server_packets" lineno="95333">
<summary>
Relabel packets to zabbix_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zabbix_agent_port" lineno="95355">
<summary>
Send and receive TCP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zabbix_agent_port" lineno="95374">
<summary>
Send UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zabbix_agent_port" lineno="95393">
<summary>
Do not audit attempts to send UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zabbix_agent_port" lineno="95412">
<summary>
Receive UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zabbix_agent_port" lineno="95431">
<summary>
Do not audit attempts to receive UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zabbix_agent_port" lineno="95450">
<summary>
Send and receive UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zabbix_agent_port" lineno="95467">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zabbix_agent_port" lineno="95483">
<summary>
Bind TCP sockets to the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zabbix_agent_port" lineno="95503">
<summary>
Bind UDP sockets to the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zabbix_agent_port" lineno="95522">
<summary>
Make a TCP connection to the zabbix_agent port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_agent_client_packets" lineno="95542">
<summary>
Send zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_agent_client_packets" lineno="95561">
<summary>
Do not audit attempts to send zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_agent_client_packets" lineno="95580">
<summary>
Receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_agent_client_packets" lineno="95599">
<summary>
Do not audit attempts to receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_agent_client_packets" lineno="95618">
<summary>
Send and receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_agent_client_packets" lineno="95634">
<summary>
Do not audit attempts to send and receive zabbix_agent_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_agent_client_packets" lineno="95649">
<summary>
Relabel packets to zabbix_agent_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zabbix_agent_server_packets" lineno="95669">
<summary>
Send zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zabbix_agent_server_packets" lineno="95688">
<summary>
Do not audit attempts to send zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zabbix_agent_server_packets" lineno="95707">
<summary>
Receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zabbix_agent_server_packets" lineno="95726">
<summary>
Do not audit attempts to receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zabbix_agent_server_packets" lineno="95745">
<summary>
Send and receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zabbix_agent_server_packets" lineno="95761">
<summary>
Do not audit attempts to send and receive zabbix_agent_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zabbix_agent_server_packets" lineno="95776">
<summary>
Relabel packets to zabbix_agent_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zebra_port" lineno="95798">
<summary>
Send and receive TCP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zebra_port" lineno="95817">
<summary>
Send UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zebra_port" lineno="95836">
<summary>
Do not audit attempts to send UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zebra_port" lineno="95855">
<summary>
Receive UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zebra_port" lineno="95874">
<summary>
Do not audit attempts to receive UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zebra_port" lineno="95893">
<summary>
Send and receive UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zebra_port" lineno="95910">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zebra port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zebra_port" lineno="95926">
<summary>
Bind TCP sockets to the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zebra_port" lineno="95946">
<summary>
Bind UDP sockets to the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zebra_port" lineno="95965">
<summary>
Make a TCP connection to the zebra port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zebra_client_packets" lineno="95985">
<summary>
Send zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zebra_client_packets" lineno="96004">
<summary>
Do not audit attempts to send zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zebra_client_packets" lineno="96023">
<summary>
Receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zebra_client_packets" lineno="96042">
<summary>
Do not audit attempts to receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zebra_client_packets" lineno="96061">
<summary>
Send and receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zebra_client_packets" lineno="96077">
<summary>
Do not audit attempts to send and receive zebra_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zebra_client_packets" lineno="96092">
<summary>
Relabel packets to zebra_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zebra_server_packets" lineno="96112">
<summary>
Send zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zebra_server_packets" lineno="96131">
<summary>
Do not audit attempts to send zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zebra_server_packets" lineno="96150">
<summary>
Receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zebra_server_packets" lineno="96169">
<summary>
Do not audit attempts to receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zebra_server_packets" lineno="96188">
<summary>
Send and receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zebra_server_packets" lineno="96204">
<summary>
Do not audit attempts to send and receive zebra_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zebra_server_packets" lineno="96219">
<summary>
Relabel packets to zebra_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zented_port" lineno="96241">
<summary>
Send and receive TCP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zented_port" lineno="96260">
<summary>
Send UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zented_port" lineno="96279">
<summary>
Do not audit attempts to send UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zented_port" lineno="96298">
<summary>
Receive UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zented_port" lineno="96317">
<summary>
Do not audit attempts to receive UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zented_port" lineno="96336">
<summary>
Send and receive UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zented_port" lineno="96353">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zented port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zented_port" lineno="96369">
<summary>
Bind TCP sockets to the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zented_port" lineno="96389">
<summary>
Bind UDP sockets to the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zented_port" lineno="96408">
<summary>
Make a TCP connection to the zented port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zented_client_packets" lineno="96428">
<summary>
Send zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zented_client_packets" lineno="96447">
<summary>
Do not audit attempts to send zented_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zented_client_packets" lineno="96466">
<summary>
Receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zented_client_packets" lineno="96485">
<summary>
Do not audit attempts to receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zented_client_packets" lineno="96504">
<summary>
Send and receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zented_client_packets" lineno="96520">
<summary>
Do not audit attempts to send and receive zented_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zented_client_packets" lineno="96535">
<summary>
Relabel packets to zented_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zented_server_packets" lineno="96555">
<summary>
Send zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zented_server_packets" lineno="96574">
<summary>
Do not audit attempts to send zented_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zented_server_packets" lineno="96593">
<summary>
Receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zented_server_packets" lineno="96612">
<summary>
Do not audit attempts to receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zented_server_packets" lineno="96631">
<summary>
Send and receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zented_server_packets" lineno="96647">
<summary>
Do not audit attempts to send and receive zented_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zented_server_packets" lineno="96662">
<summary>
Relabel packets to zented_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_zope_port" lineno="96684">
<summary>
Send and receive TCP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_zope_port" lineno="96703">
<summary>
Send UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_send_zope_port" lineno="96722">
<summary>
Do not audit attempts to send UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_receive_zope_port" lineno="96741">
<summary>
Receive UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_receive_zope_port" lineno="96760">
<summary>
Do not audit attempts to receive UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_sendrecv_zope_port" lineno="96779">
<summary>
Send and receive UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_udp_sendrecv_zope_port" lineno="96796">
<summary>
Do not audit attempts to send and receive
UDP traffic on the zope port.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_bind_zope_port" lineno="96812">
<summary>
Bind TCP sockets to the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_udp_bind_zope_port" lineno="96832">
<summary>
Bind UDP sockets to the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_tcp_connect_zope_port" lineno="96851">
<summary>
Make a TCP connection to the zope port.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zope_client_packets" lineno="96871">
<summary>
Send zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zope_client_packets" lineno="96890">
<summary>
Do not audit attempts to send zope_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zope_client_packets" lineno="96909">
<summary>
Receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zope_client_packets" lineno="96928">
<summary>
Do not audit attempts to receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zope_client_packets" lineno="96947">
<summary>
Send and receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zope_client_packets" lineno="96963">
<summary>
Do not audit attempts to send and receive zope_client packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zope_client_packets" lineno="96978">
<summary>
Relabel packets to zope_client the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_send_zope_server_packets" lineno="96998">
<summary>
Send zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_dontaudit_send_zope_server_packets" lineno="97017">
<summary>
Do not audit attempts to send zope_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_receive_zope_server_packets" lineno="97036">
<summary>
Receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_dontaudit_receive_zope_server_packets" lineno="97055">
<summary>
Do not audit attempts to receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_sendrecv_zope_server_packets" lineno="97074">
<summary>
Send and receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_dontaudit_sendrecv_zope_server_packets" lineno="97090">
<summary>
Do not audit attempts to send and receive zope_server packets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="corenet_relabelto_zope_server_packets" lineno="97105">
<summary>
Relabel packets to zope_server the packet type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corenet_tcp_sendrecv_lo_if" lineno="97128">
<summary>
Send and receive TCP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_udp_send_lo_if" lineno="97147">
<summary>
Send UDP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_udp_receive_lo_if" lineno="97166">
<summary>
Receive UDP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_udp_sendrecv_lo_if" lineno="97185">
<summary>
Send and receive UDP network traffic on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="corenet_raw_send_lo_if" lineno="97201">
<summary>
Send raw IP packets on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="corenet_raw_receive_lo_if" lineno="97220">
<summary>
Receive raw IP packets on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="corenet_raw_sendrecv_lo_if" lineno="97239">
<summary>
Send and receive raw IP packets on the lo interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
</module>
<module name="devices" filename="policy/modules/kernel/devices.if">
<summary>
Device nodes and interfaces for many basic system devices.
</summary>
<desc>
<p>
This module creates the device node concept and provides
the policy for many of the device files. Notable exceptions are
the mass storage and terminal devices that are covered by other
modules.
</p>
<p>
This module creates the concept of a device node. That is a
char or block device file, usually in /dev. All types that
are used to label device nodes should use the dev_node macro.
</p>
<p>
Additionally, this module controls access to three things:
<ul>
<li>the device directories containing device nodes</li>
<li>device nodes as a group</li>
<li>individual access to specific device nodes covered by
this module.</li>
</ul>
</p>
</desc>
<required val="true">
Depended on by other required modules.
</required>
<interface name="dev_node" lineno="66">
<summary>
Make the specified type usable for device
nodes in a filesystem.
</summary>
<desc>
<p>
Make the specified type usable for device nodes
in a filesystem. Types used for device nodes that
do not use this interface, or an interface that
calls this one, will have unexpected behaviors
while the system is running.
</p>
<p>
Example:
</p>
<p>
type mydev_t;
dev_node(mydev_t)
allow mydomain_t mydev_t:chr_file read_chr_file_perms;
</p>
<p>
Related interfaces:
</p>
<ul>
<li>term_tty()</li>
<li>term_pty()</li>
</ul>
</desc>
<param name="type">
<summary>
Type to be used for device nodes.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="dev_getattr_fs" lineno="84">
<summary>
Get attributes of device filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_mounton" lineno="102">
<summary>
Mount a filesystem on /dev
</summary>
<param name="domain">
<summary>
Domain allow access.
</summary>
</param>
</interface>
<interface name="dev_relabel_all_dev_nodes" lineno="121">
<summary>
Allow full relabeling (to and from) of all device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed to relabel.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_list_all_dev_nodes" lineno="146">
<summary>
List all of the device nodes in a device directory.
</summary>
<param name="domain">
<summary>
Domain allowed to list device nodes.
</summary>
</param>
</interface>
<interface name="dev_setattr_generic_dirs" lineno="165">
<summary>
Set the attributes of /dev directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_list_all_dev_nodes" lineno="183">
<summary>
Dontaudit attempts to list all device nodes.
</summary>
<param name="domain">
<summary>
Domain to dontaudit listing of device nodes.
</summary>
</param>
</interface>
<interface name="dev_add_entry_generic_dirs" lineno="201">
<summary>
Add entries to directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed to add entries.
</summary>
</param>
</interface>
<interface name="dev_remove_entry_generic_dirs" lineno="219">
<summary>
Add entries to directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed to add entries.
</summary>
</param>
</interface>
<interface name="dev_create_generic_dirs" lineno="237">
<summary>
Create a directory in the device directory.
</summary>
<param name="domain">
<summary>
Domain allowed to create the directory.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_dirs" lineno="256">
<summary>
Delete a directory in the device directory.
</summary>
<param name="domain">
<summary>
Domain allowed to create the directory.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_dirs" lineno="274">
<summary>
Manage of directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed to relabel.
</summary>
</param>
</interface>
<interface name="dev_relabel_generic_dev_dirs" lineno="292">
<summary>
Allow full relabeling (to and from) of directories in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed to relabel.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_files" lineno="310">
<summary>
dontaudit getattr generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_generic_files" lineno="328">
<summary>
Read and write generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_files" lineno="346">
<summary>
Delete generic files in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_files" lineno="364">
<summary>
Create a file in the device directory.
</summary>
<param name="domain">
<summary>
Domain allowed to create the files.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_pipes" lineno="382">
<summary>
Dontaudit getattr on generic pipes.
</summary>
<param name="domain">
<summary>
Domain to dontaudit.
</summary>
</param>
</interface>
<interface name="dev_getattr_generic_blk_files" lineno="400">
<summary>
Allow getattr on generic block devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_blk_files" lineno="418">
<summary>
Dontaudit getattr on generic block devices.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_generic_blk_files" lineno="436">
<summary>
Dontaudit setattr on generic block devices.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_create_generic_blk_files" lineno="454">
<summary>
Create generic block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_blk_files" lineno="472">
<summary>
Delete generic block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_generic_chr_files" lineno="490">
<summary>
Allow getattr for generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_generic_chr_files" lineno="508">
<summary>
Dontaudit getattr for generic character device files.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_generic_chr_files" lineno="526">
<summary>
Dontaudit read for generic character device files.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_generic_blk_files" lineno="544">
<summary>
Dontaudit read for generic character device files.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_generic_chr_files" lineno="562">
<summary>
Dontaudit setattr for generic character device files.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_rw_generic_chr_files" lineno="580">
<summary>
Read and write generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_generic_chr_files" lineno="598">
<summary>
Create generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_chr_files" lineno="616">
<summary>
Delete generic character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_generic_symlinks" lineno="635">
<summary>
Do not audit attempts to set the attributes
of symbolic links in device directories (/dev).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_generic_symlinks" lineno="653">
<summary>
Read symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_generic_symlinks" lineno="671">
<summary>
Create symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_generic_symlinks" lineno="689">
<summary>
Delete symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_symlinks" lineno="707">
<summary>
Create, delete, read, and write symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_generic_symlinks" lineno="725">
<summary>
Relabel symbolic links in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_all_dev_nodes" lineno="743">
<summary>
Create, delete, read, and write device nodes in device directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_generic_dev_nodes" lineno="779">
<summary>
Dontaudit getattr for generic device files.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_all_dev_nodes" lineno="797">
<summary>
Dontaudit getattr for generic device files.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_blk_files" lineno="815">
<summary>
Create, delete, read, and write block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_generic_chr_files" lineno="833">
<summary>
Create, delete, read, and write character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans" lineno="863">
<summary>
Create, read, and write device nodes. The node
will be transitioned to the type provided.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file">
<summary>
Type to which the created node will be transitioned.
</summary>
</param>
<param name="objectclass(es)">
<summary>
Object class(es) (single or set including {}) for which this
the transition will occur.
</summary>
</param>
</interface>
<interface name="dev_tmpfs_filetrans_dev" lineno="893">
<summary>
Create, read, and write device nodes. The node
will be transitioned to the type provided. This is
a temporary interface until devtmpfs functionality
fixed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="objectclass(es)">
<summary>
Object class(es) (single or set including {}) for which this
the transition will occur.
</summary>
</param>
</interface>
<interface name="dev_getattr_all_blk_files" lineno="912">
<summary>
Getattr on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_dontaudit_getattr_all_blk_files" lineno="931">
<summary>
Dontaudit getattr on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_getattr_all_chr_files" lineno="951">
<summary>
Getattr on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_dontaudit_getattr_all_chr_files" lineno="970">
<summary>
Dontaudit getattr on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_all" lineno="989">
<summary>
Dontaudit getattr on all device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_all_blk_files" lineno="1009">
<summary>
Setattr on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_setattr_all_chr_files" lineno="1029">
<summary>
Setattr on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dev_dontaudit_read_all_blk_files" lineno="1048">
<summary>
Dontaudit read on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_all_blk_files" lineno="1066">
<summary>
Dontaudit write on all block file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_all_chr_files" lineno="1084">
<summary>
Dontaudit read on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_all_chr_files" lineno="1102">
<summary>
Dontaudit write on all character file device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_create_all_blk_files" lineno="1120">
<summary>
Create all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_all_chr_files" lineno="1139">
<summary>
Create all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_all_inherited_chr_files" lineno="1158">
<summary>
rw all inherited character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_all_inherited_blk_files" lineno="1176">
<summary>
rw all inherited blk device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_all_blk_files" lineno="1194">
<summary>
Delete all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_all_chr_files" lineno="1213">
<summary>
Delete all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rename_all_blk_files" lineno="1232">
<summary>
Rename all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rename_all_chr_files" lineno="1251">
<summary>
Rename all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_all_blk_files" lineno="1270">
<summary>
Read, write, create, and delete all block device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_all_chr_files" lineno="1294">
<summary>
Read, write, create, and delete all character device files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_agp_dev" lineno="1315">
<summary>
Getattr the agp devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_agp" lineno="1333">
<summary>
Read and write the agp devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_apm_bios_dev" lineno="1351">
<summary>
Get the attributes of the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_apm_bios_dev" lineno="1370">
<summary>
Do not audit attempts to get the attributes of
the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_apm_bios_dev" lineno="1388">
<summary>
Set the attributes of the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_apm_bios_dev" lineno="1407">
<summary>
Do not audit attempts to set the attributes of
the apm bios device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_apm_bios" lineno="1425">
<summary>
Read and write the apm bios.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_autofs_dev" lineno="1443">
<summary>
Get the attributes of the autofs device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_autofs_dev" lineno="1462">
<summary>
Do not audit attempts to get the attributes of
the autofs device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_autofs_dev" lineno="1480">
<summary>
Set the attributes of the autofs device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_autofs_dev" lineno="1499">
<summary>
Do not audit attempts to set the attributes of
the autofs device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_autofs" lineno="1517">
<summary>
Read and write the autofs device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_cardmgr" lineno="1535">
<summary>
Read and write the PCMCIA card manager device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_cardmgr" lineno="1555">
<summary>
Do not audit attempts to read and
write the PCMCIA card manager device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_create_cardmgr_dev" lineno="1575">
<summary>
Create, read, write, and delete
the PCMCIA card manager device
with the correct type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_cardmgr_dev" lineno="1595">
<summary>
Create, read, write, and delete
the PCMCIA card manager device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_cardmgr" lineno="1616">
<summary>
Automatic type transition to the type
for PCMCIA card manager device nodes when
created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_cpu_dev" lineno="1635">
<summary>
Get the attributes of the CPU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_cpu_dev" lineno="1654">
<summary>
Set the attributes of the CPU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_cpuid" lineno="1672">
<summary>
Read the CPU identity.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_cpu_microcode" lineno="1691">
<summary>
Read and write the the CPU microcode device. This
is required to load CPU microcode.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_crash" lineno="1709">
<summary>
Read the kernel crash device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_crypto" lineno="1727">
<summary>
Read and write the the hardware SSL accelerator.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_dlm_control" lineno="1745">
<summary>
Set the attributes of the dlm control devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_dlm_control" lineno="1763">
<summary>
Read and write the the dlm control device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_dri_dev" lineno="1781">
<summary>
getattr the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_dri_dev" lineno="1799">
<summary>
Setattr the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_dri" lineno="1817">
<summary>
Read and write the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_dri" lineno="1835">
<summary>
Dontaudit read and write on the dri devices.
</summary>
<param name="domain">
<summary>
Domain to dontaudit access.
</summary>
</param>
</interface>
<interface name="dev_manage_dri_dev" lineno="1853">
<summary>
Create, read, write, and delete the dri devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_dri" lineno="1872">
<summary>
Automatic type transition to the type
for DRI device nodes when created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_input_dev" lineno="1890">
<summary>
Get the attributes of the event devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_input_dev" lineno="1909">
<summary>
Set the attributes of the event devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_input" lineno="1928">
<summary>
Read input event devices (/dev/input).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_input_dev" lineno="1946">
<summary>
Read input event devices (/dev/input).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_framebuffer_dev" lineno="1964">
<summary>
Get the attributes of the framebuffer device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_framebuffer_dev" lineno="1982">
<summary>
Set the attributes of the framebuffer device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_framebuffer_dev" lineno="2001">
<summary>
Dot not audit attempts to set the attributes
of the framebuffer device node.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_framebuffer" lineno="2019">
<summary>
Read the framebuffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_framebuffer" lineno="2038">
<summary>
Do not audit attempts to read the framebuffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_framebuffer" lineno="2056">
<summary>
Write the framebuffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_framebuffer" lineno="2074">
<summary>
Read and write the framebuffer.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_kmsg" lineno="2092">
<summary>
Read the kernel messages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_kmsg" lineno="2110">
<summary>
Do not audit attempts to read the kernel messages
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_kmsg" lineno="2128">
<summary>
Write to the kernel messages device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_ksm_dev" lineno="2146">
<summary>
Get the attributes of the ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_ksm_dev" lineno="2164">
<summary>
Set the attributes of the ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_ksm" lineno="2182">
<summary>
Read the ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_ksm" lineno="2200">
<summary>
Read and write to ksm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_kvm_dev" lineno="2218">
<summary>
Get the attributes of the kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_kvm_dev" lineno="2236">
<summary>
Set the attributes of the kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_kvm" lineno="2254">
<summary>
Read the kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_kvm" lineno="2272">
<summary>
Read and write to kvm devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_lirc" lineno="2290">
<summary>
Read the lirc device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_lirc" lineno="2308">
<summary>
Read and write the lirc device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_lirc" lineno="2327">
<summary>
Automatic type transition to the type
for lirc device nodes when created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_lvm_control" lineno="2345">
<summary>
Get the attributes of the lvm comtrol device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_lvm_control" lineno="2363">
<summary>
Read the lvm comtrol device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_lvm_control" lineno="2381">
<summary>
Read and write the lvm control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_lvm_control" lineno="2399">
<summary>
Do not audit attempts to read and write lvm control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_lvm_control_dev" lineno="2417">
<summary>
Delete the lvm control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_memory_dev" lineno="2435">
<summary>
dontaudit getattr raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_raw_memory" lineno="2453">
<summary>
Read raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_read_raw_memory" lineno="2476">
<summary>
Do not audit attempts to read raw memory devices
(e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_raw_memory" lineno="2494">
<summary>
Write raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rx_raw_memory" lineno="2516">
<summary>
Read and execute raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_wx_raw_memory" lineno="2535">
<summary>
Write and execute raw memory devices (e.g. /dev/mem).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_misc_dev" lineno="2554">
<summary>
Get the attributes of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_misc_dev" lineno="2573">
<summary>
Do not audit attempts to get the attributes
of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_misc_dev" lineno="2591">
<summary>
Set the attributes of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_misc_dev" lineno="2610">
<summary>
Do not audit attempts to set the attributes
of miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_misc" lineno="2628">
<summary>
Read miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_ipmi_dev" lineno="2646">
<summary>
Read and write ipmi devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_misc" lineno="2664">
<summary>
Write miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_rw_misc" lineno="2682">
<summary>
Do not audit attempts to read and write miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_modem_dev" lineno="2700">
<summary>
Get the attributes of the modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_modem_dev" lineno="2718">
<summary>
Set the attributes of the modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_modem" lineno="2736">
<summary>
Read the modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_modem" lineno="2754">
<summary>
Read and write to modem devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_mouse_dev" lineno="2772">
<summary>
Get the attributes of the mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_mouse_dev" lineno="2790">
<summary>
Set the attributes of the mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_mouse" lineno="2808">
<summary>
Read the mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_mouse" lineno="2826">
<summary>
Read and write to mouse devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_mtrr_dev" lineno="2845">
<summary>
Get the attributes of the memory type range
registers (MTRR) device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_mtrr_dev" lineno="2865">
<summary>
Dontaudit get the attributes of the memory type range
registers (MTRR) device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_mtrr" lineno="2898">
<summary>
Read the memory type range
registers (MTRR). (Deprecated)
</summary>
<desc>
<p>
Read the memory type range
registers (MTRR). This interface has
been deprecated, dev_rw_mtrr() should be
used instead.
</p>
<p>
The MTRR device ioctls can be used for
reading and writing; thus, read access to the
device cannot be separated from write access.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_mtrr" lineno="2927">
<summary>
Write the memory type range
registers (MTRR). (Deprecated)
</summary>
<desc>
<p>
Write the memory type range
registers (MTRR). This interface has
been deprecated, dev_rw_mtrr() should be
used instead.
</p>
<p>
The MTRR device ioctls can be used for
reading and writing; thus, write access to the
device cannot be separated from read access.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_mtrr" lineno="2943">
<summary>
Do not audit attempts to write the memory type
range registers (MTRR).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_mtrr" lineno="2962">
<summary>
Read and write the memory type range registers (MTRR).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_netcontrol_dev" lineno="2981">
<summary>
Get the attributes of the network control device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_netcontrol" lineno="2999">
<summary>
Read the network control identity.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_netcontrol" lineno="3017">
<summary>
Read and write the the network control device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_null_dev" lineno="3035">
<summary>
Get the attributes of the null device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_null_dev" lineno="3053">
<summary>
Set the attributes of the null device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_delete_null" lineno="3071">
<summary>
Delete the null device (/dev/null).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_null" lineno="3089">
<summary>
Read and write to the null device (/dev/null).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_null_dev" lineno="3107">
<summary>
Create the null device (/dev/null).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_nvram_dev" lineno="3126">
<summary>
Do not audit attempts to get the attributes
of the BIOS non-volatile RAM device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_nvram" lineno="3144">
<summary>
Read and write BIOS non-volatile RAM.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_printer_dev" lineno="3163">
<summary>
Get the attributes of the printer device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_printer_dev" lineno="3181">
<summary>
Set the attributes of the printer device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_append_printer" lineno="3200">
<summary>
Append the printer device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_printer" lineno="3218">
<summary>
Read and write the printer device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_qemu_dev" lineno="3237">
<summary>
Get the attributes of the QEMU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_qemu_dev" lineno="3256">
<summary>
Set the attributes of the QEMU
microcode and id interfaces.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_qemu" lineno="3274">
<summary>
Read the QEMU device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_qemu" lineno="3292">
<summary>
Read and write the the QEMU device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_rand" lineno="3326">
<summary>
Read from random number generator
devices (e.g., /dev/random).
</summary>
<desc>
<p>
Allow the specified domain to read from random number
generator devices (e.g., /dev/random). Typically this is
used in situations when a cryptographically secure random
number is needed.
</p>
<p>
Related interface:
</p>
<ul>
<li>dev_read_urand()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="dev_dontaudit_read_rand" lineno="3345">
<summary>
Do not audit attempts to read from random
number generator devices (e.g., /dev/random)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_append_rand" lineno="3364">
<summary>
Do not audit attempts to append to random
number generator devices (e.g., /dev/random)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_rand" lineno="3384">
<summary>
Write to the random device (e.g., /dev/random). This adds
entropy used to generate the random data read from the
random device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_realtime_clock" lineno="3402">
<summary>
Read the realtime clock (/dev/rtc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_realtime_clock" lineno="3420">
<summary>
Set the realtime clock (/dev/rtc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_realtime_clock" lineno="3440">
<summary>
Read and set the realtime clock (/dev/rtc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_scanner_dev" lineno="3455">
<summary>
Get the attributes of the scanner device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_scanner_dev" lineno="3474">
<summary>
Do not audit attempts to get the attributes of
the scanner device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_scanner_dev" lineno="3492">
<summary>
Set the attributes of the scanner device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_scanner_dev" lineno="3511">
<summary>
Do not audit attempts to set the attributes of
the scanner device.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_rw_scanner" lineno="3529">
<summary>
Read and write the scanner device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_sound_dev" lineno="3547">
<summary>
Get the attributes of the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_sound_dev" lineno="3565">
<summary>
Set the attributes of the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_sound" lineno="3583">
<summary>
Read the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_sound" lineno="3601">
<summary>
Write the sound devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_sound_mixer" lineno="3619">
<summary>
Read the sound mixer devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_sound_mixer" lineno="3637">
<summary>
Write the sound mixer devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_power_mgmt_dev" lineno="3655">
<summary>
Get the attributes of the the power management device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_power_mgmt_dev" lineno="3673">
<summary>
Set the attributes of the the power management device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_power_management" lineno="3691">
<summary>
Read and write the the power management device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_smartcard_dev" lineno="3709">
<summary>
Getattr on smartcard devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_smartcard_dev" lineno="3728">
<summary>
dontaudit getattr on smartcard devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_smartcard" lineno="3747">
<summary>
Read and write smartcard devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_smartcard" lineno="3765">
<summary>
Create, read, write, and delete smartcard devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_associate_sysfs" lineno="3783">
<summary>
Associate a file to a sysfs filesystem.
</summary>
<param name="file_type">
<summary>
The type of the file to be associated to sysfs.
</summary>
</param>
</interface>
<interface name="dev_getattr_sysfs_dirs" lineno="3801">
<summary>
Get the attributes of sysfs directories.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dev_mounton_sysfs" lineno="3819">
<summary>
Mount a filesystem on /sys
</summary>
<param name="domain">
<summary>
Domain allow access.
</summary>
</param>
</interface>
<interface name="dev_mount_sysfs_fs" lineno="3837">
<summary>
Mount sysfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_unmount_sysfs_fs" lineno="3855">
<summary>
Unmount sysfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_search_sysfs" lineno="3873">
<summary>
Search the sysfs directories.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_search_sysfs" lineno="3891">
<summary>
Do not audit attempts to search sysfs.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dev_list_sysfs" lineno="3909">
<summary>
List the contents of the sysfs directories.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dev_write_sysfs_dirs" lineno="3929">
<summary>
Write in a sysfs directories.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dev_read_sysfs" lineno="3956">
<summary>
Read hardware state information.
</summary>
<desc>
<p>
Allow the specified domain to read the contents of
the sysfs filesystem. This filesystem contains
information, parameters, and other settings on the
hardware installed on the system.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="dev_rw_sysfs" lineno="3977">
<summary>
Allow caller to modify hardware state information.
</summary>
<param name="domain">
<summary>
The process type modifying hardware state information.
</summary>
</param>
</interface>
<interface name="dev_read_urand" lineno="4021">
<summary>
Read from pseudo random number generator devices (e.g., /dev/urandom).
</summary>
<desc>
<p>
Allow the specified domain to read from pseudo random number
generator devices (e.g., /dev/urandom). Typically this is
used in situations when a cryptographically secure random
number is not necessarily needed. One example is the Stack
Smashing Protector (SSP, formerly known as ProPolice) support
that may be compiled into programs.
</p>
<p>
Related interface:
</p>
<ul>
<li>dev_read_rand()</li>
</ul>
<p>
Related tunable:
</p>
<ul>
<li>global_ssp</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="dev_dontaudit_read_urand" lineno="4040">
<summary>
Do not audit attempts to read from pseudo
random devices (e.g., /dev/urandom)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_write_urand" lineno="4059">
<summary>
Write to the pseudo random device (e.g., /dev/urandom). This
sets the random number generator seed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_write_urand" lineno="4078">
<summary>
Do not audit attempts to write to pseudo
random devices (e.g., /dev/urandom)
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_getattr_generic_usb_dev" lineno="4096">
<summary>
Getattr generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_generic_usb_dev" lineno="4115">
<summary>
Setattr generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_generic_usb_dev" lineno="4134">
<summary>
Read generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_generic_usb_dev" lineno="4152">
<summary>
Read and write generic the USB devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_relabel_generic_usb_dev" lineno="4170">
<summary>
Allow relabeling (to and from) of generic usb device
</summary>
<param name="domain">
<summary>
Domain allowed to relabel.
</summary>
</param>
</interface>
<interface name="dev_read_usbmon_dev" lineno="4188">
<summary>
Read USB monitor devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_usbmon_dev" lineno="4206">
<summary>
Write USB monitor devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_mount_usbfs" lineno="4224">
<summary>
Mount a usbfs filesystem.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dev_associate_usbfs" lineno="4242">
<summary>
Associate a file to a usbfs filesystem.
</summary>
<param name="file_type">
<summary>
The type of the file to be associated to usbfs.
</summary>
</param>
</interface>
<interface name="dev_getattr_usbfs_dirs" lineno="4260">
<summary>
Get the attributes of a directory in the usb filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_usbfs_dirs" lineno="4279">
<summary>
Do not audit attempts to get the attributes
of a directory in the usb filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_search_usbfs" lineno="4297">
<summary>
Search the directory containing USB hardware information.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dev_list_usbfs" lineno="4315">
<summary>
Allow caller to get a list of usb hardware.
</summary>
<param name="domain">
<summary>
The process type getting the list.
</summary>
</param>
</interface>
<interface name="dev_setattr_usbfs_files" lineno="4336">
<summary>
Set the attributes of usbfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_usbfs" lineno="4356">
<summary>
Read USB hardware information using
the usbfs filesystem interface.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dev_rw_usbfs" lineno="4376">
<summary>
Allow caller to modify usb hardware configuration files.
</summary>
<param name="domain">
<summary>
The process type modifying the options.
</summary>
</param>
</interface>
<interface name="dev_rw_vhost" lineno="4396">
<summary>
Allow read/write the vhost net device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_video_dev" lineno="4414">
<summary>
Get the attributes of video4linux devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_userio_dev" lineno="4432">
<summary>
Read and write userio device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_getattr_video_dev" lineno="4451">
<summary>
Do not audit attempts to get the attributes
of video4linux device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_setattr_video_dev" lineno="4469">
<summary>
Set the attributes of video4linux device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_dontaudit_setattr_video_dev" lineno="4488">
<summary>
Do not audit attempts to set the attributes
of video4linux device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dev_read_video_dev" lineno="4506">
<summary>
Read the video4linux devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_video_dev" lineno="4524">
<summary>
Write the video4linux devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_vmware" lineno="4542">
<summary>
Read and write VMWare devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rwx_vmware" lineno="4560">
<summary>
Read, write, and mmap VMWare devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_read_watchdog" lineno="4579">
<summary>
Read to watchdog devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_write_watchdog" lineno="4597">
<summary>
Write to watchdog devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_wireless" lineno="4615">
<summary>
Read and write the the wireless device.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_xen" lineno="4633">
<summary>
Read and write Xen devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_manage_xen" lineno="4651">
<summary>
Create, read, write, and delete Xen devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_filetrans_xen" lineno="4670">
<summary>
Automatic type transition to the type
for xen device nodes when created in /dev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_getattr_xserver_misc_dev" lineno="4688">
<summary>
Get the attributes of X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_setattr_xserver_misc_dev" lineno="4706">
<summary>
Set the attributes of X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_xserver_misc" lineno="4724">
<summary>
Read and write X server miscellaneous devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rw_zero" lineno="4742">
<summary>
Read and write to the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_rwx_zero" lineno="4760">
<summary>
Read, write, and execute the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_execmod_zero" lineno="4779">
<summary>
Execmod the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_create_zero_dev" lineno="4798">
<summary>
Create the zero device (/dev/zero).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dev_unconfined" lineno="4816">
<summary>
Unconfined access to devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="domain" filename="policy/modules/kernel/domain.if">
<summary>Core policy for domains.</summary>
<required val="true">
Contains the concept of a domain.
</required>
<interface name="domain_base_type" lineno="26">
<summary>
Make the specified type usable as a basic domain.
</summary>
<desc>
<p>
Make the specified type usable as a basic domain.
</p>
<p>
This is primarily used for kernel threads;
generally the domain_type() interface is
more appropriate for userland processes.
</p>
</desc>
<param name="type">
<summary>
Type to be used as a basic domain type.
</summary>
</param>
</interface>
<interface name="domain_type" lineno="75">
<summary>
Make the specified type usable as a domain.
</summary>
<desc>
<p>
Make the specified type usable as a domain. This,
or an interface that calls this interface, must be
used on all types that are used as domains.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>application_domain()</li>
<li>init_daemon_domain()</li>
<li>init_domaion()</li>
<li>init_ranged_daemon_domain()</li>
<li>init_ranged_domain()</li>
<li>init_ranged_system_domain()</li>
<li>init_script_domain()</li>
<li>init_system_domain()</li>
</ul>
<p>
Example:
</p>
<p>
type mydomain_t;
domain_type(mydomain_t)
type myfile_t;
files_type(myfile_t)
allow mydomain_t myfile_t:file read_file_perms;
</p>
</desc>
<param name="type">
<summary>
Type to be used as a domain type.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="domain_entry_file" lineno="125">
<summary>
Make the specified type usable as
an entry point for the domain.
</summary>
<param name="domain">
<summary>
Domain to be entered.
</summary>
</param>
<param name="type">
<summary>
Type of program used for entering
the domain.
</summary>
</param>
</interface>
<interface name="domain_interactive_fd" lineno="149">
<summary>
Make the file descriptors of the specified
domain for interactive use (widely inheritable)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dyntrans_type" lineno="178">
<summary>
Allow the specified domain to perform
dynamic transitions.
</summary>
<desc>
<p>
Allow the specified domain to perform
dynamic transitions.
</p>
<p>
This violates process tranquility, and it
is strongly suggested that this not be used.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_system_change_exemption" lineno="198">
<summary>
Makes caller and execption to the constraint
preventing changing to the system user
identity and system role.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_subj_id_change_exemption" lineno="217">
<summary>
Makes caller an exception to the constraint preventing
changing of user identity.
</summary>
<param name="domain">
<summary>
The process type to make an exception to the constraint.
</summary>
</param>
</interface>
<interface name="domain_role_change_exemption" lineno="236">
<summary>
Makes caller an exception to the constraint preventing
changing of role.
</summary>
<param name="domain">
<summary>
The process type to make an exception to the constraint.
</summary>
</param>
</interface>
<interface name="domain_obj_id_change_exemption" lineno="256">
<summary>
Makes caller an exception to the constraint preventing
changing the user identity in object contexts.
</summary>
<param name="domain">
<summary>
The process type to make an exception to the constraint.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_user_exemption_target" lineno="291">
<summary>
Make the specified domain the target of
the user domain exception of the
SELinux role and identity change
constraints.
</summary>
<desc>
<p>
Make the specified domain the target of
the user domain exception of the
SELinux role and identity change
constraints.
</p>
<p>
This interface is needed to decouple
the user domains from the base module.
It should not be used other than on
user domains.
</p>
</desc>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="domain_cron_exemption_source" lineno="326">
<summary>
Make the specified domain the source of
the cron domain exception of the
SELinux role and identity change
constraints.
</summary>
<desc>
<p>
Make the specified domain the source of
the cron domain exception of the
SELinux role and identity change
constraints.
</p>
<p>
This interface is needed to decouple
the cron domains from the base module.
It should not be used other than on
cron domains.
</p>
</desc>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="domain_cron_exemption_target" lineno="361">
<summary>
Make the specified domain the target of
the cron domain exception of the
SELinux role and identity change
constraints.
</summary>
<desc>
<p>
Make the specified domain the target of
the cron domain exception of the
SELinux role and identity change
constraints.
</p>
<p>
This interface is needed to decouple
the cron domains from the base module.
It should not be used other than on
user cron jobs.
</p>
</desc>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="domain_use_interactive_fds" lineno="389">
<summary>
Inherit and use file descriptors from
domains with interactive programs.
</summary>
<desc>
<p>
Allow the specified domain to inherit and use file
descriptors from domains with interactive programs.
This does not allow access to the objects being referenced
by the file descriptors.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="domain_dontaudit_use_interactive_fds" lineno="409">
<summary>
Do not audit attempts to inherit file
descriptors from domains with interactive
programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_sigchld_interactive_fds" lineno="429">
<summary>
Send a SIGCHLD signal to domains whose file
discriptors are widely inheritable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_setpriority_all_domains" lineno="448">
<summary>
Set the nice level of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_signal_all_domains" lineno="467">
<summary>
Send general signals to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_signull_all_domains" lineno="486">
<summary>
Send a null signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_signull_all_domains" lineno="505">
<summary>
Send a null signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_sigstop_all_domains" lineno="525">
<summary>
Send a stop signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_sigchld_all_domains" lineno="544">
<summary>
Send a child terminated signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_kill_all_domains" lineno="563">
<summary>
Send a kill signal to all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_search_all_domains_state" lineno="582">
<summary>
Search the process state directory (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_search_all_domains_state" lineno="602">
<summary>
Do not audit attempts to search the process
state directory (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_read_all_domains_state" lineno="621">
<summary>
Read the process state (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_getattr_all_domains" lineno="643">
<summary>
Get the attributes of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_getattr_all_domains" lineno="661">
<summary>
Dontaudit geting the attributes of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_read_confined_domains_state" lineno="680">
<summary>
Read the process state (/proc/pid) of all confined domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_getattr_confined_domains" lineno="706">
<summary>
Get the attributes of all confined domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_ptrace_all_domains" lineno="725">
<summary>
Ptrace all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_ptrace_all_domains" lineno="754">
<summary>
Do not audit attempts to ptrace all domains.
</summary>
<desc>
<p>
Do not audit attempts to ptrace all domains.
</p>
<p>
Generally this needs to be suppressed because procps tries to access
/proc/pid/environ and this now triggers a ptrace check in recent kernels
(2.4 and 2.6).
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_ptrace_confined_domains" lineno="782">
<summary>
Do not audit attempts to ptrace confined domains.
</summary>
<desc>
<p>
Do not audit attempts to ptrace confined domains.
</p>
<p>
Generally this needs to be suppressed because procps tries to access
/proc/pid/environ and this now triggers a ptrace check in recent kernels
(2.4 and 2.6).
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_read_all_domains_state" lineno="801">
<summary>
Do not audit attempts to read the process
state (/proc/pid) of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_list_all_domains_state" lineno="826">
<summary>
Do not audit attempts to read the process state
directories of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getsession_all_domains" lineno="844">
<summary>
Get the session ID of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getsession_all_domains" lineno="863">
<summary>
Do not audit attempts to get the
session ID of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getpgid_all_domains" lineno="881">
<summary>
Get the process group ID of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getsched_all_domains" lineno="899">
<summary>
Get the scheduler information of all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_sockets" lineno="928">
<summary>
Get the attributes of all domains
sockets, for all socket types.
</summary>
<desc>
<p>
Get the attributes of all domains
sockets, for all socket types.
</p>
<p>
This is commonly used for domains
that can use lsof on all domains.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_sockets" lineno="957">
<summary>
Do not audit attempts to get the attributes
of all domains sockets, for all socket types.
</summary>
<desc>
<p>
Do not audit attempts to get the attributes
of all domains sockets, for all socket types.
</p>
<p>
This interface was added for PCMCIA cardmgr
and is probably excessive.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_tcp_sockets" lineno="976">
<summary>
Do not audit attempts to get the attributes
of all domains TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_udp_sockets" lineno="995">
<summary>
Do not audit attempts to get the attributes
of all domains UDP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_rw_all_udp_sockets" lineno="1014">
<summary>
Do not audit attempts to read or write
all domains UDP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_key_sockets" lineno="1033">
<summary>
Do not audit attempts to get attribues of
all domains IPSEC key management sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_packet_sockets" lineno="1052">
<summary>
Do not audit attempts to get attribues of
all domains packet sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_raw_sockets" lineno="1071">
<summary>
Do not audit attempts to get attribues of
all domains raw sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_rw_all_key_sockets" lineno="1090">
<summary>
Do not audit attempts to read or write
all domains key sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_rw_pipes" lineno="1109">
<summary>
Do not audit attempts to read or write
all domains key sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_dgram_sockets" lineno="1128">
<summary>
Do not audit attempts to get the attributes
of all domains unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_stream_sockets" lineno="1147">
<summary>
Get the attributes
of all domains unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_stream_sockets" lineno="1166">
<summary>
Do not audit attempts to get the attributes
of all domains unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_netlink_sockets" lineno="1185">
<summary>
Do not audit attempts to get the attributes
of all domains unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_netlink_kobject_uevent_sockets" lineno="1204">
<summary>
Do not audit attempts to get the attributes
of all domains unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_pipes" lineno="1233">
<summary>
Get the attributes of all domains
unnamed pipes.
</summary>
<desc>
<p>
Get the attributes of all domains
unnamed pipes.
</p>
<p>
This is commonly used for domains
that can use lsof on all domains.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_getattr_all_pipes" lineno="1252">
<summary>
Do not audit attempts to get the attributes
of all domains unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_ipsec_setcontext_all_domains" lineno="1271">
<summary>
Allow specified type to set context of all
domains IPSEC associations.
</summary>
<param name="type">
<summary>
Type of subject to be allowed this.
</summary>
</param>
</interface>
<interface name="domain_getattr_all_entry_files" lineno="1290">
<summary>
Get the attributes of entry point
files for all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_read_all_entry_files" lineno="1309">
<summary>
Read the entry point files for all domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_exec_all_entry_files" lineno="1330">
<summary>
Execute the entry point files for all
domains in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="domain_dontaudit_exec_all_entry_files" lineno="1348">
<summary>
dontaudit checking for execute on all entry point files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="domain_manage_all_entry_files" lineno="1368">
<summary>
Create, read, write, and delete all
entrypoint files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_relabel_all_entry_files" lineno="1388">
<summary>
Relabel to and from all entry point
file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_mmap_all_entry_files" lineno="1407">
<summary>
Mmap all entry point files as executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_entry_file_spec_domtrans" lineno="1431">
<summary>
Execute an entry_type in the specified domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="domain_mmap_low_type" lineno="1452">
<summary>
Ability to mmap a low area of the address space,
as configured by /proc/sys/kernel/mmap_min_addr.
Preventing such mappings helps protect against
exploiting null deref bugs in the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed to mmap low memory.
</summary>
</param>
</interface>
<interface name="domain_mmap_low" lineno="1473">
<summary>
Ability to mmap a low area of the address space,
as configured by /proc/sys/kernel/mmap_min_addr.
Preventing such mappings helps protect against
exploiting null deref bugs in the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed to mmap low memory.
</summary>
</param>
</interface>
<interface name="domain_all_recvfrom_all_domains" lineno="1490">
<summary>
Allow specified type to receive labeled
networking packets from all domains, over
all protocols (TCP, UDP, etc)
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_unconfined_signal" lineno="1508">
<summary>
Send generic signals to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_unconfined" lineno="1526">
<summary>
Unconfined access to domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="domain_dontaudit_leaks" lineno="1559">
<summary>
Do not audit attempts to read or write
all leaked sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_domain_fd_use" dftval="true">
<desc>
<p>
Allow all domains to use other domains file descriptors
</p>
</desc>
</tunable>
<tunable name="domain_kernel_load_modules" dftval="false">
<desc>
<p>
Allow all domains to have the kernel load modules
</p>
</desc>
</tunable>
<tunable name="fips_mode" dftval="true">
<desc>
<p>
Allow all domains to execute in fips_mode
</p>
</desc>
</tunable>
</module>
<module name="files" filename="policy/modules/kernel/files.if">
<summary>
Basic filesystem types and interfaces.
</summary>
<desc>
<p>
This module contains basic filesystem types and interfaces. This
includes:
<ul>
<li>The concept of different file types including basic
files, mount points, tmp files, etc.</li>
<li>Access to groups of files and all files.</li>
<li>Types and interfaces for the basic filesystem layout
(/, /etc, /tmp, /usr, etc.).</li>
</ul>
</p>
</desc>
<required val="true">
Contains the concept of a file.
Comains the file initial SID.
</required>
<interface name="files_type" lineno="79">
<summary>
Make the specified type usable for files
in a filesystem.
</summary>
<desc>
<p>
Make the specified type usable for files
in a filesystem. Types used for files that
do not use this interface, or an interface that
calls this one, will have unexpected behaviors
while the system is running. If the type is used
for device nodes (character or block files), then
the dev_node() interface is more appropriate.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>application_domain()</li>
<li>application_executable_file()</li>
<li>corecmd_executable_file()</li>
<li>init_daemon_domain()</li>
<li>init_domaion()</li>
<li>init_ranged_daemon_domain()</li>
<li>init_ranged_domain()</li>
<li>init_ranged_system_domain()</li>
<li>init_script_file()</li>
<li>init_script_domain()</li>
<li>init_system_domain()</li>
<li>files_config_files()</li>
<li>files_lock_file()</li>
<li>files_mountpoint()</li>
<li>files_pid_file()</li>
<li>files_security_file()</li>
<li>files_security_mountpoint()</li>
<li>files_tmp_file()</li>
<li>files_tmpfs_file()</li>
<li>logging_log_file()</li>
<li>userdom_user_home_content()</li>
</ul>
<p>
Example:
</p>
<p>
type myfile_t;
files_type(myfile_t)
allow mydomain_t myfile_t:file read_file_perms;
</p>
</desc>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_security_file" lineno="100">
<summary>
Make the specified type a file that
should not be dontaudited from
browsing from user domains.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
member directory.
</summary>
</param>
</interface>
<interface name="files_lock_file" lineno="119">
<summary>
Make the specified type usable for
lock files.
</summary>
<param name="type">
<summary>
Type to be used for lock files.
</summary>
</param>
</interface>
<interface name="files_var_lib_file" lineno="139">
<summary>
Make the specified type usable for
lock files.
</summary>
<param name="type">
<summary>
Type to be used for lock files.
</summary>
</param>
</interface>
<interface name="files_mountpoint" lineno="159">
<summary>
Make the specified type usable for
filesystem mount points.
</summary>
<param name="type">
<summary>
Type to be used for mount points.
</summary>
</param>
</interface>
<interface name="files_security_mountpoint" lineno="179">
<summary>
Make the specified type usable for
security file filesystem mount points.
</summary>
<param name="type">
<summary>
Type to be used for mount points.
</summary>
</param>
</interface>
<interface name="files_pid_file" lineno="227">
<summary>
Make the specified type usable for
runtime process ID files.
</summary>
<desc>
<p>
Make the specified type usable for runtime process ID files,
typically found in /var/run.
This will also make the type usable for files, making
calls to files_type() redundant. Failure to use this interface
for a PID file type may result in problems with starting
or stopping services.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_pid_filetrans()</li>
</ul>
<p>
Example usage with a domain that can create and
write its PID file with a private PID file type in the
/var/run directory:
</p>
<p>
type mypidfile_t;
files_pid_file(mypidfile_t)
allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
files_pid_filetrans(mydomain_t, mypidfile_t, file)
</p>
</desc>
<param name="type">
<summary>
Type to be used for PID files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_config_file" lineno="267">
<summary>
Make the specified type a
configuration file.
</summary>
<desc>
<p>
Make the specified type usable for configuration files.
This will also make the type usable for files, making
calls to files_type() redundant. Failure to use this interface
for a temporary file may result in problems with
configuration management tools.
</p>
<p>
Example usage with a domain that can read
its configuration file /etc:
</p>
<p>
type myconffile_t;
files_config_file(myconffile_t)
allow mydomain_t myconffile_t:file read_file_perms;
files_search_etc(mydomain_t)
</p>
</desc>
<param name="file_type">
<summary>
Type to be used as a configuration file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_poly" lineno="287">
<summary>
Make the specified type a
polyinstantiated directory.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
polyinstantiated directory.
</summary>
</param>
</interface>
<interface name="files_poly_parent" lineno="308">
<summary>
Make the specified type a parent
of a polyinstantiated directory.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
parent directory.
</summary>
</param>
</interface>
<interface name="files_poly_member" lineno="329">
<summary>
Make the specified type a
polyinstantiation member directory.
</summary>
<param name="file_type">
<summary>
Type of the file to be used as a
member directory.
</summary>
</param>
</interface>
<interface name="files_poly_member_tmp" lineno="356">
<summary>
Make the domain use the specified
type of polyinstantiated directory.
</summary>
<param name="domain">
<summary>
Domain using the polyinstantiated
directory.
</summary>
</param>
<param name="file_type">
<summary>
Type of the file to be used as a
member directory.
</summary>
</param>
</interface>
<interface name="files_tmp_file" lineno="403">
<summary>
Make the specified type a file
used for temporary files.
</summary>
<desc>
<p>
Make the specified type usable for temporary files.
This will also make the type usable for files, making
calls to files_type() redundant. Failure to use this interface
for a temporary file may result in problems with
purging temporary files.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_tmp_filetrans()</li>
</ul>
<p>
Example usage with a domain that can create and
write its temporary file in the system temporary file
directories (/tmp or /var/tmp):
</p>
<p>
type mytmpfile_t;
files_tmp_file(mytmpfile_t)
allow mydomain_t mytmpfile_t:file { create_file_perms write_file_perms };
files_tmp_filetrans(mydomain_t, mytmpfile_t, file)
</p>
</desc>
<param name="file_type">
<summary>
Type of the file to be used as a
temporary file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="files_tmpfs_file" lineno="425">
<summary>
Transform the type into a file, for use on a
virtual memory filesystem (tmpfs).
</summary>
<param name="type">
<summary>
The type to be transformed.
</summary>
</param>
</interface>
<interface name="files_getattr_all_dirs" lineno="444">
<summary>
Get the attributes of all directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_dirs" lineno="463">
<summary>
Do not audit attempts to get the attributes
of all directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_non_security" lineno="481">
<summary>
List all non-security directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_non_security" lineno="500">
<summary>
Do not audit attempts to list all
non-security directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_mounton_non_security" lineno="519">
<summary>
Mount a filesystem on all non-security
directories and files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_non_security_dirs" lineno="538">
<summary>
Allow attempts to modify any directory
</summary>
<param name="domain">
<summary>
Domain to allow
</summary>
</param>
</interface>
<interface name="files_manage_non_security_dirs" lineno="556">
<summary>
Allow attempts to manage non-security directories
</summary>
<param name="domain">
<summary>
Domain to allow
</summary>
</param>
</interface>
<interface name="files_manage_non_security_files" lineno="574">
<summary>
Manage all non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_non_security_files" lineno="594">
<summary>
Relabel all non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_getattr_all_files" lineno="624">
<summary>
Get the attributes of all files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_files" lineno="644">
<summary>
Do not audit attempts to get the attributes
of all files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_files" lineno="663">
<summary>
Do not audit attempts to get the attributes
of non security files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_setattr_non_security_files" lineno="682">
<summary>
Do not audit attempts to set the attributes
of non security files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_setattr_non_security_dirs" lineno="701">
<summary>
Do not audit attempts to set the attributes
of non security directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_all_files" lineno="719">
<summary>
Read all files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_execmod_all_files" lineno="750">
<summary>
Allow shared library text relocations in all files.
</summary>
<desc>
<p>
Allow shared library text relocations in all files.
</p>
<p>
This is added to support WINE policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_non_security_files" lineno="769">
<summary>
Read all non-security files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_all_dirs_except" lineno="796">
<summary>
Read all directories on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="files_read_all_files_except" lineno="821">
<summary>
Read all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="files_read_all_symlinks_except" lineno="846">
<summary>
Read all symbolic links on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="files_getattr_all_symlinks" lineno="864">
<summary>
Get the attributes of all symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_symlinks" lineno="883">
<summary>
Do not audit attempts to get the attributes
of all symbolic links.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_all_symlinks" lineno="901">
<summary>
Do not audit attempts to read all symbolic links.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_symlinks" lineno="920">
<summary>
Do not audit attempts to get the attributes
of non security symbolic links.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_blk_files" lineno="939">
<summary>
Do not audit attempts to get the attributes
of non security block devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_chr_files" lineno="958">
<summary>
Do not audit attempts to get the attributes
of non security character devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_all_symlinks" lineno="977">
<summary>
Read all symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_getattr_all_pipes" lineno="996">
<summary>
Get the attributes of all named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_pipes" lineno="1016">
<summary>
Do not audit attempts to get the attributes
of all named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_pipes" lineno="1035">
<summary>
Do not audit attempts to get the attributes
of non security named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_non_security_pipes" lineno="1054">
<summary>
Do not audit attempts to get the attributes
of non security named pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_getattr_all_sockets" lineno="1072">
<summary>
Get the attributes of all named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_sockets" lineno="1092">
<summary>
Do not audit attempts to get the attributes
of all named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_non_security_sockets" lineno="1111">
<summary>
Do not audit attempts to get the attributes
of non security named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_all_blk_files" lineno="1129">
<summary>
Read all block nodes with file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_all_chr_files" lineno="1147">
<summary>
Read all character nodes with file types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_files" lineno="1173">
<summary>
Relabel all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_rw_all_files" lineno="1209">
<summary>
rw all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_all_files" lineno="1235">
<summary>
Manage all files on the filesystem, except
the listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_search_all" lineno="1262">
<summary>
Search the contents of all directories on
extended attribute filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_all" lineno="1281">
<summary>
List the contents of all directories on
extended attribute filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_all_dirs" lineno="1301">
<summary>
Do not audit attempts to search the
contents of any directories on extended
attribute filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_all_file_type_fs" lineno="1324">
<summary>
Get the attributes of all filesystems
with the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_all_file_type_fs" lineno="1342">
<summary>
Relabel a filesystem to the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_all_file_type_fs" lineno="1360">
<summary>
Relabel a filesystem to the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mount_all_file_type_fs" lineno="1378">
<summary>
Mount all filesystems with the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_unmount_all_file_type_fs" lineno="1396">
<summary>
Unmount all filesystems with the type of a file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_config_dirs" lineno="1415">
<summary>
Manage all configuration directories on filesystem
</summary>
<param name="domain">
<summary>
The type of domain performing this action
</summary>
</param>
</interface>
<interface name="files_relabel_config_dirs" lineno="1434">
<summary>
Relabel configuration directories
</summary>
<param name="domain">
<summary>
Type of domain performing this action
</summary>
</param>
</interface>
<interface name="files_read_config_files" lineno="1452">
<summary>
Read config files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_config_files" lineno="1473">
<summary>
Manage all configuration files on filesystem
</summary>
<param name="domain">
<summary>
The type of domain performing this action
</summary>
</param>
</interface>
<interface name="files_relabel_config_files" lineno="1492">
<summary>
Relabel configuration files
</summary>
<param name="domain">
<summary>
Type of domain performing this action
</summary>
</param>
</interface>
<interface name="files_mounton_all_mountpoints" lineno="1510">
<summary>
Mount a filesystem on all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_all_mountpoints" lineno="1529">
<summary>
Get the attributes of all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_all_mountpoint_symlinks" lineno="1547">
<summary>
Read all mountpoint symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_all_mountpoints" lineno="1565">
<summary>
List the attributes of all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_all_mountpoints" lineno="1583">
<summary>
Get the attributes of all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_all_mountpoints" lineno="1601">
<summary>
Do not audit listing of all mount points.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_all_mountpoints" lineno="1619">
<summary>
Search all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_all_mountpoints" lineno="1637">
<summary>
Search all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_all_mountpoints" lineno="1655">
<summary>
Write all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_all_mountpoints" lineno="1673">
<summary>
Write all mount points.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_root" lineno="1692">
<summary>
List the contents of the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_root_dir" lineno="1712">
<summary>
Do not audit attempts to write
files in the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_root_filetrans" lineno="1741">
<summary>
Create an object in the root directory, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_root_files" lineno="1760">
<summary>
Do not audit attempts to read files in
the root directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_root_files" lineno="1779">
<summary>
Do not audit attempts to read or write
files in the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_root_chr_files" lineno="1798">
<summary>
Do not audit attempts to read or write
character device nodes in the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_root_file" lineno="1816">
<summary>
Remove file entries from the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_root_dir_entry" lineno="1834">
<summary>
Remove entries from the root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_unmount_rootfs" lineno="1852">
<summary>
Unmount a rootfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_rootfs" lineno="1870">
<summary>
Mount a filesystem on the root file system
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_boot_dirs" lineno="1888">
<summary>
Get attributes of the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_boot_dirs" lineno="1907">
<summary>
Do not audit attempts to get attributes
of the /boot directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_boot" lineno="1925">
<summary>
Search the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_boot" lineno="1943">
<summary>
Do not audit attempts to search the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_boot" lineno="1961">
<summary>
List the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_boot_dirs" lineno="1979">
<summary>
Create directories in /boot
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_boot_dirs" lineno="1997">
<summary>
manage directories in /boot
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_boot_filetrans" lineno="2026">
<summary>
Create a private type object in boot
with an automatic type transition
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object_class">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="files_read_boot_files" lineno="2045">
<summary>
read files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_rw_boot_files" lineno="2065">
<summary>
Create, read, write, and delete files
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_boot_files" lineno="2085">
<summary>
Create, read, write, and delete files
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabelfrom_boot_files" lineno="2103">
<summary>
Relabel from files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_boot_symlinks" lineno="2122">
<summary>
Read symbolic links
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_boot_symlinks" lineno="2141">
<summary>
Read and write symbolic links
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_boot_symlinks" lineno="2161">
<summary>
Create, read, write, and delete symbolic links
in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_kernel_img" lineno="2179">
<summary>
Read kernel files in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_kernel_img" lineno="2200">
<summary>
Install a kernel into the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_delete_kernel" lineno="2220">
<summary>
Delete a kernel from /boot.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_getattr_default_dirs" lineno="2238">
<summary>
Getattr of directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_default_dirs" lineno="2257">
<summary>
Do not audit attempts to get the attributes of
directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_default" lineno="2275">
<summary>
Search the contents of directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_default" lineno="2293">
<summary>
List contents of directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_default" lineno="2312">
<summary>
Do not audit attempts to list contents of
directories with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_default_dirs" lineno="2331">
<summary>
Create, read, write, and delete directories with
the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_default" lineno="2349">
<summary>
Mount a filesystem on a directory with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_default_files" lineno="2368">
<summary>
Do not audit attempts to get the attributes of
files with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_read_default_files" lineno="2386">
<summary>
Read files with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_default_files" lineno="2405">
<summary>
Do not audit attempts to read files
with the default file type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_default_files" lineno="2424">
<summary>
Create, read, write, and delete files with
the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_default_symlinks" lineno="2442">
<summary>
Read symbolic links with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_default_sockets" lineno="2460">
<summary>
Read sockets with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_default_pipes" lineno="2478">
<summary>
Read named pipes with the default file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_etc" lineno="2496">
<summary>
Search the contents of /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_etc_dirs" lineno="2514">
<summary>
Set the attributes of the /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_etc" lineno="2532">
<summary>
List the contents of /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_etc_dirs" lineno="2550">
<summary>
Add and remove entries from /etc directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_etc_dirs" lineno="2568">
<summary>
Do not audit attempts to write to /etc dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_etc_dirs" lineno="2587">
<summary>
Manage generic directories in /etc
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="files_read_etc_files" lineno="2639">
<summary>
Read generic files in /etc.
</summary>
<desc>
<p>
Allow the specified domain to read generic
files in /etc. These files are typically
general system configuration files that do
not have more specific SELinux types. Some
examples of these files are:
</p>
<ul>
<li>/etc/fstab</li>
<li>/etc/passwd</li>
<li>/etc/services</li>
<li>/etc/shells</li>
</ul>
<p>
This interface does not include access to /etc/shadow.
</p>
<p>
Generally, it is safe for many domains to have
this access. However, since this interface provides
access to the /etc/passwd file, caution must be
exercised, as user account names can be leaked
through this access.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>auth_read_shadow()</li>
<li>files_read_etc_runtime_files()</li>
<li>seutil_read_config()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="files_dontaudit_write_etc_files" lineno="2660">
<summary>
Do not audit attempts to write generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_etc_files" lineno="2679">
<summary>
Read and write generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_etc_files" lineno="2701">
<summary>
Create, read, write, and delete generic
files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_delete_etc_files" lineno="2720">
<summary>
Delete system configuration files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_etc_lnk_files" lineno="2738">
<summary>
Delete system configuration lnk files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_etc_dir_entry" lineno="2757">
<summary>
Remove entries from the etc directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_exec_etc_files" lineno="2775">
<summary>
Execute generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabel_etc_files" lineno="2795">
<summary>
Relabel from and to generic files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_etc_symlinks" lineno="2814">
<summary>
Read symbolic links in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_etc_symlinks" lineno="2832">
<summary>
Create, read, write, and delete symbolic links in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_etc_filetrans" lineno="2861">
<summary>
Create objects in /etc with a private
type using a type_transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
Private file type.
</summary>
</param>
<param name="class">
<summary>
Object classes to be created.
</summary>
</param>
</interface>
<interface name="files_create_boot_flag" lineno="2886">
<summary>
Create a boot flag.
</summary>
<desc>
<p>
Create a boot flag, such as
/.autorelabel and /.autofsck.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_etc_runtime_files" lineno="2925">
<summary>
Read files in /etc that are dynamically
created on boot, such as mtab.
</summary>
<desc>
<p>
Allow the specified domain to read dynamically created
configuration files in /etc. These files are typically
general system configuration files that do
not have more specific SELinux types. Some
examples of these files are:
</p>
<ul>
<li>/etc/motd</li>
<li>/etc/mtab</li>
<li>/etc/nologin</li>
</ul>
<p>
This interface does not include access to /etc/shadow.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10" />
<rolecap/>
</interface>
<interface name="files_dontaudit_read_etc_runtime_files" lineno="2947">
<summary>
Do not audit attempts to read files
in /etc that are dynamically
created on boot, such as mtab.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_etc_runtime_files" lineno="2967">
<summary>
Read and write files in /etc that are dynamically
created on boot, such as mtab.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_etc_runtime_files" lineno="2989">
<summary>
Create, read, write, and delete files in
/etc that are dynamically created on boot,
such as mtab.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="3008">
<summary>
Do not audit attempts to set the attributes of the etc_runtime files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_etc_filetrans_etc_runtime" lineno="3032">
<summary>
Create, etc runtime objects with an automatic
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object">
<summary>
The class of the object being created.
</summary>
</param>
</interface>
<interface name="files_getattr_isid_type_dirs" lineno="3051">
<summary>
Getattr of directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_isid_type_dirs" lineno="3070">
<summary>
Do not audit attempts to search directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_isid_type_dirs" lineno="3089">
<summary>
List the contents of directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_isid_type_dirs" lineno="3108">
<summary>
Read and write directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_dirs" lineno="3127">
<summary>
Delete directories on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_isid_type_dirs" lineno="3146">
<summary>
Create, read, write, and delete directories
on new filesystems that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_isid_type_dirs" lineno="3165">
<summary>
Mount a filesystem on a directory on new filesystems
that has not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_isid_type_files" lineno="3184">
<summary>
Read files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_files" lineno="3203">
<summary>
Delete files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_symlinks" lineno="3222">
<summary>
Delete lnk_files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_fifo_files" lineno="3241">
<summary>
Delete fifo files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_sock_files" lineno="3260">
<summary>
Delete sock files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_blk_files" lineno="3279">
<summary>
Delete blk files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_isid_type_chr_files" lineno="3298">
<summary>
Delete chr files on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_isid_chr_files" lineno="3317">
<summary>
Do not audit attempts to write to chr_files
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_isid_type_files" lineno="3336">
<summary>
Create, read, write, and delete files
on new filesystems that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_isid_type_symlinks" lineno="3355">
<summary>
Create, read, write, and delete symbolic links
on new filesystems that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_isid_type_blk_files" lineno="3374">
<summary>
Read and write block device nodes on new filesystems
that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_isid_type_blk_files" lineno="3393">
<summary>
Create, read, write, and delete block device nodes
on new filesystems that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_isid_type_chr_files" lineno="3412">
<summary>
Create, read, write, and delete character device nodes
on new filesystems that have not yet been labeled.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_home_dir" lineno="3431">
<summary>
Get the attributes of the home directories root
(/home).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_home_dir" lineno="3452">
<summary>
Do not audit attempts to get the
attributes of the home directories root
(/home).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_home" lineno="3471">
<summary>
Search home directories root (/home).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_home" lineno="3491">
<summary>
Do not audit attempts to search
home directories root (/home).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_home" lineno="3511">
<summary>
Do not audit attempts to list
home directories root (/home).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_home" lineno="3530">
<summary>
Get listing of home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_home" lineno="3549">
<summary>
Relabel to user home root (/home).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_home_filetrans" lineno="3577">
<summary>
Create objects in /home.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="home_type">
<summary>
The private type.
</summary>
</param>
<param name="object">
<summary>
The class of the object being created.
</summary>
</param>
</interface>
<interface name="files_getattr_lost_found_dirs" lineno="3595">
<summary>
Get the attributes of lost+found directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="3614">
<summary>
Do not audit attempts to get the attributes of
lost+found directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_lost_found" lineno="3634">
<summary>
Create, read, write, and delete objects in
lost+found directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_search_mnt" lineno="3656">
<summary>
Search the contents of /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_mnt" lineno="3674">
<summary>
Do not audit attempts to search /mnt.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_mnt" lineno="3692">
<summary>
List the contents of /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_mnt" lineno="3710">
<summary>
dontaudit List the contents of /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_mounton_mnt" lineno="3728">
<summary>
Mount a filesystem on /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_mnt_dirs" lineno="3747">
<summary>
Create, read, write, and delete directories in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_mnt_files" lineno="3765">
<summary>
Create, read, write, and delete files in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_mnt_files" lineno="3783">
<summary>
read files in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_mnt_symlinks" lineno="3801">
<summary>
Read symbolic links in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_mnt_symlinks" lineno="3819">
<summary>
Create, read, write, and delete symbolic links in /mnt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_kernel_modules" lineno="3837">
<summary>
Search the contents of the kernel module directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_kernel_modules" lineno="3856">
<summary>
List the contents of the kernel module directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_kernel_modules" lineno="3874">
<summary>
Get the attributes of kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_kernel_modules" lineno="3892">
<summary>
Read kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_kernel_modules" lineno="3912">
<summary>
Write kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_kernel_modules" lineno="3931">
<summary>
Delete kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_kernel_modules" lineno="3951">
<summary>
Create, read, write, and delete
kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_relabel_kernel_modules" lineno="3969">
<summary>
Relabel from and to kernel module files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_kernel_modules_filetrans" lineno="3999">
<summary>
Create objects in the kernel module directories
with a private type via an automatic type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object_class">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="files_list_world_readable" lineno="4018">
<summary>
List world-readable directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_world_readable_files" lineno="4037">
<summary>
Read world-readable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_world_readable_symlinks" lineno="4056">
<summary>
Read world-readable symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_world_readable_pipes" lineno="4074">
<summary>
Read world-readable named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_world_readable_sockets" lineno="4092">
<summary>
Read world-readable sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_system_conf_files" lineno="4111">
<summary>
Read manageable system configuration files in /etc
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_manage_system_conf_files" lineno="4131">
<summary>
Manage manageable system configuration files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_system_conf_files" lineno="4149">
<summary>
Relabel manageable system configuration files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelfrom_system_conf_files" lineno="4167">
<summary>
Relabel manageable system configuration files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_etc_filetrans_system_conf" lineno="4186">
<summary>
Create files in /etc with the type used for
the manageable system config files.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="files_associate_tmp" lineno="4206">
<summary>
Allow the specified type to associate
to a filesystem with the type of the
temporary directory (/tmp).
</summary>
<param name="file_type">
<summary>
Type of the file to associate.
</summary>
</param>
</interface>
<interface name="files_getattr_tmp_dirs" lineno="4224">
<summary>
Get the attributes of the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_tmp_dirs" lineno="4243">
<summary>
Do not audit attempts to get the
attributes of the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_tmp" lineno="4261">
<summary>
Search the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_tmp" lineno="4279">
<summary>
Do not audit attempts to search the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_tmp" lineno="4297">
<summary>
Read the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_tmp" lineno="4315">
<summary>
Do not audit listing of the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="files_rw_generic_tmp_dir" lineno="4333">
<summary>
Allow read and write to the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="files_delete_tmp_dir_entry" lineno="4351">
<summary>
Remove entries from the tmp directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_generic_tmp_files" lineno="4369">
<summary>
Read files in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_generic_tmp_files" lineno="4387">
<summary>
Read files in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_generic_tmp_files" lineno="4404">
<summary>
Read files in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_generic_tmp_files" lineno="4421">
<summary>
Read files in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_generic_tmp_files" lineno="4438">
<summary>
Read files in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_tmp_dirs" lineno="4455">
<summary>
Manage temporary directories in /tmp.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="files_execmod_tmp" lineno="4481">
<summary>
Allow shared library text relocations in tmp files.
</summary>
<desc>
<p>
Allow shared library text relocations in tmp files.
</p>
<p>
This is added to support java policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_tmp_files" lineno="4499">
<summary>
Manage temporary files and directories in /tmp.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="files_read_generic_tmp_symlinks" lineno="4517">
<summary>
Read symbolic links in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_generic_tmp_sockets" lineno="4535">
<summary>
Read and write generic named sockets in the tmp directory (/tmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelfrom_tmp_dirs" lineno="4553">
<summary>
Relabel a dir from the type used in /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_all_tmp_dirs" lineno="4571">
<summary>
Set the attributes of all tmp directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_inherited_tmp_files" lineno="4589">
<summary>
Allow caller to read inherited tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_append_inherited_tmp_files" lineno="4607">
<summary>
Allow caller to append inherited tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_inherited_tmp_file" lineno="4625">
<summary>
Allow caller to read and write inherited tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_all_tmp" lineno="4643">
<summary>
List all tmp directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_tmp_files" lineno="4662">
<summary>
Do not audit attempts to get the attributes
of all tmp files.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="files_getattr_all_tmp_files" lineno="4681">
<summary>
Allow attempts to get the attributes
of all tmp files.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="4700">
<summary>
Do not audit attempts to get the attributes
of all tmp sock_file.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="files_read_all_tmp_files" lineno="4718">
<summary>
Read all tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_tmp_file_leaks" lineno="4737">
<summary>
Do not audit attempts to read or write
all leaked tmpfiles files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_tmp_filetrans" lineno="4766">
<summary>
Create an object in the tmp directories, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="files_purge_tmp" lineno="4784">
<summary>
Delete the contents of /tmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_usr" lineno="4814">
<summary>
Search the content of /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_list_usr" lineno="4833">
<summary>
List the contents of generic
directories in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_usr_dirs" lineno="4851">
<summary>
Add and remove entries from /usr directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_usr_dirs" lineno="4869">
<summary>
dontaudit Add and remove entries from /usr directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_usr_dirs" lineno="4887">
<summary>
Delete generic directories in /usr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_usr_dirs" lineno="4905">
<summary>
Set the attributes of the /usr directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_usr_files" lineno="4923">
<summary>
Delete generic files in /usr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_usr_files" lineno="4941">
<summary>
Get the attributes of files in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_usr_files" lineno="4977">
<summary>
Read generic files in /usr.
</summary>
<desc>
<p>
Allow the specified domain to read generic
files in /usr. These files are various program
files that do not have more specific SELinux types.
Some examples of these files are:
</p>
<ul>
<li>/usr/include/*</li>
<li>/usr/share/doc/*</li>
<li>/usr/share/info/*</li>
</ul>
<p>
Generally, it is safe for many domains to have
this access.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="files_exec_usr_files" lineno="4997">
<summary>
Execute generic programs in /usr in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_usr_dirs" lineno="5017">
<summary>
dontaudit write of /usr dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_usr_files" lineno="5035">
<summary>
dontaudit write of /usr files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_usr_files" lineno="5053">
<summary>
Create, read, write, and delete files in the /usr directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelto_usr_files" lineno="5071">
<summary>
Relabel a file to the type used in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_relabelfrom_usr_files" lineno="5089">
<summary>
Relabel a file from the type used in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_usr_symlinks" lineno="5107">
<summary>
Read symbolic links in /usr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_usr_filetrans" lineno="5135">
<summary>
Create objects in the /usr directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_src" lineno="5153">
<summary>
Do not audit attempts to search /usr/src.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_getattr_usr_src_files" lineno="5171">
<summary>
Get the attributes of files in /usr/src.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_usr_src_files" lineno="5192">
<summary>
Read files in /usr/src.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_exec_usr_src_files" lineno="5213">
<summary>
Execute programs in /usr/src in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_kernel_symbol_table" lineno="5233">
<summary>
Install a system.map into the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_kernel_symbol_table" lineno="5252">
<summary>
Read system.map in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_kernel_symbol_table" lineno="5271">
<summary>
Delete a system.map in the /boot directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_var" lineno="5290">
<summary>
Search the contents of /var.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_var_dirs" lineno="5308">
<summary>
Do not audit attempts to write to /var.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_write_var_dirs" lineno="5326">
<summary>
Allow attempts to write to /var.dirs
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_var" lineno="5345">
<summary>
Do not audit attempts to search
the contents of /var.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_var" lineno="5363">
<summary>
List the contents of /var.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_list_var" lineno="5381">
<summary>
Do not audit listing of the var directory (/var).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_manage_var_dirs" lineno="5400">
<summary>
Create, read, write, and delete directories
in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_var_files" lineno="5418">
<summary>
Read files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_var_files" lineno="5436">
<summary>
Read and write files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_var_files" lineno="5455">
<summary>
Do not audit attempts to read and write
files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_var_files" lineno="5473">
<summary>
Create, read, write, and delete files in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_var_symlinks" lineno="5491">
<summary>
Read symbolic links in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_var_symlinks" lineno="5510">
<summary>
Create, read, write, and delete symbolic
links in the /var directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_var_filetrans" lineno="5538">
<summary>
Create objects in the /var directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
</interface>
<interface name="files_getattr_var_lib_dirs" lineno="5556">
<summary>
Get the attributes of the /var/lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_var_lib" lineno="5588">
<summary>
Search the /var/lib directory.
</summary>
<desc>
<p>
Search the /var/lib directory. This is
necessary to access files or directories under
/var/lib that have a private type. For example, a
domain accessing a private library file in the
/var/lib directory:
</p>
<p>
allow mydomain_t mylibfile_t:file read_file_perms;
files_search_var_lib(mydomain_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
</interface>
<interface name="files_list_var_lib" lineno="5606">
<summary>
List the contents of the /var/lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_var_lib_dirs" lineno="5624">
<summary>
Read-write /var/lib directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_relabel_var_lib_files" lineno="5642">
<summary>
Read-write /var/lib directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_relabel_tmp_files" lineno="5660">
<summary>
Read-write /var/lib directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_var_lib_filetrans" lineno="5688">
<summary>
Create objects in the /var/lib directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
</interface>
<interface name="files_read_var_lib_files" lineno="5707">
<summary>
Read generic files in /var/lib.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_var_lib_symlinks" lineno="5726">
<summary>
Read generic symbolic links in /var/lib
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_urandom_seed" lineno="5748">
<summary>
Create, read, write, and delete the
pseudorandom number generator seed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_mounttab" lineno="5768">
<summary>
Allow domain to manage mount tables
necessary for rpcd, nfsd, etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_locks" lineno="5787">
<summary>
Search the locks directory (/var/lock).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_locks" lineno="5806">
<summary>
Do not audit attempts to search the
locks directory (/var/lock).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_inherited_locks" lineno="5825">
<summary>
Do not audit attempts to read/write inherited
locks (/var/lock).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_rw_inherited_all_locks" lineno="5844">
<summary>
Do not audit attempts to read/write inherited
locks (/var/lock).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_setattr_lock_dirs" lineno="5862">
<summary>
Set the attributes of the /var/lock directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_rw_lock_dirs" lineno="5881">
<summary>
Add and remove entries in the /var/lock
directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_getattr_generic_locks" lineno="5899">
<summary>
Get the attributes of generic lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_locks" lineno="5920">
<summary>
Create, read, write, and delete generic
lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_locks" lineno="5940">
<summary>
Delete all lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_read_all_locks" lineno="5960">
<summary>
Read all lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_all_locks" lineno="5982">
<summary>
manage all lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_lock_filetrans" lineno="6015">
<summary>
Create an object in the locks directory, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_pid_dirs" lineno="6035">
<summary>
Do not audit attempts to get the attributes
of the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_search_pids" lineno="6054">
<summary>
Search the contents of runtime process
ID directories (/var/run).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_all_pids" lineno="6073">
<summary>
Do not audit attempts to search
the all /var/run directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_pid_dirs" lineno="6091">
<summary>
Add and remove entries from pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_var_run_dirs" lineno="6109">
<summary>
Create generic pid directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_pids" lineno="6129">
<summary>
Do not audit attempts to search
the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_pids" lineno="6148">
<summary>
List the contents of the runtime process
ID directories (/var/run).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_generic_pids" lineno="6166">
<summary>
Read generic process ID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_write_generic_pid_pipes" lineno="6185">
<summary>
Write named generic process ID pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_pid_filetrans" lineno="6240">
<summary>
Create an object in the process ID directory, with a private type.
</summary>
<desc>
<p>
Create an object in the process ID directory (e.g., /var/run)
with a private type. Typically this is used for creating
private PID files in /var/run with the private type instead
of the general PID file type. To accomplish this goal,
either the program must be SELinux-aware, or use this interface.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_pid_file()</li>
</ul>
<p>
Example usage with a domain that can create and
write its PID file with a private PID file type in the
/var/run directory:
</p>
<p>
type mypidfile_t;
files_pid_file(mypidfile_t)
allow mydomain_t mypidfile_t:file { create_file_perms write_file_perms };
files_pid_filetrans(mydomain_t, mypidfile_t, file)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="files_rw_generic_pids" lineno="6259">
<summary>
Read and write generic process ID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_all_pids" lineno="6279">
<summary>
Do not audit attempts to get the attributes of
daemon runtime data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_write_all_pids" lineno="6297">
<summary>
Do not audit attempts to write to daemon runtime data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_ioctl_all_pids" lineno="6315">
<summary>
Do not audit attempts to ioctl daemon runtime data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_all_pids" lineno="6334">
<summary>
Read all process ID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_mounton_all_poly_members" lineno="6356">
<summary>
Mount filesystems on all polyinstantiation
member directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_delete_all_pids" lineno="6375">
<summary>
Delete all process IDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_delete_all_pid_dirs" lineno="6399">
<summary>
Delete all process ID directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_setattr_pid_dirs" lineno="6419">
<summary>
Set the attributes of the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_search_spool" lineno="6438">
<summary>
Search the contents of generic spool
directories (/var/spool).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_search_spool" lineno="6457">
<summary>
Do not audit attempts to search generic
spool directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_list_spool" lineno="6476">
<summary>
List the contents of generic spool
(/var/spool) directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_spool_dirs" lineno="6495">
<summary>
Create, read, write, and delete generic
spool directories (/var/spool).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_read_generic_spool" lineno="6514">
<summary>
Read generic spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_generic_spool" lineno="6534">
<summary>
Create, read, write, and delete generic
spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_spool_filetrans" lineno="6565">
<summary>
Create objects in the spool directory
with a private type with a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file">
<summary>
Type to which the created node will be transitioned.
</summary>
</param>
<param name="class">
<summary>
Object class(es) (single or set including {}) for which this
the transition will occur.
</summary>
</param>
</interface>
<interface name="files_polyinstantiate_all" lineno="6585">
<summary>
Allow access to manage all polyinstantiated
directories on the system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_unconfined" lineno="6639">
<summary>
Unconfined access to files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_manage_root_files" lineno="6663">
<summary>
Create a core files in /
</summary>
<desc>
<p>
Create a core file in /,
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_create_default_dir" lineno="6687">
<summary>
Create a default directory
</summary>
<desc>
<p>
Create a default_t direcrory
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_root_filetrans_default" lineno="6711">
<summary>
Create, default_t objects with an automatic
type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object">
<summary>
The class of the object being created.
</summary>
</param>
</interface>
<interface name="files_manage_generic_pids_symlinks" lineno="6730">
<summary>
manage generic symbolic links
in the /var/run directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_dontaudit_getattr_tmpfs_files" lineno="6749">
<summary>
Do not audit attempts to getattr
all tmpfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_read_security_files" lineno="6767">
<summary>
Do not audit attempts to read security files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_rw_all_inherited_files" lineno="6790">
<summary>
rw any files inherited from another process
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_type">
<summary>
Object type.
</summary>
</param>
</interface>
<interface name="files_entrypoint_all_files" lineno="6812">
<summary>
Allow any file point to be the entrypoint of this domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="files_dontaudit_all_non_security_leaks" lineno="6830">
<summary>
Do not audit attempts to rw inherited file perms
of non security files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="files_dontaudit_leaks" lineno="6849">
<summary>
Do not audit attempts to read or write
all leaked files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="files_create_as_is_all_files" lineno="6868">
<summary>
Allow domain to create_file_ass all types
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="filesystem" filename="policy/modules/kernel/filesystem.if">
<summary>Policy for filesystems.</summary>
<required val="true">
Contains the initial SID for the filesystems.
</required>
<interface name="fs_type" lineno="16">
<summary>
Transform specified type into a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_noxattr_type" lineno="36">
<summary>
Transform specified type into a filesystem
type which does not have extended attribute
support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_associate" lineno="59">
<summary>
Associate the specified file type to persistent
filesystems with extended attributes. This
allows a file of this type to be created on
a filesystem such as ext3, JFS, and XFS.
</summary>
<param name="file_type">
<summary>
The type of the to be associated.
</summary>
</param>
</interface>
<interface name="fs_associate_noxattr" lineno="81">
<summary>
Associate the specified file type to
filesystems which lack extended attributes
support. This allows a file of this type
to be created on a filesystem such as
FAT32, and NFS.
</summary>
<param name="file_type">
<summary>
The type of the to be associated.
</summary>
</param>
</interface>
<interface name="fs_exec_noxattr" lineno="101">
<summary>
Execute files on a filesystem that does
not support extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_mount_xattr_fs" lineno="121">
<summary>
Mount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_xattr_fs" lineno="142">
<summary>
Remount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS. This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_xattr_fs" lineno="162">
<summary>
Unmount a persistent filesystem which
has extended attributes, such as
ext3, JFS, or XFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_xattr_fs" lineno="198">
<summary>
Get the attributes of persistent
filesystems which have extended
attributes, such as ext3, JFS, or XFS.
</summary>
<desc>
<p>
Allow the specified domain to
get the attributes of a persistent
filesystems which have extended
attributes, such as ext3, JFS, or XFS.
Example attributes:
</p>
<ul>
<li>Type of the file system (e.g., ext3)</li>
<li>Size of the file system</li>
<li>Available space on the file system</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
<rolecap/>
</interface>
<interface name="fs_dontaudit_getattr_xattr_fs" lineno="219">
<summary>
Do not audit attempts to
get the attributes of a persistent
filesystem which has extended
attributes, such as ext3, JFS, or XFS.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_xattr_fs" lineno="239">
<summary>
Allow changing of the label of a
filesystem with extended attributes
using the context= mount option.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_get_xattr_fs_quotas" lineno="259">
<summary>
Get the filesystem quotas of a filesystem
with extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_set_xattr_fs_quotas" lineno="279">
<summary>
Set the filesystem quotas of a filesystem
with extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_read_anon_inodefs_files" lineno="297">
<summary>
Read files on anon_inodefs file systems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_anon_inodefs_files" lineno="317">
<summary>
Read and write files on anon_inodefs
file systems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_anon_inodefs_files" lineno="337">
<summary>
Do not audit attempts to read or write files on
anon_inodefs file systems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_autofs" lineno="356">
<summary>
Mount an automount pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_autofs" lineno="375">
<summary>
Remount an automount pseudo filesystem
This allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_autofs" lineno="393">
<summary>
Unmount an automount pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_autofs" lineno="412">
<summary>
Get the attributes of an automount
pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_auto_mountpoints" lineno="439">
<summary>
Search automount filesystem to use automatically
mounted filesystems.
</summary>
<desc>
Allow the specified domain to search mount points
that have filesystems that are mounted by
the automount service. Generally this will
be required for any domain that accesses objects
on these filesystems.
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
</interface>
<interface name="fs_list_auto_mountpoints" lineno="460">
<summary>
Read directories of automatically
mounted filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_list_auto_mountpoints" lineno="479">
<summary>
Do not audit attempts to list directories of automatically
mounted filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_autofs_symlinks" lineno="498">
<summary>
Create, read, write, and delete symbolic links
on an autofs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_binfmt_misc_dirs" lineno="517">
<summary>
Get the attributes of directories on
binfmt_misc filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_register_binary_executable_type" lineno="553">
<summary>
Register an interpreter for new binary
file types, using the kernel binfmt_misc
support.
</summary>
<desc>
<p>
Register an interpreter for new binary
file types, using the kernel binfmt_misc
support.
</p>
<p>
A common use for this is to
register a JVM as an interpreter for
Java byte code. Registered binaries
can be directly executed on a command line
without specifying the interpreter.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_delete_cgroup_dirs" lineno="571">
<summary>
Delete directories on cgroup.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_cgroup" lineno="589">
<summary>
Mount a cgroup filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_cgroup" lineno="608">
<summary>
Remount a cgroup filesystem This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_cgroup" lineno="626">
<summary>
Unmount a cgroup file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_cgroup" lineno="644">
<summary>
Get the attributes of a cgroup filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_cgroup_files" lineno="662">
<summary>
Get attributes of cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_cgroup_dirs" lineno="683">
<summary>
Search cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_cgroup_dirs" lineno="705">
<summary>
list dirs on cgroup
file systems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_cgroup_dirs" lineno="723">
<summary>
Manage dirs on cgroup file systems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_setattr_cgroup_files" lineno="743">
<summary>
Set attributes of files on cgroup
file systems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cgroup_files" lineno="763">
<summary>
Read files on cgroup
file systems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_write_cgroup_files" lineno="783">
<summary>
Write files on cgroup
file systems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_cgroup_files" lineno="802">
<summary>
Read and write files on cgroup
file systems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_cgroup_files" lineno="823">
<summary>
Do not audit attempts to getattr,
open, read and write files on cgroup
file systems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_cgroup_files" lineno="841">
<summary>
Manage cgroup files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mounton_cgroup" lineno="860">
<summary>
Mount on cgroup directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_cifs_dirs" lineno="879">
<summary>
Do not audit attempts to read
dirs on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mount_cifs" lineno="897">
<summary>
Mount a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_cifs" lineno="916">
<summary>
Remount a CIFS or SMB network filesystem.
This allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_cifs" lineno="934">
<summary>
Unmount a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_cifs" lineno="954">
<summary>
Get the attributes of a CIFS or
SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_search_cifs" lineno="972">
<summary>
Search directories on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_cifs" lineno="991">
<summary>
List the contents of directories on a
CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_cifs" lineno="1010">
<summary>
Do not audit attempts to list the contents
of directories on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mounton_cifs" lineno="1028">
<summary>
Mounton a CIFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_files" lineno="1047">
<summary>
Read files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_read_cifs_dirs" lineno="1067">
<summary>
Read files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_getattr_noxattr_fs" lineno="1088">
<summary>
Get the attributes of filesystems that
do not have extended attribute support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_list_noxattr_fs" lineno="1106">
<summary>
Read all noxattrfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_noxattr_fs_dirs" lineno="1124">
<summary>
Create, read, write, and delete all noxattrfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_noxattr_fs_files" lineno="1142">
<summary>
Read all noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1160">
<summary>
Dont audit attempts to write to noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_inherited_noxattr_fs_files" lineno="1178">
<summary>
Read/Write all inherited noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_create_noxattr_fs_files" lineno="1196">
<summary>
Create noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_noxattr_fs_files" lineno="1215">
<summary>
Create, read, write, and delete all noxattrfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_noxattr_fs_symlinks" lineno="1233">
<summary>
Read all noxattrfs symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_cifs_files" lineno="1252">
<summary>
Do not audit attempts to read
files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_append_cifs_files" lineno="1271">
<summary>
Append files
on a CIFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_append_cifs_files" lineno="1290">
<summary>
dontaudit Append files
on a CIFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_inherited_cifs_files" lineno="1308">
<summary>
Read inherited files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_rw_inherited_cifs_files" lineno="1326">
<summary>
Read/Write inherited files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_cifs_files" lineno="1345">
<summary>
Do not audit attempts to read or
write files on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_symlinks" lineno="1363">
<summary>
Read symbolic links on a CIFS or SMB filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_named_pipes" lineno="1383">
<summary>
Read named pipes
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_cifs_named_sockets" lineno="1402">
<summary>
Read named pipes
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_exec_cifs_files" lineno="1423">
<summary>
Execute files on a CIFS or SMB
network filesystem, in the caller
domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_cifs_dirs" lineno="1444">
<summary>
Create, read, write, and delete directories
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1464">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_files" lineno="1484">
<summary>
Create, read, write, and delete files
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_cifs_files" lineno="1504">
<summary>
Do not audit attempts to create, read,
write, and delete files
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_symlinks" lineno="1523">
<summary>
Create, read, write, and delete symbolic links
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_named_pipes" lineno="1542">
<summary>
Create, read, write, and delete named pipes
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_cifs_named_sockets" lineno="1561">
<summary>
Create, read, write, and delete named sockets
on a CIFS or SMB network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_cifs_domtrans" lineno="1604">
<summary>
Execute a file on a CIFS or SMB filesystem
in the specified domain.
</summary>
<desc>
<p>
Execute a file on a CIFS or SMB filesystem
in the specified domain. This allows
the specified domain to execute any file
on these filesystems in the specified
domain. This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
home directories on CIFS/SMB filesystems,
in particular used by the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="fs_cifs_entry_type" lineno="1624">
<summary>
Make general progams in cifs an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which cifs_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="fs_search_configfs_dirs" lineno="1643">
<summary>
Create, read, write, and delete dirs
on a configfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_configfs_dirs" lineno="1663">
<summary>
Create, read, write, and delete dirs
on a configfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_configfs_files" lineno="1682">
<summary>
Create, read, write, and delete files
on a configfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_dos_fs" lineno="1701">
<summary>
Mount a DOS filesystem, such as
FAT32 or NTFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_dos_fs" lineno="1721">
<summary>
Remount a DOS filesystem, such as
FAT32 or NTFS. This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_dos_fs" lineno="1740">
<summary>
Unmount a DOS filesystem, such as
FAT32 or NTFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_dos_fs" lineno="1760">
<summary>
Get the attributes of a DOS
filesystem, such as FAT32 or NTFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_relabelfrom_dos_fs" lineno="1779">
<summary>
Allow changing of the label of a
DOS filesystem using the context= mount option.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_dos" lineno="1797">
<summary>
Search dosfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_dos" lineno="1815">
<summary>
List dirs DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_dos_dirs" lineno="1834">
<summary>
Create, read, write, and delete dirs
on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_dos_files" lineno="1852">
<summary>
Read files on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_dos_files" lineno="1871">
<summary>
Create, read, write, and delete files
on a DOS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_eventpollfs" lineno="1898">
<summary>
Read eventpollfs files.
</summary>
<desc>
<p>
Read eventpollfs files
</p>
<p>
This interface has been deprecated, and will
be removed in the future.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_fusefs" lineno="1912">
<summary>
Mount a FUSE filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_fusefs" lineno="1930">
<summary>
Unmount a FUSE filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mounton_fusefs" lineno="1948">
<summary>
Mounton a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_fusefs_domtrans" lineno="1991">
<summary>
Execute a file on a FUSE filesystem
in the specified domain.
</summary>
<desc>
<p>
Execute a file on a FUSE filesystem
in the specified domain. This allows
the specified domain to execute any file
on these filesystems in the specified
domain. This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
home directories on FUSE filesystems,
in particular used by the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="fs_getattr_fusefs" lineno="2011">
<summary>
Get the attributes of a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_search_fusefs" lineno="2031">
<summary>
Search directories
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_list_fusefs" lineno="2050">
<summary>
Do not audit attempts to list the contents
of directories on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_fusefs_dirs" lineno="2070">
<summary>
Create, read, write, and delete directories
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="2090">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_fusefs_files" lineno="2109">
<summary>
Read, a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_fusefs_files" lineno="2129">
<summary>
Create, read, write, and delete files
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_exec_fusefs_files" lineno="2147">
<summary>
Execute files on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_manage_fusefs_files" lineno="2168">
<summary>
Do not audit attempts to create,
read, write, and delete files
on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_fusefs_symlinks" lineno="2186">
<summary>
Read symbolic links on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_fusefs_symlinks" lineno="2205">
<summary>
Manage symbolic links on a FUSEFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_hugetlbfs" lineno="2224">
<summary>
Get the attributes of an hugetlbfs
filesystem;
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_hugetlbfs_files" lineno="2242">
<summary>
Read hugetlbfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_hugetlbfs_files" lineno="2260">
<summary>
Read and write hugetlbfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_hugetlbfs_dirs" lineno="2278">
<summary>
Manage hugetlbfs dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_hugetlbfs" lineno="2296">
<summary>
List hugetlbfs dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_associate_hugetlbfs" lineno="2314">
<summary>
Allow the type to associate to hugetlbfs filesystems.
</summary>
<param name="type">
<summary>
The type of the object to be associated.
</summary>
</param>
</interface>
<interface name="fs_search_inotifyfs" lineno="2332">
<summary>
Search inotifyfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_inotifyfs" lineno="2350">
<summary>
List inotifyfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_inotifyfs" lineno="2369">
<summary>
Dontaudit List inotifyfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_hugetlbfs_filetrans" lineno="2398">
<summary>
Create an object in a hugetlbfs filesystem, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="fs_mount_iso9660_fs" lineno="2418">
<summary>
Mount an iso9660 filesystem, which
is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_iso9660_fs" lineno="2438">
<summary>
Remount an iso9660 filesystem, which
is usually used on CDs. This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_iso9660_fs" lineno="2457">
<summary>
Unmount an iso9660 filesystem, which
is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_iso9660_fs" lineno="2477">
<summary>
Get the attributes of an iso9660
filesystem, which is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_getattr_iso9660_files" lineno="2496">
<summary>
Read files on an iso9660 filesystem, which
is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_iso9660_files" lineno="2516">
<summary>
Read files on an iso9660 filesystem, which
is usually used on CDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_nfs" lineno="2536">
<summary>
Mount a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_nfs" lineno="2555">
<summary>
Remount a NFS filesystem. This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_nfs" lineno="2573">
<summary>
Unmount a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_nfs" lineno="2592">
<summary>
Get the attributes of a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_search_nfs" lineno="2610">
<summary>
Search directories on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_nfs" lineno="2628">
<summary>
List NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_nfs" lineno="2647">
<summary>
Do not audit attempts to list the contents
of directories on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mounton_nfs" lineno="2665">
<summary>
Mounton a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_files" lineno="2684">
<summary>
Read files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_read_nfs_files" lineno="2705">
<summary>
Do not audit attempts to read
files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_write_nfs_files" lineno="2723">
<summary>
Read files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_exec_nfs_files" lineno="2743">
<summary>
Execute files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_nfs_entry_type" lineno="2763">
<summary>
Make general progams in nfs an entrypoint for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which nfs_t is an entrypoint.
</summary>
</param>
</interface>
<interface name="fs_append_nfs_files" lineno="2783">
<summary>
Append files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_append_nfs_files" lineno="2803">
<summary>
dontaudit Append files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_read_inherited_nfs_files" lineno="2821">
<summary>
Read inherited files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_rw_inherited_nfs_files" lineno="2839">
<summary>
Read/write inherited files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_nfs_files" lineno="2858">
<summary>
Do not audit attempts to read or
write files on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_symlinks" lineno="2876">
<summary>
Read symbolic links on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_nfs_symlinks" lineno="2895">
<summary>
Dontaudit read symbolic links on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_named_sockets" lineno="2913">
<summary>
Read named sockets on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_named_pipes" lineno="2932">
<summary>
Read named pipes on a NFS network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_getattr_rpc_dirs" lineno="2950">
<summary>
Read directories of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_rpc" lineno="2969">
<summary>
Search directories of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_removable" lineno="2987">
<summary>
Search removable storage directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_removable" lineno="3005">
<summary>
Do not audit attempts to list removable storage directories.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="fs_read_removable_files" lineno="3023">
<summary>
Read removable storage files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_removable_files" lineno="3041">
<summary>
Do not audit attempts to read removable storage files.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_removable_files" lineno="3059">
<summary>
Do not audit attempts to write removable storage files.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="fs_read_removable_symlinks" lineno="3077">
<summary>
Read removable storage symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_removable_blk_files" lineno="3095">
<summary>
Read and write block nodes on removable filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_rpc" lineno="3114">
<summary>
Read directories of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_rpc_files" lineno="3132">
<summary>
Read files of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_rpc_symlinks" lineno="3150">
<summary>
Read symbolic links of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_rpc_sockets" lineno="3168">
<summary>
Read sockets of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_rpc_sockets" lineno="3186">
<summary>
Read and write sockets of RPC file system pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nfs_dirs" lineno="3206">
<summary>
Create, read, write, and delete directories
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_nfs_dirs" lineno="3227">
<summary>
Create, read, write, and delete directories
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_nfs_dirs" lineno="3248">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_nfs_files" lineno="3268">
<summary>
Create, read, write, and delete files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_nfs_files" lineno="3289">
<summary>
Do not audit attempts to create,
read, write, and delete files
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_nfs_symlinks" lineno="3309">
<summary>
Create, read, write, and delete symbolic links
on a NFS network filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_manage_nfs_named_pipes" lineno="3328">
<summary>
Create, read, write, and delete named pipes
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_nfs_named_sockets" lineno="3347">
<summary>
Create, read, write, and delete named sockets
on a NFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_nfs_domtrans" lineno="3390">
<summary>
Execute a file on a NFS filesystem
in the specified domain.
</summary>
<desc>
<p>
Execute a file on a NFS filesystem
in the specified domain. This allows
the specified domain to execute any file
on a NFS filesystem in the specified
domain. This is not suggested.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
<p>
This interface was added to handle
home directories on NFS filesystems,
in particular used by the ssh-agent policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the new process.
</summary>
</param>
</interface>
<interface name="fs_mount_nfsd_fs" lineno="3409">
<summary>
Mount a NFS server pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_nfsd_fs" lineno="3428">
<summary>
Mount a NFS server pseudo filesystem.
This allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_nfsd_fs" lineno="3446">
<summary>
Unmount a NFS server pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_nfsd_fs" lineno="3465">
<summary>
Get the attributes of a NFS server
pseudo filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_nfsd_fs" lineno="3483">
<summary>
Search NFS server directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_nfsd_fs" lineno="3501">
<summary>
List NFS server directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_nfsd_files" lineno="3519">
<summary>
Getattr files on an nfsd filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_nfsd_files" lineno="3537">
<summary>
read files on an nfsd filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_nfsd_fs" lineno="3555">
<summary>
Read and write NFS server files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_associate_ramfs" lineno="3573">
<summary>
Allow the type to associate to ramfs filesystems.
</summary>
<param name="type">
<summary>
The type of the object to be associated.
</summary>
</param>
</interface>
<interface name="fs_mount_ramfs" lineno="3591">
<summary>
Mount a RAM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_ramfs" lineno="3610">
<summary>
Remount a RAM filesystem. This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_ramfs" lineno="3628">
<summary>
Unmount a RAM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_ramfs" lineno="3646">
<summary>
Get the attributes of a RAM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_ramfs" lineno="3664">
<summary>
Search directories on a ramfs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_search_ramfs" lineno="3682">
<summary>
Dontaudit Search directories on a ramfs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_dirs" lineno="3701">
<summary>
Create, read, write, and delete
directories on a ramfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_ramfs_files" lineno="3719">
<summary>
Dontaudit read on a ramfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_ramfs_pipes" lineno="3737">
<summary>
Dontaudit read on a ramfs fifo_files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_files" lineno="3756">
<summary>
Create, read, write, and delete
files on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_write_ramfs_pipes" lineno="3774">
<summary>
Write to named pipe on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_write_ramfs_pipes" lineno="3793">
<summary>
Do not audit attempts to write to named
pipes on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_ramfs_pipes" lineno="3811">
<summary>
Read and write a named pipe on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_pipes" lineno="3830">
<summary>
Create, read, write, and delete
named pipes on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_write_ramfs_sockets" lineno="3848">
<summary>
Write to named socket on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_ramfs_sockets" lineno="3867">
<summary>
Create, read, write, and delete
named sockets on a ramfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_romfs" lineno="3885">
<summary>
Mount a ROM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_romfs" lineno="3904">
<summary>
Remount a ROM filesystem. This allows
some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_romfs" lineno="3922">
<summary>
Unmount a ROM filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_romfs" lineno="3941">
<summary>
Get the attributes of a ROM
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_rpc_pipefs" lineno="3959">
<summary>
Mount a RPC pipe filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_rpc_pipefs" lineno="3978">
<summary>
Remount a RPC pipe filesystem. This
allows some mount option to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_rpc_pipefs" lineno="3996">
<summary>
Unmount a RPC pipe filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_rpc_pipefs" lineno="4015">
<summary>
Get the attributes of a RPC pipe
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_rpc_named_pipes" lineno="4033">
<summary>
Read and write RPC pipe filesystem named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_tmpfs" lineno="4051">
<summary>
Mount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_tmpfs" lineno="4069">
<summary>
Remount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_tmpfs" lineno="4087">
<summary>
Unmount a tmpfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_tmpfs" lineno="4107">
<summary>
Get the attributes of a tmpfs
filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_associate_tmpfs" lineno="4125">
<summary>
Allow the type to associate to tmpfs filesystems.
</summary>
<param name="type">
<summary>
The type of the object to be associated.
</summary>
</param>
</interface>
<interface name="fs_getattr_tmpfs_dirs" lineno="4143">
<summary>
Get the attributes of tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="4162">
<summary>
Do not audit attempts to get the attributes
of tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_setattr_tmpfs_dirs" lineno="4180">
<summary>
Set the attributes of tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_tmpfs" lineno="4198">
<summary>
Search tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_tmpfs" lineno="4216">
<summary>
List the contents of generic tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_list_tmpfs" lineno="4235">
<summary>
Do not audit attempts to list the
contents of generic tmpfs directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_dirs" lineno="4254">
<summary>
Create, read, write, and delete
tmpfs directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_tmpfs_filetrans" lineno="4283">
<summary>
Create an object in a tmpfs filesystem, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="4303">
<summary>
Do not audit attempts to getattr
generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_rw_tmpfs_files" lineno="4322">
<summary>
Do not audit attempts to read or write
generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_rw_inherited_tmpfs_files" lineno="4340">
<summary>
Read and write generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_auto_mountpoints" lineno="4359">
<summary>
Create, read, write, and delete
auto moutpoints.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_tmpfs_files" lineno="4377">
<summary>
Read generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_tmpfs_files" lineno="4395">
<summary>
Read and write generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_delete_tmpfs_files" lineno="4413">
<summary>
Delete generic tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_read_tmpfs_symlinks" lineno="4431">
<summary>
Read tmpfs link files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_tmpfs_chr_files" lineno="4449">
<summary>
Read and write character nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="4468">
<summary>
dontaudit Read and write character nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_read_tmpfs_blk_dev" lineno="4487">
<summary>
dontaudit Read and write block nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_chr_file" lineno="4505">
<summary>
Relabel character nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_rw_tmpfs_blk_files" lineno="4524">
<summary>
Read and write block nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabel_tmpfs_blk_file" lineno="4543">
<summary>
Relabel block nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_files" lineno="4563">
<summary>
Read and write, create and delete generic
files on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_symlinks" lineno="4582">
<summary>
Read and write, create and delete symbolic
links on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_sockets" lineno="4601">
<summary>
Read and write, create and delete socket
files on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_chr_files" lineno="4620">
<summary>
Read and write, create and delete character
nodes on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_tmpfs_blk_files" lineno="4639">
<summary>
Read and write, create and delete block nodes
on tmpfs filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_mount_xenfs" lineno="4657">
<summary>
Mount a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_xenfs" lineno="4675">
<summary>
Search the XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_manage_xenfs_dirs" lineno="4695">
<summary>
Create, read, write, and delete directories
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="4715">
<summary>
Do not audit attempts to create, read,
write, and delete directories
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_manage_xenfs_files" lineno="4735">
<summary>
Create, read, write, and delete files
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_dontaudit_manage_xenfs_files" lineno="4755">
<summary>
Do not audit attempts to create,
read, write, and delete files
on a XENFS filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_mount_all_fs" lineno="4773">
<summary>
Mount all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_remount_all_fs" lineno="4792">
<summary>
Remount all filesystems. This
allows some mount options to be changed.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unmount_all_fs" lineno="4810">
<summary>
Unmount all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_fs" lineno="4842">
<summary>
Get the attributes of all filesystems.
</summary>
<desc>
<p>
Allow the specified domain to
et the attributes of all filesystems.
Example attributes:
</p>
<ul>
<li>Type of the file system (e.g., ext3)</li>
<li>Size of the file system</li>
<li>Available space on the file system</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="5"/>
<rolecap/>
</interface>
<interface name="fs_dontaudit_getattr_all_fs" lineno="4862">
<summary>
Do not audit attempts to get the attributes
all filesystems.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="fs_get_all_fs_quotas" lineno="4881">
<summary>
Get the quotas of all filesystems.
</summary>
<param name="domain">
<summary>
The type of the domain getting quotas.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_set_all_quotas" lineno="4900">
<summary>
Set the quotas of all filesystems.
</summary>
<param name="domain">
<summary>
The type of the domain setting quotas.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fs_relabelfrom_all_fs" lineno="4918">
<summary>
Relabelfrom all filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_dirs" lineno="4937">
<summary>
Get the attributes of all directories
with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_search_all" lineno="4955">
<summary>
Search all directories with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_list_all" lineno="4973">
<summary>
List all directories with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_files" lineno="4992">
<summary>
Get the attributes of all files with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_symlinks" lineno="5011">
<summary>
Get the attributes of all symbolic links with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_pipes" lineno="5030">
<summary>
Get the attributes of all named pipes with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_sockets" lineno="5049">
<summary>
Get the attributes of all named sockets with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_blk_files" lineno="5068">
<summary>
Get the attributes of all blk files with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_getattr_all_chr_files" lineno="5087">
<summary>
Get the attributes of all chr files with
a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_files" lineno="5106">
<summary>
Do not audit attempts to get the attributes
of all files with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_symlinks" lineno="5125">
<summary>
Do not audit attempts to get the attributes
of all symbolic links with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_pipes" lineno="5144">
<summary>
Do not audit attempts to get the attributes
of all named pipes with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_getattr_all_sockets" lineno="5163">
<summary>
Do not audit attempts to get the attributes
of all named sockets with a filesystem type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_unconfined" lineno="5181">
<summary>
Unconfined access to filesystems
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_relabelfrom_noxattr_fs" lineno="5200">
<summary>
Relabel all objets from filesystems that
do not support extended attributes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fs_dontaudit_leaks" lineno="5226">
<summary>
Do not audit attempts to read or write
all leaked filesystems files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="kernel" filename="policy/modules/kernel/kernel.if">
<summary>
Policy for kernel threads, proc filesystem,
and unlabeled processes and objects.
</summary>
<required val="true">
This module has initial SIDs.
</required>
<interface name="kernel_domtrans_to" lineno="25">
<summary>
Allows to start userland processes
by transitioning to the specified domain.
</summary>
<param name="domain">
<summary>
The process type entered by kernel.
</summary>
</param>
<param name="entrypoint">
<summary>
The executable type for the entrypoint.
</summary>
</param>
</interface>
<interface name="kernel_ranged_domtrans_to" lineno="55">
<summary>
Allows to start userland processes
by transitioning to the specified domain,
with a range transition.
</summary>
<param name="domain">
<summary>
The process type entered by kernel.
</summary>
</param>
<param name="entrypoint">
<summary>
The executable type for the entrypoint.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
</interface>
<interface name="kernel_rootfs_mountpoint" lineno="83">
<summary>
Allows the kernel to mount filesystems on
the specified directory type.
</summary>
<param name="directory_type">
<summary>
The type of the directory to use as a mountpoint.
</summary>
</param>
</interface>
<interface name="kernel_setpgid" lineno="101">
<summary>
Set the process group of kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_setsched" lineno="119">
<summary>
Set the priority of kernel threads.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sigchld" lineno="137">
<summary>
Send a SIGCHLD signal to kernel threads.
</summary>
<param name="domain">
<summary>
The type of the process sending the signal.
</summary>
</param>
</interface>
<interface name="kernel_kill" lineno="155">
<summary>
Send a kill signal to kernel threads.
</summary>
<param name="domain">
<summary>
The type of the process sending the signal.
</summary>
</param>
</interface>
<interface name="kernel_signal" lineno="173">
<summary>
Send a generic signal to kernel threads.
</summary>
<param name="domain">
<summary>
The type of the process sending the signal.
</summary>
</param>
</interface>
<interface name="kernel_share_state" lineno="192">
<summary>
Allows the kernel to share state information with
the caller.
</summary>
<param name="domain">
<summary>
The type of the process with which to share state information.
</summary>
</param>
</interface>
<interface name="kernel_use_fds" lineno="210">
<summary>
Permits caller to use kernel file descriptors.
</summary>
<param name="domain">
<summary>
The type of the process using the descriptors.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_use_fds" lineno="229">
<summary>
Do not audit attempts to use
kernel file descriptors.
</summary>
<param name="domain">
<summary>
The type of process not to audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_pipes" lineno="247">
<summary>
Read and write kernel unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unix_dgram_sockets" lineno="265">
<summary>
Read and write kernel unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dgram_send" lineno="283">
<summary>
Send messages to kernel unix datagram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_tcp_recvfrom" lineno="301">
<summary>
Receive messages from kernel TCP sockets. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_udp_send" lineno="315">
<summary>
Send UDP network traffic to the kernel. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_udp_recvfrom" lineno="329">
<summary>
Receive messages from kernel UDP sockets. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_load_module" lineno="343">
<summary>
Allows caller to load kernel modules
</summary>
<param name="domain">
<summary>
The process type to allow to load kernel modules.
</summary>
</param>
</interface>
<interface name="kernel_search_key" lineno="367">
<summary>
Allow search the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_key" lineno="385">
<summary>
dontaudit search the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_link_key" lineno="403">
<summary>
Allow link to the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_link_key" lineno="421">
<summary>
dontaudit link to the kernel key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_ring_buffer" lineno="440">
<summary>
Allows caller to read the ring buffer.
</summary>
<param name="domain">
<summary>
The process type allowed to read the ring buffer.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_read_ring_buffer" lineno="458">
<summary>
Do not audit attempts to read the ring buffer.
</summary>
<param name="domain">
<summary>
The domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_change_ring_buffer_level" lineno="477">
<summary>
Change the level of kernel messages logged to the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_clear_ring_buffer" lineno="496">
<summary>
Allows the caller to clear the ring buffer.
</summary>
<param name="domain">
<summary>
The process type clearing the buffer.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_request_load_module" lineno="527">
<summary>
Allows caller to request the kernel to load a module
</summary>
<desc>
<p>
Allow the specified domain to request that the kernel
load a kernel module. An example of this is the
auto-loading of network drivers when doing an
ioctl() on a network interface.
</p>
<p>
In the specific case of a module loading request
on a network interface, the domain will also
need the net_admin capability.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_request_load_module" lineno="558">
<summary>
Dontaudit caller request the kernel to load a module
</summary>
<desc>
<p>
Allow the specified domain to request that the kernel
load a kernel module. An example of this is the
auto-loading of network drivers when doing an
ioctl() on a network interface.
</p>
<p>
In the specific case of a module loading request
on a network interface, the domain will also
need the net_admin capability.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_get_sysvipc_info" lineno="576">
<summary>
Get information on all System V IPC objects.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_getattr_debugfs" lineno="594">
<summary>
Get the attributes of a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mount_debugfs" lineno="612">
<summary>
Mount a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
The type of the domain mounting the filesystem.
</summary>
</param>
</interface>
<interface name="kernel_unmount_debugfs" lineno="630">
<summary>
Unmount a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
The type of the domain unmounting the filesystem.
</summary>
</param>
</interface>
<interface name="kernel_remount_debugfs" lineno="648">
<summary>
Remount a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
The type of the domain remounting the filesystem.
</summary>
</param>
</interface>
<interface name="kernel_search_debugfs" lineno="666">
<summary>
Search the contents of a kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_debugfs" lineno="684">
<summary>
Do not audit attempts to search the kernel debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_debugfs" lineno="702">
<summary>
Read information from the debugging filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mount_kvmfs" lineno="722">
<summary>
Mount a kernel VM filesystem.
</summary>
<param name="domain">
<summary>
The type of the domain mounting the filesystem.
</summary>
</param>
</interface>
<interface name="kernel_unmount_proc" lineno="740">
<summary>
Unmount the proc filesystem.
</summary>
<param name="domain">
<summary>
The type of the domain unmounting the filesystem.
</summary>
</param>
</interface>
<interface name="kernel_getattr_proc" lineno="758">
<summary>
Get the attributes of the proc filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_search_proc" lineno="776">
<summary>
Search directories in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_list_proc" lineno="794">
<summary>
List the contents of directories in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_list_proc" lineno="813">
<summary>
Do not audit attempts to list the
contents of directories in /proc.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_getattr_proc_files" lineno="831">
<summary>
Get the attributes of files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_proc_symlinks" lineno="858">
<summary>
Read generic symbolic links in /proc.
</summary>
<desc>
<p>
Allow the specified domain to read (follow) generic
symbolic links (symlinks) in the proc filesystem (/proc).
This interface does not include access to the targets of
these links. An example symlink is /proc/self.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="kernel_read_system_state" lineno="897">
<summary>
Allows caller to read system state information in /proc.
</summary>
<desc>
<p>
Allow the specified domain to read general system
state information from the proc filesystem (/proc).
</p>
<p>
Generally it should be safe to allow this access. Some
example files that can be read based on this interface:
</p>
<ul>
<li>/proc/cpuinfo</li>
<li>/proc/meminfo</li>
<li>/proc/uptime</li>
</ul>
<p>
This does not allow access to sysctl entries (/proc/sys/*)
nor process state information (/proc/pid).
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
<rolecap/>
</interface>
<interface name="kernel_write_proc_files" lineno="923">
<summary>
Write to generic proc entries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_read_system_state" lineno="942">
<summary>
Do not audit attempts by caller to
read system state information in proc.
</summary>
<param name="domain">
<summary>
The process type not to audit.
</summary>
</param>
</interface>
<interface name="kernel_search_numa_state" lineno="961">
<summary>
Allow searching of numa state directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_numa_state" lineno="981">
<summary>
Do not audit attempts to search the numa
state directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_numa_state" lineno="1000">
<summary>
Allow caller to read the numa state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_numa_state_symlinks" lineno="1022">
<summary>
Allow caller to read the numa state symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_write_numa_state" lineno="1043">
<summary>
Allow caller to write numa state information.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_read_proc_symlinks" lineno="1062">
<summary>
Do not audit attempts by caller to
read system state information in proc.
</summary>
<param name="domain">
<summary>
The process type not to audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_afs_state" lineno="1081">
<summary>
Allow caller to read and write state information for AFS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_software_raid_state" lineno="1101">
<summary>
Allow caller to read the state information for software raid.
</summary>
<param name="domain">
<summary>
The process type reading software raid state.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_software_raid_state" lineno="1121">
<summary>
Allow caller to read and set the state information for software raid.
</summary>
<param name="domain">
<summary>
The process type reading software raid state.
</summary>
</param>
</interface>
<interface name="kernel_getattr_core_if" lineno="1141">
<summary>
Allows caller to get attribues of core kernel interface.
</summary>
<param name="domain">
<summary>
The process type getting the attibutes.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_core_if" lineno="1162">
<summary>
Do not audit attempts to get the attributes of
core kernel interfaces.
</summary>
<param name="domain">
<summary>
The process type to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_core_if" lineno="1180">
<summary>
Allows caller to read the core kernel interface.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_messages" lineno="1204">
<summary>
Allow caller to read kernel messages
using the /proc/kmsg interface.
</summary>
<param name="domain">
<summary>
The process type reading the messages.
</summary>
</param>
</interface>
<interface name="kernel_getattr_message_if" lineno="1226">
<summary>
Allow caller to get the attributes of kernel message
interface (/proc/kmsg).
</summary>
<param name="domain">
<summary>
The process type getting the attributes.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_message_if" lineno="1245">
<summary>
Do not audit attempts by caller to get the attributes of kernel
message interfaces.
</summary>
<param name="domain">
<summary>
The process type not to audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_network_state" lineno="1265">
<summary>
Do not audit attempts to search the network
state directory.
</summary>
<param name="domain">
<summary>
The process type reading the state.
</summary>
</param>
</interface>
<interface name="kernel_search_network_state" lineno="1284">
<summary>
Allow searching of network state directory.
</summary>
<param name="domain">
<summary>
The process type reading the state.
</summary>
</param>
</interface>
<interface name="kernel_read_network_state" lineno="1315">
<summary>
Read the network state information.
</summary>
<desc>
<p>
Allow the specified domain to read the networking
state information. This includes several pieces
of networking information, such as network interface
names, netfilter (iptables) statistics, protocol
information, routes, and remote procedure call (RPC)
information.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
<rolecap/>
</interface>
<interface name="kernel_read_network_state_symlinks" lineno="1336">
<summary>
Allow caller to read the network state symbolic links.
</summary>
<param name="domain">
<summary>
The process type reading the state.
</summary>
</param>
</interface>
<interface name="kernel_search_xen_state" lineno="1357">
<summary>
Allow searching of xen state directory.
</summary>
<param name="domain">
<summary>
The process type reading the state.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_xen_state" lineno="1377">
<summary>
Do not audit attempts to search the xen
state directory.
</summary>
<param name="domain">
<summary>
The process type reading the state.
</summary>
</param>
</interface>
<interface name="kernel_read_xen_state" lineno="1396">
<summary>
Allow caller to read the xen state information.
</summary>
<param name="domain">
<summary>
The process type reading the state.
</summary>
</param>
</interface>
<interface name="kernel_read_xen_state_symlinks" lineno="1418">
<summary>
Allow caller to read the xen state symbolic links.
</summary>
<param name="domain">
<summary>
The process type reading the state.
</summary>
</param>
</interface>
<interface name="kernel_write_xen_state" lineno="1439">
<summary>
Allow caller to write xen state information.
</summary>
<param name="domain">
<summary>
The process type writing the state.
</summary>
</param>
</interface>
<interface name="kernel_list_all_proc" lineno="1457">
<summary>
Allow attempts to list all proc directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_list_all_proc" lineno="1476">
<summary>
Do not audit attempts to list all proc directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_sysctl" lineno="1497">
<summary>
Do not audit attempts by caller to search
the base directory of sysctls.
</summary>
<param name="domain">
<summary>
The process type not to audit.
</summary>
</param>
</interface>
<interface name="kernel_read_sysctl" lineno="1516">
<summary>
Allow access to read sysctl directories.
</summary>
<param name="domain">
<summary>
The process type to allow to read sysctl directories.
</summary>
</param>
</interface>
<interface name="kernel_read_device_sysctls" lineno="1536">
<summary>
Allow caller to read the device sysctls.
</summary>
<param name="domain">
<summary>
The process type to allow to read the device sysctls.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_device_sysctls" lineno="1557">
<summary>
Read and write device sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_search_vm_sysctl" lineno="1577">
<summary>
Allow caller to search virtual memory sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_vm_sysctls" lineno="1596">
<summary>
Allow caller to read virtual memory sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_vm_sysctls" lineno="1617">
<summary>
Read and write virtual memory sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_search_network_sysctl" lineno="1639">
<summary>
Search network sysctl directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_search_network_sysctl" lineno="1657">
<summary>
Do not audit attempts by caller to search network sysctl directories.
</summary>
<param name="domain">
<summary>
The process type not to audit.
</summary>
</param>
</interface>
<interface name="kernel_read_net_sysctls" lineno="1676">
<summary>
Allow caller to read network sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_net_sysctls" lineno="1697">
<summary>
Allow caller to modiry contents of sysctl network files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_unix_sysctls" lineno="1719">
<summary>
Allow caller to read unix domain
socket sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_unix_sysctls" lineno="1741">
<summary>
Read and write unix domain
socket sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_hotplug_sysctls" lineno="1762">
<summary>
Read the hotplug sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_hotplug_sysctls" lineno="1783">
<summary>
Read and write the hotplug sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_modprobe_sysctls" lineno="1804">
<summary>
Read the modprobe sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_modprobe_sysctls" lineno="1825">
<summary>
Read and write the modprobe sysctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_search_kernel_sysctl" lineno="1845">
<summary>
Do not audit attempts to search generic kernel sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_crypto_sysctls" lineno="1863">
<summary>
Read generic crypto sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_kernel_sysctls" lineno="1904">
<summary>
Read general kernel sysctls.
</summary>
<desc>
<p>
Allow the specified domain to read general
kernel sysctl settings. These settings are typically
read using the sysctl program. The settings
that are included by this interface are prefixed
with "kernel.", for example, kernel.sysrq.
</p>
<p>
This does not include access to the hotplug
handler setting (kernel.hotplug)
nor the module installer handler setting
(kernel.modprobe).
</p>
<p>
Related interfaces:
</p>
<ul>
<li>kernel_rw_kernel_sysctl()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="kernel_dontaudit_write_kernel_sysctl" lineno="1924">
<summary>
Do not audit attempts to write generic kernel sysctls.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_kernel_sysctl" lineno="1943">
<summary>
Read and write generic kernel sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_fs_sysctls" lineno="1964">
<summary>
Read filesystem sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_fs_sysctls" lineno="1985">
<summary>
Read and write fileystem sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_irq_sysctls" lineno="2006">
<summary>
Read IRQ sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_irq_sysctls" lineno="2027">
<summary>
Read and write IRQ sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_read_rpc_sysctls" lineno="2048">
<summary>
Read RPC sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_rpc_sysctls" lineno="2069">
<summary>
Read and write RPC sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_dontaudit_list_all_sysctls" lineno="2089">
<summary>
Do not audit attempts to list all sysctl directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_read_all_sysctls" lineno="2109">
<summary>
Allow caller to read all sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_rw_all_sysctls" lineno="2132">
<summary>
Read and write all sysctls.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kernel_kill_unlabeled" lineno="2156">
<summary>
Send a kill signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_mount_unlabeled" lineno="2174">
<summary>
Mount a kernel unlabeled filesystem.
</summary>
<param name="domain">
<summary>
The type of the domain mounting the filesystem.
</summary>
</param>
</interface>
<interface name="kernel_unmount_unlabeled" lineno="2192">
<summary>
Unmount a kernel unlabeled filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_signal_unlabeled" lineno="2211">
<summary>
Send general signals to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_signull_unlabeled" lineno="2229">
<summary>
Send a null signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sigstop_unlabeled" lineno="2247">
<summary>
Send a stop signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sigchld_unlabeled" lineno="2265">
<summary>
Send a child terminated signal to unlabeled processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_list_unlabeled" lineno="2283">
<summary>
List unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_read_unlabeled_state" lineno="2301">
<summary>
Read the process state (/proc/pid) of all unlabeled_t.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_list_unlabeled" lineno="2321">
<summary>
Do not audit attempts to list unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_dirs" lineno="2339">
<summary>
Read and write unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_files" lineno="2357">
<summary>
Read and write unlabeled files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_files" lineno="2376">
<summary>
Do not audit attempts by caller to get the
attributes of an unlabeled file.
</summary>
<param name="domain">
<summary>
The process type not to audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_read_unlabeled_files" lineno="2395">
<summary>
Do not audit attempts by caller to
read an unlabeled file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_symlinks" lineno="2414">
<summary>
Do not audit attempts by caller to get the
attributes of unlabeled symbolic links.
</summary>
<param name="domain">
<summary>
The process type not to audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_pipes" lineno="2433">
<summary>
Do not audit attempts by caller to get the
attributes of unlabeled named pipes.
</summary>
<param name="domain">
<summary>
The process type not to audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_sockets" lineno="2452">
<summary>
Do not audit attempts by caller to get the
attributes of unlabeled named sockets.
</summary>
<param name="domain">
<summary>
The process type not to audit.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_blk_files" lineno="2471">
<summary>
Do not audit attempts by caller to get attributes for
unlabeled block devices.
</summary>
<param name="domain">
<summary>
The process type not to audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_blk_files" lineno="2489">
<summary>
Read and write unlabeled block device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_socket" lineno="2507">
<summary>
Read and write unlabeled sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_getattr_unlabeled_chr_files" lineno="2526">
<summary>
Do not audit attempts by caller to get attributes for
unlabeled character devices.
</summary>
<param name="domain">
<summary>
The process type not to audit.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_dirs" lineno="2544">
<summary>
Allow caller to relabel unlabeled directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_fs" lineno="2562">
<summary>
Allow caller to relabel unlabeled filesystems.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_files" lineno="2580">
<summary>
Allow caller to relabel unlabeled files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_symlinks" lineno="2599">
<summary>
Allow caller to relabel unlabeled symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_pipes" lineno="2618">
<summary>
Allow caller to relabel unlabeled named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_sockets" lineno="2637">
<summary>
Allow caller to relabel unlabeled named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sendrecv_unlabeled_association" lineno="2671">
<summary>
Send and receive messages from an
unlabeled IPSEC association.
</summary>
<desc>
<p>
Send and receive messages from an
unlabeled IPSEC association. Network
connections that are not protected
by IPSEC have use an unlabeled
assocation.
</p>
<p>
The corenetwork interface
corenet_non_ipsec_sendrecv() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_sendrecv_unlabeled_association" lineno="2707">
<summary>
Do not audit attempts to send and receive messages
from an unlabeled IPSEC association.
</summary>
<desc>
<p>
Do not audit attempts to send and receive messages
from an unlabeled IPSEC association. Network
connections that are not protected
by IPSEC have use an unlabeled
assocation.
</p>
<p>
The corenetwork interface
corenet_dontaudit_non_ipsec_sendrecv() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_tcp_recvfrom_unlabeled" lineno="2734">
<summary>
Receive TCP packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive TCP packets from an unlabeled connection.
</p>
<p>
The corenetwork interface corenet_tcp_recv_unlabeled() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_tcp_recvfrom_unlabeled" lineno="2763">
<summary>
Do not audit attempts to receive TCP packets from an unlabeled
connection.
</summary>
<desc>
<p>
Do not audit attempts to receive TCP packets from an unlabeled
connection.
</p>
<p>
The corenetwork interface corenet_dontaudit_tcp_recv_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_udp_recvfrom_unlabeled" lineno="2790">
<summary>
Receive UDP packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive UDP packets from an unlabeled connection.
</p>
<p>
The corenetwork interface corenet_udp_recv_unlabeled() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_udp_recvfrom_unlabeled" lineno="2819">
<summary>
Do not audit attempts to receive UDP packets from an unlabeled
connection.
</summary>
<desc>
<p>
Do not audit attempts to receive UDP packets from an unlabeled
connection.
</p>
<p>
The corenetwork interface corenet_dontaudit_udp_recv_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_raw_recvfrom_unlabeled" lineno="2846">
<summary>
Receive Raw IP packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive Raw IP packets from an unlabeled connection.
</p>
<p>
The corenetwork interface corenet_raw_recv_unlabeled() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_raw_recvfrom_unlabeled" lineno="2875">
<summary>
Do not audit attempts to receive Raw IP packets from an unlabeled
connection.
</summary>
<desc>
<p>
Do not audit attempts to receive Raw IP packets from an unlabeled
connection.
</p>
<p>
The corenetwork interface corenet_dontaudit_raw_recv_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_rw_unlabeled_rawip_socket" lineno="2902">
<summary>
Read/Write Raw IP packets from an unlabeled connection.
</summary>
<desc>
<p>
Receive Raw IP packets from an unlabeled connection.
</p>
<p>
The corenetwork interface corenet_raw_recv_unlabeled() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_sendrecv_unlabeled_packets" lineno="2932">
<summary>
Send and receive unlabeled packets.
</summary>
<desc>
<p>
Send and receive unlabeled packets.
These packets do not match any netfilter
SECMARK rules.
</p>
<p>
The corenetwork interface
corenet_sendrecv_unlabeled_packets() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_recvfrom_unlabeled_peer" lineno="2960">
<summary>
Receive packets from an unlabeled peer.
</summary>
<desc>
<p>
Receive packets from an unlabeled peer, these packets do not have any
peer labeling information present.
</p>
<p>
The corenetwork interface corenet_recvfrom_unlabeled_peer() should
be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_dontaudit_recvfrom_unlabeled_peer" lineno="2988">
<summary>
Do not audit attempts to receive packets from an unlabeled peer.
</summary>
<desc>
<p>
Do not audit attempts to receive packets from an unlabeled peer,
these packets do not have any peer labeling information present.
</p>
<p>
The corenetwork interface corenet_dontaudit_*_recvfrom_unlabeled()
should be used instead of this one.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kernel_relabelfrom_unlabeled_database" lineno="3006">
<summary>
Relabel from unlabeled database objects.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_relabelto_unlabeled" lineno="3043">
<summary>
Relabel to unlabeled context .
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_unconfined" lineno="3061">
<summary>
Unconfined access to kernel module resources.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_rw_stream_socket_perms" lineno="3080">
<summary>
Allow the specified domain to read/write on
the kernel with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kernel_stream_connect" lineno="3100">
<summary>
Allow the specified domain to connect to
the kernel with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procs_type" lineno="3118">
<summary>
Make the specified type usable for regular entries in proc
</summary>
<param name="type">
<summary>
Type to be used for /proc entries.
</summary>
</param>
</interface>
</module>
<module name="mcs" filename="policy/modules/kernel/mcs.if">
<summary>Multicategory security policy</summary>
<required val="true">
Contains attributes used in MCS policy.
</required>
<interface name="mcs_file_read_all" lineno="18">
<summary>
This domain is allowed to read files and directories
regardless of their MCS category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mcs_file_write_all" lineno="38">
<summary>
This domain is allowed to write files and directories
regardless of their MCS category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mcs_killall" lineno="58">
<summary>
This domain is allowed to sigkill and sigstop
all domains regardless of their MCS category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mcs_ptrace_all" lineno="78">
<summary>
This domain is allowed to ptrace
all domains regardless of their MCS
category set.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="mcs_process_set_categories" lineno="98">
<summary>
Make specified domain MCS trusted
for setting any category set for
the processes it executes.
</summary>
<param name="domain">
<summary>
Domain target for user exemption.
</summary>
</param>
</interface>
<interface name="mcs_untrusted_proc" lineno="124">
<summary>
Make specified process type MCS untrusted.
</summary>
<desc>
<p>
Make specified process type MCS untrusted. This
prevents this process from sending signals to other processes
with different mcs labels
object.
</p>
</desc>
<param name="domain">
<summary>
The type of the process.
</summary>
</param>
</interface>
<interface name="mcs_socket_write_all_levels" lineno="144">
<summary>
Make specified domain MCS trusted
for writing to sockets at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mls" filename="policy/modules/kernel/mls.if">
<summary>Multilevel security policy</summary>
<desc>
<p>
This module contains interfaces for handling multilevel
security. The interfaces allow the specified subjects
and objects to be allowed certain privileges in the
MLS rules.
</p>
</desc>
<required val="true">
Contains attributes used in MLS policy.
</required>
<interface name="mls_file_read_to_clearance" lineno="26">
<summary>
Make specified domain MLS trusted
for reading from files up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_read_up" lineno="55">
<summary>
Make specified domain MLS trusted
for reading from files at all levels. (Deprecated)
</summary>
<desc>
<p>
Make specified domain MLS trusted
for reading from files at all levels.
</p>
<p>
This interface has been deprecated, please use
mls_file_read_all_levels() instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_file_read_all_levels" lineno="72">
<summary>
Make specified domain MLS trusted
for reading from files at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_write_to_clearance" lineno="92">
<summary>
Make specified domain MLS trusted
for write to files up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_write_down" lineno="121">
<summary>
Make specified domain MLS trusted
for writing to files at all levels. (Deprecated)
</summary>
<desc>
<p>
Make specified domain MLS trusted
for writing to files at all levels.
</p>
<p>
This interface has been deprecated, please use
mls_file_write_all_levels() instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_file_write_all_levels" lineno="138">
<summary>
Make specified domain MLS trusted
for writing to files at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_upgrade" lineno="158">
<summary>
Make specified domain MLS trusted
for raising the level of files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_downgrade" lineno="178">
<summary>
Make specified domain MLS trusted
for lowering the level of files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_file_write_within_range" lineno="200">
<summary>
Make specified domain trusted to
be written to within its MLS range.
The subject's MLS range must be a
proper subset of the object's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_read_all_levels" lineno="220">
<summary>
Make specified domain MLS trusted
for reading from sockets at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_read_to_clearance" lineno="241">
<summary>
Make specified domain MLS trusted
for reading from sockets at any level
that is dominated by the process clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_write_to_clearance" lineno="262">
<summary>
Make specified domain MLS trusted
for writing to sockets up to
its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_socket_write_all_levels" lineno="282">
<summary>
Make specified domain MLS trusted
for writing to sockets at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_receive_all_levels" lineno="303">
<summary>
Make specified domain MLS trusted
for receiving network data from
network interfaces or hosts at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_write_within_range" lineno="325">
<summary>
Make specified domain trusted to
write to network objects within its MLS range.
The subject's MLS range must be a
proper subset of the object's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_inbound_all_levels" lineno="346">
<summary>
Make specified domain trusted to
write inbound packets regardless of the
network's or node's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_net_outbound_all_levels" lineno="367">
<summary>
Make specified domain trusted to
write outbound packets regardless of the
network's or node's MLS range.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_read_to_clearance" lineno="388">
<summary>
Make specified domain MLS trusted
for reading from System V IPC objects
up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_read_all_levels" lineno="409">
<summary>
Make specified domain MLS trusted
for reading from System V IPC objects
at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_write_to_clearance" lineno="430">
<summary>
Make specified domain MLS trusted
for writing to System V IPC objects
up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_sysvipc_write_all_levels" lineno="451">
<summary>
Make specified domain MLS trusted
for writing to System V IPC objects
at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_rangetrans_source" lineno="471">
<summary>
Allow the specified domain to do a MLS
range transition that changes
the current level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_rangetrans_target" lineno="491">
<summary>
Make specified domain a target domain
for MLS range transitions that change
the current level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_process_read_to_clearance" lineno="512">
<summary>
Make specified domain MLS trusted
for reading from processes up to
its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_read_up" lineno="541">
<summary>
Make specified domain MLS trusted
for reading from processes at all levels. (Deprecated)
</summary>
<desc>
<p>
Make specified domain MLS trusted
for reading from processes at all levels.
</p>
<p>
This interface has been deprecated, please use
mls_process_read_all_levels() instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_process_read_all_levels" lineno="558">
<summary>
Make specified domain MLS trusted
for reading from processes at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_write_to_clearance" lineno="579">
<summary>
Make specified domain MLS trusted
for writing to processes up to
its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_write_down" lineno="608">
<summary>
Make specified domain MLS trusted
for writing to processes at all levels. (Deprecated)
</summary>
<desc>
<p>
Make specified domain MLS trusted
for writing to processes at all levels.
</p>
<p>
This interface has been deprecated, please use
mls_process_write_all_levels() instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mls_process_write_all_levels" lineno="625">
<summary>
Make specified domain MLS trusted
for writing to processes at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_process_set_level" lineno="646">
<summary>
Make specified domain MLS trusted
for setting the level of processes
it executes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_read_to_clearance" lineno="666">
<summary>
Make specified domain MLS trusted
for reading from X objects up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_read_all_levels" lineno="686">
<summary>
Make specified domain MLS trusted
for reading from X objects at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_write_to_clearance" lineno="706">
<summary>
Make specified domain MLS trusted
for write to X objects up to its clearance.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_xwin_write_all_levels" lineno="726">
<summary>
Make specified domain MLS trusted
for writing to X objects at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_colormap_read_all_levels" lineno="746">
<summary>
Make specified domain MLS trusted
for reading from X colormaps at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_colormap_write_all_levels" lineno="766">
<summary>
Make specified domain MLS trusted
for writing to X colormaps at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_trusted_object" lineno="795">
<summary>
Make specified object MLS trusted.
</summary>
<desc>
<p>
Make specified object MLS trusted. This
allows all levels to read and write the
object.
</p>
<p>
This currently only applies to filesystem
objects, for example, files and directories.
</p>
</desc>
<param name="domain">
<summary>
The type of the object.
</summary>
</param>
</interface>
<interface name="mls_fd_use_all_levels" lineno="816">
<summary>
Make the specified domain trusted
to inherit and use file descriptors
from all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_fd_share_all_levels" lineno="837">
<summary>
Make the file descriptors from the
specifed domain inheritable by
all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_context_translate_all_levels" lineno="857">
<summary>
Make specified domain MLS trusted
for translating contexts at all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_read_all_levels" lineno="877">
<summary>
Make specified domain MLS trusted
for reading from databases at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_write_all_levels" lineno="897">
<summary>
Make specified domain MLS trusted
for writing to databases at any level.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_upgrade" lineno="917">
<summary>
Make specified domain MLS trusted
for raising the level of databases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_db_downgrade" lineno="937">
<summary>
Make specified domain MLS trusted
for lowering the level of databases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_dbus_send_all_levels" lineno="957">
<summary>
Make specified domain MLS trusted
for sending dbus messages to
all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mls_dbus_recv_all_levels" lineno="978">
<summary>
Make specified domain MLS trusted
for receiving dbus messages from
all levels.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="selinux" filename="policy/modules/kernel/selinux.if">
<summary>
Policy for kernel security interface, in particular, selinuxfs.
</summary>
<required val="true">
Contains the policy for the kernel SELinux security interface.
</required>
<interface name="selinux_labeled_boolean" lineno="34">
<summary>
Make the specified type used for labeling SELinux Booleans.
This interface is only usable in the base module.
</summary>
<desc>
<p>
Make the specified type used for labeling SELinux Booleans.
</p>
<p>
This makes use of genfscon statements, which are only
available in the base module. Thus any module which calls this
interface must be included in the base module.
</p>
</desc>
<param name="type">
<summary>
Type used for labeling a Boolean.
</summary>
</param>
<param name="boolean">
<summary>
Name of the Boolean.
</summary>
</param>
</interface>
<interface name="selinux_get_fs_mount" lineno="56">
<summary>
Get the mountpoint of the selinuxfs filesystem.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_get_fs_mount" lineno="82">
<summary>
Do not audit attempts to get the mountpoint
of the selinuxfs filesystem.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_getattr_fs" lineno="107">
<summary>
Get the attributes of the selinuxfs filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_getattr_fs" lineno="126">
<summary>
Do not audit attempts to get the
attributes of the selinuxfs filesystem
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_getattr_dir" lineno="145">
<summary>
Do not audit attempts to get the
attributes of the selinuxfs directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_search_fs" lineno="163">
<summary>
Search selinuxfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_search_fs" lineno="181">
<summary>
Do not audit attempts to search selinuxfs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_dontaudit_read_fs" lineno="200">
<summary>
Do not audit attempts to read
generic selinuxfs entries
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="selinux_get_enforce_mode" lineno="222">
<summary>
Allows the caller to get the mode of policy enforcement
(enforcing or permissive mode).
</summary>
<param name="domain">
<summary>
The process type to allow to get the enforcing mode.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_set_enforce_mode" lineno="254">
<summary>
Allow caller to set the mode of policy enforcement
(enforcing or permissive mode).
</summary>
<desc>
<p>
Allow caller to set the mode of policy enforcement
(enforcing or permissive mode).
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
The process type to allow to set the enforcement mode.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_load_policy" lineno="285">
<summary>
Allow caller to load the policy into the kernel.
</summary>
<param name="domain">
<summary>
The process type that will load the policy.
</summary>
</param>
</interface>
<interface name="selinux_read_policy" lineno="316">
<summary>
Allow caller to read the policy from the kernel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_set_boolean" lineno="353">
<summary>
Allow caller to set the state of Booleans to
enable or disable conditional portions of the policy. (Deprecated)
</summary>
<desc>
<p>
Allow caller to set the state of Booleans to
enable or disable conditional portions of the policy.
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
<p>
This interface has been deprecated. Please use
selinux_set_generic_booleans() or selinux_set_all_booleans()
instead.
</p>
</desc>
<param name="domain">
<summary>
The process type allowed to set the Boolean.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_set_generic_booleans" lineno="380">
<summary>
Allow caller to set the state of generic Booleans to
enable or disable conditional portions of the policy.
</summary>
<desc>
<p>
Allow caller to set the state of generic Booleans to
enable or disable conditional portions of the policy.
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
The process type allowed to set the Boolean.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_set_all_booleans" lineno="421">
<summary>
Allow caller to set the state of all Booleans to
enable or disable conditional portions of the policy.
</summary>
<desc>
<p>
Allow caller to set the state of all Booleans to
enable or disable conditional portions of the policy.
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
The process type allowed to set the Boolean.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_set_parameters" lineno="464">
<summary>
Allow caller to set SELinux access vector cache parameters.
</summary>
<desc>
<p>
Allow caller to set SELinux access vector cache parameters.
The allows the domain to set performance related parameters
of the AVC, such as cache threshold.
</p>
<p>
Since this is a security event, this action is
always audited.
</p>
</desc>
<param name="domain">
<summary>
The process type to allow to set security parameters.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_validate_context" lineno="488">
<summary>
Allows caller to validate security contexts.
</summary>
<param name="domain">
<summary>
The process type permitted to validate contexts.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_dontaudit_validate_context" lineno="509">
<summary>
Do not audit attempts to validate security contexts.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_compute_access_vector" lineno="530">
<summary>
Allows caller to compute an access vector.
</summary>
<param name="domain">
<summary>
The process type allowed to compute an access vector.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_compute_create_context" lineno="551">
<summary>
Calculate the default type for object creation.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="selinux_compute_member" lineno="572">
<summary>
Allows caller to compute polyinstatntiated
directory members.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_compute_relabel_context" lineno="601">
<summary>
Calculate the context for relabeling objects.
</summary>
<desc>
<p>
Calculate the context for relabeling objects.
This is determined by using the type_change
rules in the policy, and is generally used
for determining the context for relabeling
a terminal when a user logs in.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_compute_user_contexts" lineno="621">
<summary>
Allows caller to compute possible contexts for a user.
</summary>
<param name="domain">
<summary>
The process type allowed to compute user contexts.
</summary>
</param>
</interface>
<interface name="selinux_unconfined" lineno="641">
<summary>
Unconfined access to the SELinux kernel security server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="selinux_genbool" lineno="659">
<summary>
Generate a file context for a boolean type
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="storage" filename="policy/modules/kernel/storage.if">
<summary>Policy controlling access to storage devices</summary>
<interface name="storage_getattr_fixed_disk_dev" lineno="14">
<summary>
Allow the caller to get the attributes of fixed disk
device nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_getattr_fixed_disk_dev" lineno="34">
<summary>
Do not audit attempts made by the caller to get
the attributes of fixed disk device nodes.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="storage_setattr_fixed_disk_dev" lineno="54">
<summary>
Allow the caller to set the attributes of fixed disk
device nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_setattr_fixed_disk_dev" lineno="74">
<summary>
Do not audit attempts made by the caller to set
the attributes of fixed disk device nodes.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_read_fixed_disk" lineno="95">
<summary>
Allow the caller to directly read from a fixed disk.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_read_fixed_disk" lineno="120">
<summary>
Do not audit attempts made by the caller to read
fixed disk device nodes.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_write_fixed_disk" lineno="143">
<summary>
Allow the caller to directly write to a fixed disk.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_write_fixed_disk" lineno="166">
<summary>
Do not audit attempts made by the caller to write
fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_rw_fixed_disk" lineno="188">
<summary>
Allow the caller to directly read and write to a fixed disk.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_create_fixed_disk_dev" lineno="203">
<summary>
Allow the caller to create fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_delete_fixed_disk_dev" lineno="225">
<summary>
Allow the caller to create fixed disk device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="storage_manage_fixed_disk" lineno="244">
<summary>
Create, read, write, and delete fixed disk device nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_dev_filetrans_fixed_disk" lineno="268">
<summary>
Create block devices in /dev with the fixed disk type
via an automatic type transition.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_tmpfs_filetrans_fixed_disk" lineno="288">
<summary>
Create block devices in on a tmpfs filesystem with the
fixed disk type via an automatic type transition.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_relabel_fixed_disk" lineno="306">
<summary>
Relabel fixed disk device nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_swapon_fixed_disk" lineno="325">
<summary>
Enable a fixed disk device as swap space
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_getattr_fuse_dev" lineno="345">
<summary>
Allow the caller to get the attributes
of device nodes of fuse devices.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_rw_fuse" lineno="364">
<summary>
read or write fuse device interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_rw_fuse" lineno="383">
<summary>
Do not audit attempts to read or write
fuse device interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_getattr_scsi_generic_dev" lineno="402">
<summary>
Allow the caller to get the attributes of
the generic SCSI interface device nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_setattr_scsi_generic_dev" lineno="422">
<summary>
Allow the caller to set the attributes of
the generic SCSI interface device nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_read_scsi_generic" lineno="445">
<summary>
Allow the caller to directly read, in a
generic fashion, from any SCSI device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_write_scsi_generic" lineno="470">
<summary>
Allow the caller to directly write, in a
generic fashion, from any SCSI device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_setattr_scsi_generic_dev_dev" lineno="492">
<summary>
Set attributes of the device nodes
for the SCSI generic inerface.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_rw_scsi_generic" lineno="512">
<summary>
Do not audit attempts to read or write
SCSI generic device interfaces.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_getattr_removable_dev" lineno="531">
<summary>
Allow the caller to get the attributes of removable
devices device nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_getattr_removable_dev" lineno="551">
<summary>
Do not audit attempts made by the caller to get
the attributes of removable devices device nodes.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_read_removable_device" lineno="570">
<summary>
Do not audit attempts made by the caller to read
removable devices device nodes.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_write_removable_device" lineno="590">
<summary>
Do not audit attempts made by the caller to write
removable devices device nodes.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="storage_setattr_removable_dev" lineno="610">
<summary>
Allow the caller to set the attributes of removable
devices device nodes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_setattr_removable_dev" lineno="630">
<summary>
Do not audit attempts made by the caller to set
the attributes of removable devices device nodes.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_read_removable_device" lineno="652">
<summary>
Allow the caller to directly read from
a removable device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_raw_read_removable_device" lineno="671">
<summary>
Do not audit attempts to directly read removable devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_raw_write_removable_device" lineno="693">
<summary>
Allow the caller to directly write to
a removable device.
This is extremly dangerous as it can bypass the
SELinux protections for filesystem objects, and
should only be used by trusted domains.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_dontaudit_raw_write_removable_device" lineno="712">
<summary>
Do not audit attempts to directly write removable devices.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="storage_read_tape" lineno="731">
<summary>
Allow the caller to directly read
a tape device.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_write_tape" lineno="751">
<summary>
Allow the caller to directly read
a tape device.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_getattr_tape_dev" lineno="771">
<summary>
Allow the caller to get the attributes
of device nodes of tape devices.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_setattr_tape_dev" lineno="791">
<summary>
Allow the caller to set the attributes
of device nodes of tape devices.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="storage_unconfined" lineno="810">
<summary>
Unconfined access to storage devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="terminal" filename="policy/modules/kernel/terminal.if">
<summary>Policy for terminals.</summary>
<required val="true">
Depended on by other required modules.
</required>
<interface name="term_pty" lineno="16">
<summary>
Transform specified type into a pty type.
</summary>
<param name="pty_type">
<summary>
An object type that will applied to a pty.
</summary>
</param>
</interface>
<interface name="term_user_pty" lineno="45">
<summary>
Transform specified type into an user
pty type. This allows it to be relabeled via
type change by login programs such as ssh.
</summary>
<param name="userdomain">
<summary>
The type of the user domain associated with
this pty.
</summary>
</param>
<param name="object_type">
<summary>
An object type that will applied to a pty.
</summary>
</param>
</interface>
<interface name="term_login_pty" lineno="65">
<summary>
Transform specified type into a pty type
used by login programs, such as sshd.
</summary>
<param name="pty_type">
<summary>
An object type that will applied to a pty.
</summary>
</param>
</interface>
<interface name="term_tty" lineno="84">
<summary>
Transform specified type into a tty type.
</summary>
<param name="tty_type">
<summary>
An object type that will applied to a tty.
</summary>
</param>
</interface>
<interface name="term_user_tty" lineno="110">
<summary>
Transform specified type into a user tty type.
</summary>
<param name="domain">
<summary>
User domain that is related to this tty.
</summary>
</param>
<param name="tty_type">
<summary>
An object type that will applied to a tty.
</summary>
</param>
</interface>
<interface name="term_create_pty" lineno="142">
<summary>
Create a pty in the /dev/pts directory.
</summary>
<param name="domain">
<summary>
The type of the process creating the pty.
</summary>
</param>
<param name="pty_type">
<summary>
The type of the pty.
</summary>
</param>
</interface>
<interface name="term_write_all_terms" lineno="168">
<summary>
Write the console, all
ttys and all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_use_all_terms" lineno="191">
<summary>
Read and write the console, all
ttys and all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_write_console" lineno="213">
<summary>
Write to the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_read_console" lineno="233">
<summary>
Read from the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_read_console" lineno="253">
<summary>
Do not audit attempts to read from the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_use_console" lineno="272">
<summary>
Read from and write to the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_console" lineno="292">
<summary>
Do not audit attemtps to read from
or write to the console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_setattr_console" lineno="314">
<summary>
Set the attributes of the console
device node.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabel_console" lineno="333">
<summary>
Relabel from and to the console type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_relabel_devpts" lineno="352">
<summary>
Relabel from and to the console type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_create_console_dev" lineno="371">
<summary>
Create the console device (/dev/console).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_pty_fs" lineno="391">
<summary>
Get the attributes of a pty filesystem
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_getattr_pty_dirs" lineno="410">
<summary>
Do not audit attempts to get the
attributes of the /dev/pts directory.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="term_search_ptys" lineno="428">
<summary>
Search the contents of the /dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_search_ptys" lineno="448">
<summary>
Do not audit attempts to search the
contents of the /dev/pts directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_list_ptys" lineno="468">
<summary>
Read the /dev/pts directory to
list all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_list_ptys" lineno="488">
<summary>
Do not audit attempts to read the
/dev/pts directory.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="term_dontaudit_manage_pty_dirs" lineno="507">
<summary>
Do not audit attempts to create, read,
write, or delete the /dev/pts directory.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="term_dontaudit_getattr_generic_ptys" lineno="526">
<summary>
Do not audit attempts to get the attributes
of generic pty devices.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="term_ioctl_generic_ptys" lineno="544">
<summary>
ioctl of generic pty devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_setattr_generic_ptys" lineno="566">
<summary>
Allow setting the attributes of
generic pty devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_setattr_generic_ptys" lineno="586">
<summary>
Dontaudit setting the attributes of
generic pty devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_generic_ptys" lineno="606">
<summary>
Read and write the generic pty
type. This is generally only used in
the targeted policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_use_generic_ptys" lineno="628">
<summary>
Dot not audit attempts to read and
write the generic pty type. This is
generally only used in the targeted policy.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="term_setattr_controlling_term" lineno="646">
<summary>
Set the attributes of the tty device
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_controlling_term" lineno="666">
<summary>
Read and write the controlling
terminal (/dev/tty).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_ptmx" lineno="685">
<summary>
Read and write the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
The type of the process to allow access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_getattr_ptmx" lineno="705">
<summary>
Do not audit attempts to get attributes
on the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="term_dontaudit_use_ptmx" lineno="724">
<summary>
Do not audit attempts to read and
write the pty multiplexor (/dev/ptmx).
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="term_getattr_all_ptys" lineno="744">
<summary>
Get the attributes of all
pty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_all_ptys" lineno="767">
<summary>
Do not audit attempts to get the
attributes of any pty
device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_setattr_all_ptys" lineno="787">
<summary>
Set the attributes of all
pty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabelto_all_ptys" lineno="808">
<summary>
Relabel to all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_all_ptys" lineno="826">
<summary>
Write to all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_all_ptys" lineno="846">
<summary>
Read and write all ptys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_all_ptys" lineno="867">
<summary>
Do not audit attempts to read or write any ptys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="term_relabel_all_ptys" lineno="885">
<summary>
Relabel from and to all pty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_all_user_ptys" lineno="907">
<summary>
Get the attributes of all user
pty device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_all_user_ptys" lineno="924">
<summary>
Do not audit attempts to get the
attributes of any user pty
device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_setattr_all_user_ptys" lineno="941">
<summary>
Set the attributes of all user
pty device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabelto_all_user_ptys" lineno="956">
<summary>
Relabel to all user ptys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_all_user_ptys" lineno="971">
<summary>
Write to all user ptys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_all_user_ptys" lineno="987">
<summary>
Read and write all user ptys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_all_user_ptys" lineno="1003">
<summary>
Do not audit attempts to read any
user ptys. (Deprecated)
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="term_relabel_all_user_ptys" lineno="1019">
<summary>
Relabel from and to all user
user pty device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_unallocated_ttys" lineno="1036">
<summary>
Get the attributes of all unallocated
tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_unallocated_ttys" lineno="1056">
<summary>
Do not audit attempts to get the attributes
of all unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_setattr_unallocated_ttys" lineno="1076">
<summary>
Set the attributes of all unallocated
tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_setattr_unallocated_ttys" lineno="1096">
<summary>
Do not audit attempts to set the attributes
of unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_dontaudit_ioctl_unallocated_ttys" lineno="1115">
<summary>
Do not audit attempts to ioctl
unallocated tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_relabel_unallocated_ttys" lineno="1134">
<summary>
Relabel from and to the unallocated
tty type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_reset_tty_labels" lineno="1154">
<summary>
Relabel from all user tty types to
the unallocated tty type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_append_unallocated_ttys" lineno="1175">
<summary>
Append to unallocated ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_unallocated_ttys" lineno="1194">
<summary>
Write to unallocated ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_unallocated_ttys" lineno="1214">
<summary>
Read and write unallocated ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_unallocated_ttys" lineno="1234">
<summary>
Do not audit attempts to read or
write unallocated ttys.
</summary>
<param name="domain">
<summary>
The type of the process to not audit.
</summary>
</param>
</interface>
<interface name="term_getattr_all_ttys" lineno="1253">
<summary>
Get the attributes of all tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_all_ttys" lineno="1273">
<summary>
Do not audit attempts to get the
attributes of any tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_setattr_all_ttys" lineno="1295">
<summary>
Set the attributes of all tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabel_all_ttys" lineno="1314">
<summary>
Relabel from and to all tty device nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_all_ttys" lineno="1333">
<summary>
Write to all ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_all_ttys" lineno="1353">
<summary>
Read and write all ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_all_ttys" lineno="1373">
<summary>
Do not audit attempts to read or write
any ttys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_all_user_ttys" lineno="1393">
<summary>
Get the attributes of all user tty
device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_getattr_all_user_ttys" lineno="1410">
<summary>
Do not audit attempts to get the
attributes of any user tty
device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_setattr_all_user_ttys" lineno="1427">
<summary>
Set the attributes of all user tty
device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_relabel_all_user_ttys" lineno="1443">
<summary>
Relabel from and to all user
user tty device nodes. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_write_all_user_ttys" lineno="1458">
<summary>
Write to all user ttys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_all_user_ttys" lineno="1474">
<summary>
Read and write all user to all user ttys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="term_dontaudit_use_all_user_ttys" lineno="1490">
<summary>
Do not audit attempts to read or write
any user ttys. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_getattr_virtio_console" lineno="1505">
<summary>
Getattr on the virtio console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="term_use_virtio_console" lineno="1523">
<summary>
Read from and write to the virtio console.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ubac" filename="policy/modules/kernel/ubac.if">
<summary>User-based access control policy</summary>
<required val="true">
Contains attributes used in UBAC policy.
</required>
<interface name="ubac_constrained" lineno="29">
<summary>
Constrain by user-based access control (UBAC).
</summary>
<desc>
<p>
Constrain the specified type by user-based
access control (UBAC). Typically, these are
user processes or user files that need to be
differentiated by SELinux user. Normally this
does not include administrative or privileged
programs. For the UBAC rules to be enforced,
both the subject (source) type and the object
(target) types must be UBAC constrained.
</p>
</desc>
<param name="type">
<summary>
Type to be constrained by UBAC.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="ubac_file_exempt" lineno="47">
<summary>
Exempt user-based access control for files.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_process_exempt" lineno="65">
<summary>
Exempt user-based access control for processes.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_fd_exempt" lineno="83">
<summary>
Exempt user-based access control for file descriptors.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_socket_exempt" lineno="101">
<summary>
Exempt user-based access control for sockets.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_sysvipc_exempt" lineno="119">
<summary>
Exempt user-based access control for SysV IPC.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_xwin_exempt" lineno="137">
<summary>
Exempt user-based access control for X Windows.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_dbus_exempt" lineno="155">
<summary>
Exempt user-based access control for dbus.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_key_exempt" lineno="173">
<summary>
Exempt user-based access control for keys.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
<interface name="ubac_db_exempt" lineno="191">
<summary>
Exempt user-based access control for databases.
</summary>
<param name="domain">
<summary>
Domain to be exempted.
</summary>
</param>
</interface>
</module>
<module name="unlabelednet" filename="policy/modules/kernel/unlabelednet.if">
<summary> Policy for allowing confined domains to use unlabeled_t packets </summary>
</module>
</layer>
<layer name="roles">
<summary>Policy modules for user roles.</summary>
<module name="auditadm" filename="policy/modules/roles/auditadm.if">
<summary>Audit administrator role</summary>
<interface name="auditadm_role_change" lineno="14">
<summary>
Change to the audit administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auditadm_role_change_to" lineno="44">
<summary>
Change from the audit administrator role.
</summary>
<desc>
<p>
Change from the audit administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dbadm" filename="policy/modules/roles/dbadm.if">
<summary>Database administrator role</summary>
<interface name="dbadm_role_change" lineno="14">
<summary>
Change to the database administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dbadm_role_change_to" lineno="44">
<summary>
Change from the database administrator role.
</summary>
<desc>
<p>
Change from the web administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="guest" filename="policy/modules/roles/guest.if">
<summary>Least privledge terminal user</summary>
<interface name="guest_role_change" lineno="14">
<summary>
Change to the guest role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="guest_role_change_to" lineno="44">
<summary>
Change from the guest role.
</summary>
<desc>
<p>
Change from the guest role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="logadm" filename="policy/modules/roles/logadm.if">
<summary>Log administrator role</summary>
<interface name="logadm_role_change" lineno="14">
<summary>
Change to the log administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logadm_role_change_to" lineno="44">
<summary>
Change from the log administrator role.
</summary>
<desc>
<p>
Change from the log administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="secadm" filename="policy/modules/roles/secadm.if">
<summary>Security administrator role</summary>
<interface name="secadm_role_change" lineno="14">
<summary>
Change to the security administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="secadm_role_change_to_template" lineno="44">
<summary>
Change from the security administrator role.
</summary>
<desc>
<p>
Change from the security administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="staff" filename="policy/modules/roles/staff.if">
<summary>Administrator's unprivileged user</summary>
<interface name="staff_role_change" lineno="14">
<summary>
Change to the staff role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="staff_role_change_to" lineno="44">
<summary>
Change from the staff role.
</summary>
<desc>
<p>
Change from the staff role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sysadm" filename="policy/modules/roles/sysadm.if">
<summary>General system administration role</summary>
<interface name="sysadm_role_change" lineno="14">
<summary>
Change to the system administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysadm_role_change_to" lineno="44">
<summary>
Change from the system administrator role.
</summary>
<desc>
<p>
Change from the system administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysadm_shell_domtrans" lineno="62">
<summary>
Execute a shell in the sysadm domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_bin_spec_domtrans" lineno="83">
<summary>
Execute a generic bin program in the sysadm domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_entry_spec_domtrans" lineno="106">
<summary>
Execute all entrypoint files in the sysadm domain. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_entry_spec_domtrans_to" lineno="141">
<summary>
Allow sysadm to execute all entrypoint files in
a specified domain. This is an explicit transition,
requiring the caller to use setexeccon().
</summary>
<desc>
<p>
Allow sysadm to execute all entrypoint files in
a specified domain. This is an explicit transition,
requiring the caller to use setexeccon().
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_bin_spec_domtrans_to" lineno="175">
<summary>
Allow sysadm to execute a generic bin program in
a specified domain. This is an explicit transition,
requiring the caller to use setexeccon().
</summary>
<desc>
<p>
Allow sysadm to execute a generic bin program in
a specified domain.
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain to execute in.
</summary>
</param>
</interface>
<interface name="sysadm_sigchld" lineno="196">
<summary>
Send a SIGCHLD signal to sysadm users.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_use_fds" lineno="214">
<summary>
Inherit and use sysadm file descriptors
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysadm_rw_pipes" lineno="232">
<summary>
Read and write sysadm user unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_ptrace" dftval="false">
<desc>
<p>
Allow sysadm to debug or ptrace all processes.
</p>
</desc>
</tunable>
</module>
<module name="sysadm_secadm" filename="policy/modules/roles/sysadm_secadm.if">
<summary>No Interfaces</summary>
</module>
<module name="unconfineduser" filename="policy/modules/roles/unconfineduser.if">
<summary>Unconfiend user role</summary>
<interface name="unconfined_role_change_to" lineno="25">
<summary>
Change from the unconfineduser role.
</summary>
<desc>
<p>
Change from the unconfineduser role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="unconfined_domtrans" lineno="43">
<summary>
Transition to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_run" lineno="66">
<summary>
Execute specified programs in the unconfined domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to allow the unconfined domain.
</summary>
</param>
</interface>
<interface name="unconfined_shell_domtrans" lineno="85">
<summary>
Transition to the unconfined domain by executing a shell.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_domtrans_to" lineno="119">
<summary>
Allow unconfined to execute the specified program in
the specified domain.
</summary>
<desc>
<p>
Allow unconfined to execute the specified program in
the specified domain.
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain to execute in.
</summary>
</param>
<param name="entry_file">
<summary>
Domain entry point file.
</summary>
</param>
</interface>
<interface name="unconfined_run_to" lineno="156">
<summary>
Allow unconfined to execute the specified program in
the specified domain. Allow the specified domain the
unconfined role and use of unconfined user terminals.
</summary>
<desc>
<p>
Allow unconfined to execute the specified program in
the specified domain. Allow the specified domain the
unconfined role and use of unconfined user terminals.
</p>
<p>
This is a interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain to execute in.
</summary>
</param>
<param name="entry_file">
<summary>
Domain entry point file.
</summary>
</param>
</interface>
<interface name="unconfined_use_fds" lineno="177">
<summary>
Inherit file descriptors from the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_sigchld" lineno="195">
<summary>
Send a SIGCHLD signal to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_signull" lineno="213">
<summary>
Send a SIGNULL signal to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_execmem_signull" lineno="231">
<summary>
Send a SIGNULL signal to the unconfined execmem domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_execmem_signal" lineno="249">
<summary>
Send a signal to the unconfined execmem domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_signal" lineno="267">
<summary>
Send generic signals to the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_read_pipes" lineno="285">
<summary>
Read unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_read_pipes" lineno="303">
<summary>
Do not audit attempts to read unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_rw_pipes" lineno="321">
<summary>
Read and write unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_rw_pipes" lineno="340">
<summary>
Do not audit attempts to read and write
unconfined domain unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_netlink_route_socket" lineno="359">
<summary>
Do not audit attempts to read and write
unconfined domain netlink_route_socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_rw_stream" lineno="378">
<summary>
Do not audit attempts to read and write
unconfined domain stream.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_stream_connect" lineno="397">
<summary>
Connect to the unconfined domain using
a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_rw_tcp_sockets" lineno="426">
<summary>
Do not audit attempts to read or write
unconfined domain tcp sockets.
</summary>
<desc>
<p>
Do not audit attempts to read or write
unconfined domain tcp sockets.
</p>
<p>
This interface was added due to a broken
symptom in ldconfig.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_dontaudit_rw_packet_sockets" lineno="455">
<summary>
Do not audit attempts to read or write
unconfined domain packet sockets.
</summary>
<desc>
<p>
Do not audit attempts to read or write
unconfined domain packet sockets.
</p>
<p>
This interface was added due to a broken
symptom.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="unconfined_create_keys" lineno="473">
<summary>
Create keys for the unconfined domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dbus_send" lineno="491">
<summary>
Send messages to the unconfined domain over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dbus_chat" lineno="511">
<summary>
Send and receive messages from
unconfined_t over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dbus_connect" lineno="532">
<summary>
Connect to the the unconfined DBUS
for service (acquire_svc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_dbus_stream_connect" lineno="551">
<summary>
Connect to the the unconfined DBUS
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_ptrace" lineno="569">
<summary>
Allow ptrace of unconfined domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_rw_shm" lineno="587">
<summary>
Read and write to unconfined shared memory.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="unconfined_execmem_rw_shm" lineno="605">
<summary>
Read and write to unconfined execmem shared memory.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="unconfined_execmem_domtrans" lineno="623">
<summary>
Transition to the unconfined_execmem domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_execmem_exec" lineno="642">
<summary>
execute the execmem applications
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_set_rlimitnh" lineno="661">
<summary>
Allow apps to set rlimits on userdomain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_getpgid" lineno="679">
<summary>
Get the process group of unconfined.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="unconfined_role_change" lineno="698">
<summary>
Change to the unconfined role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="unconfined_attach_tun_iface" lineno="716">
<summary>
Allow domain to attach to TUN devices created by unconfined_t users.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_unconfined_nsplugin_transition" dftval="false">
<desc>
<p>
Transition to confined nsplugin domains from unconfined user
</p>
</desc>
</tunable>
<tunable name="unconfined_login" dftval="true">
<desc>
<p>
Allow a user to login as an unconfined domain
</p>
</desc>
</tunable>
<tunable name="unconfined_mmap_zero_ignore" dftval="false">
<desc>
<p>
Ignore unconfined mmap_zero errors
</p>
</desc>
</tunable>
<tunable name="unconfined_mozilla_plugin_transition" dftval="false">
<desc>
<p>
Allow unconfined users to transition to the Mozilla plugin domain when running xulrunner plugin-container.
</p>
</desc>
</tunable>
</module>
<module name="unprivuser" filename="policy/modules/roles/unprivuser.if">
<summary>Generic unprivileged user</summary>
<interface name="unprivuser_role_change" lineno="14">
<summary>
Change to the generic user role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="unprivuser_role_change_to" lineno="44">
<summary>
Change from the generic user role.
</summary>
<desc>
<p>
Change from the generic user role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="webadm" filename="policy/modules/roles/webadm.if">
<summary>Web administrator role</summary>
<interface name="webadm_role_change" lineno="14">
<summary>
Change to the web administrator role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="webadm_role_change_to" lineno="44">
<summary>
Change from the web administrator role.
</summary>
<desc>
<p>
Change from the web administrator role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="webadm_manage_user_files" dftval="false">
<desc>
<p>
Allow webadm to manage files in users home directories
</p>
</desc>
</tunable>
<tunable name="webadm_read_user_files" dftval="false">
<desc>
<p>
Allow webadm to read files in users home directories
</p>
</desc>
</tunable>
</module>
<module name="xguest" filename="policy/modules/roles/xguest.if">
<summary>Least priviledged X user</summary>
<interface name="xguest_role_change" lineno="14">
<summary>
Change to the xguest role.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="xguest_role_change_to" lineno="44">
<summary>
Change from the xguest role.
</summary>
<desc>
<p>
Change from the xguest role to
the specified role.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="xguest_mount_media" dftval="true">
<desc>
<p>
Allow xguest users to mount removable media
</p>
</desc>
</tunable>
<tunable name="xguest_connect_network" dftval="true">
<desc>
<p>
Allow xguest to configure Network Manager and connect to apache ports
</p>
</desc>
</tunable>
<tunable name="xguest_use_bluetooth" dftval="true">
<desc>
<p>
Allow xguest to use blue tooth devices
</p>
</desc>
</tunable>
</module>
</layer>
<layer name="services">
<summary>
Policy modules for system services, like cron, and network services,
like sshd.
</summary>
<module name="abrt" filename="policy/modules/services/abrt.if">
<summary>ABRT - automated bug-reporting tool</summary>
<interface name="abrt_domtrans" lineno="13">
<summary>
Execute abrt in the abrt domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="abrt_exec" lineno="32">
<summary>
Execute abrt in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_signull" lineno="51">
<summary>
Send a null signal to abrt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_state" lineno="69">
<summary>
Allow the domain to read abrt state files in /proc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_stream_connect" lineno="88">
<summary>
Connect to abrt over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_dbus_chat" lineno="108">
<summary>
Send and receive messages from
abrt over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_domtrans_helper" lineno="128">
<summary>
Execute abrt-helper in the abrt-helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="abrt_run_helper" lineno="153">
<summary>
Execute abrt helper in the abrt_helper domain, and
allow the specified role the abrt_helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="abrt_read_cache" lineno="172">
<summary>
Read abrt cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_append_cache" lineno="191">
<summary>
Append abrt cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_manage_cache" lineno="209">
<summary>
Manage abrt cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_config" lineno="229">
<summary>
Read abrt configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_log" lineno="248">
<summary>
Read abrt logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_pid_files" lineno="267">
<summary>
Read abrt PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_manage_pid_files" lineno="286">
<summary>
Create, read, write, and delete abrt PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_rw_fifo_file" lineno="305">
<summary>
Read and write abrt fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_admin" lineno="330">
<summary>
All of the rules required to administrate
an abrt environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the abrt domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="abrt_domtrans_retrace_worker" lineno="372">
<summary>
Execute abrt-retrace in the abrt-retrace domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="abrt_manage_spool_retrace" lineno="391">
<summary>
Manage abrt retrace server cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_spool_retrace" lineno="412">
<summary>
Read abrt retrace server cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="abrt_read_cache_retrace" lineno="433">
<summary>
Read abrt retrace server cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="abrt_anon_write" dftval="false">
<desc>
<p>
Allow ABRT to modify public files
used for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="abrt_handle_event" dftval="false">
<desc>
<p>
Allow ABRT to run in abrt_handle_event_t domain
to handle ABRT event scripts
</p>
</desc>
</tunable>
</module>
<module name="afs" filename="policy/modules/services/afs.if">
<summary>Andrew Filesystem server</summary>
<interface name="afs_domtrans" lineno="14">
<summary>
Execute a domain transition to run the
afs client.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="afs_rw_udp_sockets" lineno="33">
<summary>
Read and write afs client UDP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="afs_rw_cache" lineno="51">
<summary>
read/write afs cache files
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="afs_initrc_domtrans" lineno="70">
<summary>
Execute afs server in the afs domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="afs_admin" lineno="95">
<summary>
All of the rules required to administrate
an afs environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the afs domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="aiccu" filename="policy/modules/services/aiccu.if">
<summary>Automatic IPv6 Connectivity Client Utility.</summary>
<interface name="aiccu_domtrans" lineno="13">
<summary>
Execute a domain transition to run aiccu.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aiccu_initrc_domtrans" lineno="33">
<summary>
Execute aiccu server in the aiccu domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aiccu_read_pid_files" lineno="51">
<summary>
Read aiccu PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aiccu_manage_var_run" lineno="70">
<summary>
Manage aiccu PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aiccu_admin" lineno="99">
<summary>
All of the rules required to administrate
an aiccu environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="aide" filename="policy/modules/services/aide.if">
<summary>Aide filesystem integrity checker</summary>
<interface name="aide_domtrans" lineno="13">
<summary>
Execute aide in the aide domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aide_run" lineno="37">
<summary>
Execute aide programs in the AIDE domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the AIDE domain.
</summary>
</param>
</interface>
<interface name="aide_admin" lineno="58">
<summary>
All of the rules required to administrate
an aide environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="aisexec" filename="policy/modules/services/aisexec.if">
<summary>SELinux policy for Aisexec Cluster Engine</summary>
<interface name="aisexec_domtrans" lineno="13">
<summary>
Execute a domain transition to run aisexec.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="aisexec_stream_connect" lineno="32">
<summary>
Connect to aisexec over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aisexec_read_log" lineno="51">
<summary>
Allow the specified domain to read aisexec's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="aisexecd_admin" lineno="78">
<summary>
All of the rules required to administrate
an aisexec environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the aisexecd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="amavis" filename="policy/modules/services/amavis.if">
<summary>
Daemon that interfaces mail transfer agents and content
checkers, such as virus scanners.
</summary>
<interface name="amavis_domtrans" lineno="16">
<summary>
Execute a domain transition to run amavis.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="amavis_initrc_domtrans" lineno="35">
<summary>
Execute amavis server in the amavis domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_read_spool_files" lineno="53">
<summary>
Read amavis spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_manage_spool_files" lineno="72">
<summary>
Manage amavis spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_spool_filetrans" lineno="103">
<summary>
Create objects in the amavis spool directories
with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
Private file type.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
</interface>
<interface name="amavis_search_lib" lineno="122">
<summary>
Search amavis lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_read_lib_files" lineno="141">
<summary>
Read amavis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_manage_lib_files" lineno="162">
<summary>
Create, read, write, and delete
amavis lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_setattr_pid_files" lineno="181">
<summary>
Set the attributes of amavis pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_create_pid_files" lineno="200">
<summary>
Create of amavis pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_write_pid_files" lineno="220">
<summary>
Write of amavis pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_delete_pid_files" lineno="239">
<summary>
Write of amavis pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="amavis_admin" lineno="265">
<summary>
All of the rules required to administrate
an amavis environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="amavis_use_jit" dftval="false">
<desc>
<p>
Allow amavis to use JIT compiler
</p>
</desc>
</tunable>
</module>
<module name="antivirus" filename="policy/modules/services/antivirus.if">
<summary>SELinux policy for antivirus programs - amavis, clamd, freshclam and clamscan</summary>
<interface name="antivirus_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
antivirus domain.
</summary>
<param name="domain">
<summary>
Domain type.
</summary>
</param>
</interface>
<interface name="antivirus_domtrans" lineno="32">
<summary>
Execute a domain transition to run antivirus program.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="antivirus_exec" lineno="50">
<summary>
Execute antivirus program without a transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_stream_connect" lineno="68">
<summary>
Connect to run antivirus program.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_append_log" lineno="89">
<summary>
Allow the specified domain to append
to antivirus log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_read_config" lineno="109">
<summary>
Read antivirus configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_search_db" lineno="128">
<summary>
Search antivirus db content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_read_db" lineno="148">
<summary>
Read antivirus db content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_rw_db" lineno="169">
<summary>
Read and write antivirus db content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_manage_db" lineno="189">
<summary>
Manage antivirus db content directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_manage_pid" lineno="210">
<summary>
Manage antivirus pid content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_read_state_clamd" lineno="229">
<summary>
Read antivirus state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="antivirus_admin" lineno="255">
<summary>
All of the rules required to administrate
an antivirus programs environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the clamav domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="antivirus_can_scan_system" dftval="false">
<desc>
<p>
Allow antivirus programs to read non security files on a system
</p>
</desc>
</tunable>
<tunable name="antivirus_use_jit" dftval="false">
<desc>
<p>
Determine whether can antivirus programs use JIT compiler.
</p>
</desc>
</tunable>
</module>
<module name="apache" filename="policy/modules/services/apache.if">
<summary>Apache web server</summary>
<template name="apache_content_template" lineno="14">
<summary>
Create a set of derived types for apache
web content.
</summary>
<param name="prefix">
<summary>
The prefix to be used for deriving type names.
</summary>
</param>
</template>
<interface name="apache_role" lineno="204">
<summary>
Role access for apache
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="apache_read_user_scripts" lineno="266">
<summary>
Read httpd user scripts executables.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_user_content" lineno="286">
<summary>
Read user web content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_user_content" lineno="306">
<summary>
Read user web content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_domtrans" lineno="326">
<summary>
Transition to apache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_exec" lineno="346">
<summary>
Allow the specified domain to execute apache
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_signal" lineno="364">
<summary>
Send a generic signal to apache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_signull" lineno="382">
<summary>
Send a null signal to apache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_sigchld" lineno="400">
<summary>
Send a SIGCHLD signal to apache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_use_fds" lineno="418">
<summary>
Inherit and use file descriptors from Apache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_fifo_file" lineno="437">
<summary>
Do not audit attempts to read and write Apache
unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_stream_sockets" lineno="456">
<summary>
Do not audit attempts to read and write Apache
unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_tcp_sockets" lineno="475">
<summary>
Do not audit attempts to read and write Apache
TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_all_content" lineno="494">
<summary>
Create, read, write, and delete all web content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_setattr_cache_dirs" lineno="519">
<summary>
Allow domain to set the attributes
of the APACHE cache directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_list_cache" lineno="538">
<summary>
Allow the specified domain to list
Apache cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_rw_cache_files" lineno="557">
<summary>
Allow the specified domain to read
and write Apache cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_delete_cache_dirs" lineno="576">
<summary>
Allow the specified domain to delete
Apache cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_delete_cache_files" lineno="595">
<summary>
Allow the specified domain to delete
Apache cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_search_config" lineno="614">
<summary>
Allow the specified domain to search
apache configuration dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_config" lineno="635">
<summary>
Allow the specified domain to read
apache configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_manage_config" lineno="657">
<summary>
Allow the specified domain to manage
apache configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_domtrans_helper" lineno="679">
<summary>
Execute the Apache helper program with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_run_helper" lineno="706">
<summary>
Execute the Apache helper program with
a domain transition, and allow the
specified role the Apache helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_dontaudit_read_log" lineno="727">
<summary>
dontaudit attempts to read
apache log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_read_log" lineno="749">
<summary>
Allow the specified domain to read
apache log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_append_log" lineno="771">
<summary>
Allow the specified domain to append
to apache log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_append_log" lineno="792">
<summary>
Do not audit attempts to append to the
Apache logs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_write_log" lineno="811">
<summary>
Allow the specified domain to write
to apache log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_log" lineno="830">
<summary>
Allow the specified domain to manage
to apache log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_search_modules" lineno="852">
<summary>
Do not audit attempts to search Apache
module directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_list_modules" lineno="872">
<summary>
Allow the specified domain to list
the contents of the apache modules
directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_read_modules" lineno="893">
<summary>
Allow the specified domain to read
the apache modules files.
directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_exec_modules" lineno="913">
<summary>
Allow the specified domain to execute
apache modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_domtrans_rotatelogs" lineno="933">
<summary>
Execute a domain transition to run httpd_rotatelogs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_exec_rotatelogs" lineno="951">
<summary>
Execute httpd_rotatelogs in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_exec_sys_script" lineno="969">
<summary>
Execute httpd system scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apache_list_sys_content" lineno="989">
<summary>
Allow the specified domain to list
apache system content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_sys_content" lineno="1012">
<summary>
Allow the specified domain to manage
apache system content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_manage_sys_content_rw" lineno="1036">
<summary>
Allow the specified domain to manage
apache system content rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_delete_sys_content_rw" lineno="1060">
<summary>
Allow the specified domain to delete
apache system content rw files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_domtrans_sys_script" lineno="1087">
<summary>
Execute all web scripts in the system
script domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_sys_script_stream_sockets" lineno="1115">
<summary>
Do not audit attempts to read and write Apache
system script unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_domtrans_all_scripts" lineno="1134">
<summary>
Execute all user scripts in the user
script domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_run_all_scripts" lineno="1159">
<summary>
Execute all user scripts in the user
script domain. Add user script domains
to the specified role.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the script domains.
</summary>
</param>
</interface>
<interface name="apache_read_squirrelmail_data" lineno="1179">
<summary>
Allow the specified domain to read
apache squirrelmail data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_append_squirrelmail_data" lineno="1198">
<summary>
Allow the specified domain to append
apache squirrelmail data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_search_sys_content" lineno="1216">
<summary>
Search apache system content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_getattr_sys_content" lineno="1234">
<summary>
Getattr apache system content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_read_sys_content" lineno="1252">
<summary>
Read apache system content.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_search_sys_scripts" lineno="1272">
<summary>
Search apache system CGI directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_manage_all_user_content" lineno="1291">
<summary>
Create, read, write, and delete all user web content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_search_sys_script_state" lineno="1315">
<summary>
Search system script state directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="apache_read_tmp_files" lineno="1334">
<summary>
Allow the specified domain to read
apache tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_rw_tmp_files" lineno="1354">
<summary>
Dontaudit attempts to read and write
apache tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_dontaudit_write_tmp_files" lineno="1373">
<summary>
Dontaudit attempts to write
apache tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_cgi_domain" lineno="1406">
<summary>
Execute CGI in the specified domain.
</summary>
<desc>
<p>
Execute CGI in the specified domain.
</p>
<p>
This is an interface to support third party modules
and its use is not allowed in upstream reference
policy.
</p>
</desc>
<param name="domain">
<summary>
Domain run the cgi script in.
</summary>
</param>
<param name="entrypoint">
<summary>
Type of the executable to enter the cgi domain.
</summary>
</param>
</interface>
<interface name="apache_admin" lineno="1433">
<summary>
All of the rules required to administrate an apache environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apache_dontaudit_leaks" lineno="1500">
<summary>
dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="apache_getattr_suexec" lineno="1522">
<summary>
Allow getattr of suexec
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="apache_rw_stream_sockets" lineno="1540">
<summary>
Read and write of httpd unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apache_entrypoint" lineno="1559">
<summary>
Allow any httpd_exec_t to be an entrypoint of this domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_httpd_anon_write" dftval="false">
<desc>
<p>
Allow Apache to modify public files
used for public file transfer services. Directories/Files must
be labeled public_rw_content_t.
</p>
</desc>
</tunable>
<tunable name="allow_httpd_mod_auth_pam" dftval="false">
<desc>
<p>
Allow Apache to use mod_auth_pam
</p>
</desc>
</tunable>
<tunable name="httpd_execmem" dftval="false">
<desc>
<p>
Allow httpd scripts and modules execmem/execstack
</p>
</desc>
</tunable>
<tunable name="httpd_manage_ipa" dftval="false">
<desc>
<p>
Allow httpd processes to manage IPA content
</p>
</desc>
</tunable>
<tunable name="httpd_builtin_scripting" dftval="false">
<desc>
<p>
Allow httpd to use built in scripting (usually php)
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect" dftval="false">
<desc>
<p>
Allow HTTPD scripts and modules to connect to the network using TCP.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect_cobbler" dftval="false">
<desc>
<p>
Allow HTTPD scripts and modules to connect to cobbler over the network.
</p>
</desc>
</tunable>
<tunable name="httpd_serve_cobbler_files" dftval="false">
<desc>
<p>
Allow HTTPD scripts and modules to server cobbler files.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_connect_db" dftval="false">
<desc>
<p>
Allow HTTPD scripts and modules to connect to databases over the network.
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_memcache" dftval="false">
<desc>
<p>
Allow httpd to connect to memcache server
</p>
</desc>
</tunable>
<tunable name="httpd_can_network_relay" dftval="false">
<desc>
<p>
Allow httpd to act as a relay
</p>
</desc>
</tunable>
<tunable name="httpd_can_sendmail" dftval="false">
<desc>
<p>
Allow http daemon to send mail
</p>
</desc>
</tunable>
<tunable name="httpd_can_check_spam" dftval="false">
<desc>
<p>
Allow http daemon to check spam
</p>
</desc>
</tunable>
<tunable name="httpd_dbus_avahi" dftval="false">
<desc>
<p>
Allow Apache to communicate with avahi service via dbus
</p>
</desc>
</tunable>
<tunable name="httpd_dbus_sssd" dftval="false">
<desc>
<p>
Allow Apache to communicate with sssd service via dbus
</p>
</desc>
</tunable>
<tunable name="httpd_enable_cgi" dftval="false">
<desc>
<p>
Allow httpd cgi support
</p>
</desc>
</tunable>
<tunable name="httpd_enable_ftp_server" dftval="false">
<desc>
<p>
Allow httpd to act as a FTP server by
listening on the ftp port.
</p>
</desc>
</tunable>
<tunable name="httpd_enable_homedirs" dftval="false">
<desc>
<p>
Allow httpd to read home directories
</p>
</desc>
</tunable>
<tunable name="httpd_read_user_content" dftval="false">
<desc>
<p>
Allow httpd to read user content
</p>
</desc>
</tunable>
<tunable name="httpd_setrlimit" dftval="false">
<desc>
<p>
Allow httpd daemon to change system limits
</p>
</desc>
</tunable>
<tunable name="httpd_ssi_exec" dftval="false">
<desc>
<p>
Allow HTTPD to run SSI executables in the same domain as system CGI scripts.
</p>
</desc>
</tunable>
<tunable name="httpd_tmp_exec" dftval="false">
<desc>
<p>
Allow Apache to execute tmp content.
</p>
</desc>
</tunable>
<tunable name="httpd_tty_comm" dftval="false">
<desc>
<p>
Unify HTTPD to communicate with the terminal.
Needed for entering the passphrase for certificates at
the terminal.
</p>
</desc>
</tunable>
<tunable name="httpd_unified" dftval="false">
<desc>
<p>
Unify HTTPD handling of all content files.
</p>
</desc>
</tunable>
<tunable name="httpd_use_openstack" dftval="false">
<desc>
<p>
Allow httpd to access openstack ports
</p>
</desc>
</tunable>
<tunable name="httpd_use_cifs" dftval="false">
<desc>
<p>
Allow httpd to access cifs file systems
</p>
</desc>
</tunable>
<tunable name="httpd_use_fusefs" dftval="false">
<desc>
<p>
Allow httpd to access FUSE file systems
</p>
</desc>
</tunable>
<tunable name="httpd_use_gpg" dftval="false">
<desc>
<p>
Allow httpd to run gpg in gpg-web domain
</p>
</desc>
</tunable>
<tunable name="httpd_use_nfs" dftval="false">
<desc>
<p>
Allow httpd to access nfs file systems
</p>
</desc>
</tunable>
<tunable name="allow_httpd_sys_script_anon_write" dftval="false">
<desc>
<p>
Allow apache scripts to write to public content. Directories/Files must be labeled public_rw_content_t.
</p>
</desc>
</tunable>
<tunable name="httpd_run_stickshift" dftval="false">
<desc>
<p>
Allow Apache to run in stickshift mode, not transition to passenger
</p>
</desc>
</tunable>
<tunable name="httpd_run_preupgrade" dftval="false">
<desc>
<p>
Allow Apache to run preupgrade
</p>
</desc>
</tunable>
<tunable name="httpd_verify_dns" dftval="false">
<desc>
<p>
Allow Apache to query NS records
</p>
</desc>
</tunable>
<tunable name="allow_httpd_mod_auth_ntlm_winbind" dftval="false">
<desc>
<p>
Allow Apache to use mod_auth_ntlm_winbind
</p>
</desc>
</tunable>
</module>
<module name="apcupsd" filename="policy/modules/services/apcupsd.if">
<summary>APC UPS monitoring daemon</summary>
<interface name="apcupsd_domtrans" lineno="13">
<summary>
Execute a domain transition to run apcupsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apcupsd_initrc_domtrans" lineno="32">
<summary>
Execute apcupsd server in the apcupsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apcupsd_read_pid_files" lineno="50">
<summary>
Read apcupsd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apcupsd_read_log" lineno="70">
<summary>
Allow the specified domain to read apcupsd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="apcupsd_append_log" lineno="91">
<summary>
Allow the specified domain to append
apcupsd log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apcupsd_cgi_script_domtrans" lineno="111">
<summary>
Execute a domain transition to run httpd_apcupsd_cgi_script.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="apcupsd_admin" lineno="141">
<summary>
All of the rules required to administrate
an apcupsd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the apcupsd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="apm" filename="policy/modules/services/apm.if">
<summary>Advanced power management daemon</summary>
<interface name="apm_domtrans_client" lineno="13">
<summary>
Execute APM in the apm domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apm_use_fds" lineno="32">
<summary>
Use file descriptors for apmd.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="apm_write_pipes" lineno="50">
<summary>
Write to apmd unnamed pipes.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="apm_rw_stream_sockets" lineno="68">
<summary>
Read and write to an apm unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apm_append_log" lineno="86">
<summary>
Append to apm's log file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="apm_stream_connect" lineno="105">
<summary>
Connect to apmd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="arpwatch" filename="policy/modules/services/arpwatch.if">
<summary>Ethernet activity monitor.</summary>
<interface name="arpwatch_initrc_domtrans" lineno="13">
<summary>
Execute arpwatch server in the arpwatch domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_search_data" lineno="31">
<summary>
Search arpwatch's data file directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_manage_data_files" lineno="50">
<summary>
Create arpwatch data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_rw_tmp_files" lineno="69">
<summary>
Read and write arpwatch temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_manage_tmp_files" lineno="88">
<summary>
Read and write arpwatch temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="arpwatch_dontaudit_rw_packet_sockets" lineno="108">
<summary>
Do not audit attempts to read and write
arpwatch packet sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="arpwatch_admin" lineno="133">
<summary>
All of the rules required to administrate
an arpwatch environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the arpwatch domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="asterisk" filename="policy/modules/services/asterisk.if">
<summary>Asterisk IP telephony server</summary>
<interface name="asterisk_domtrans" lineno="13">
<summary>
Execute asterisk in the asterisk domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="asterisk_stream_connect" lineno="33">
<summary>
Connect to asterisk over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="asterisk_admin" lineno="59">
<summary>
All of the rules required to administrate
an asterisk environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the asterisk domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="audioentropy" filename="policy/modules/services/audioentropy.if">
<summary>Generate entropy from audio input</summary>
</module>
<module name="automount" filename="policy/modules/services/automount.if">
<summary>Filesystem automounter service.</summary>
<interface name="automount_domtrans" lineno="13">
<summary>
Execute automount in the automount domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="automount_signal" lineno="33">
<summary>
Send automount a signal
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="automount_exec_config" lineno="51">
<summary>
Execute automount in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="automount_read_state" lineno="66">
<summary>
Allow the domain to read state files in /proc.
</summary>
<param name="domain">
<summary>
Domain to allow access.
</summary>
</param>
</interface>
<interface name="automount_dontaudit_use_fds" lineno="85">
<summary>
Do not audit attempts to file descriptors for automount.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="automount_dontaudit_write_pipes" lineno="103">
<summary>
Do not audit attempts to write automount daemon unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="automount_search_tmp_dirs" lineno="122">
<summary>
Allow domain to search of automount temporary
directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="automount_dontaudit_getattr_tmp_dirs" lineno="141">
<summary>
Do not audit attempts to get the attributes
of automount temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="automount_admin" lineno="166">
<summary>
All of the rules required to administrate
an automount environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the automount domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="avahi" filename="policy/modules/services/avahi.if">
<summary>mDNS/DNS-SD daemon implementing Apple ZeroConf architecture</summary>
<interface name="avahi_domtrans" lineno="13">
<summary>
Execute avahi server in the avahi domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="avahi_signal" lineno="32">
<summary>
Send avahi a signal
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="avahi_kill" lineno="50">
<summary>
Send avahi a kill signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_signull" lineno="68">
<summary>
Send avahi a signull
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_dbus_chat" lineno="87">
<summary>
Send and receive messages from
avahi over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_stream_connect" lineno="108">
<summary>
Connect to avahi using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_dontaudit_search_pid" lineno="127">
<summary>
Do not audit attempts to search the avahi pid directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="avahi_admin" lineno="152">
<summary>
All of the rules required to administrate
an avahi environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the avahi domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bacula" filename="policy/modules/services/bacula.if">
<summary>Cross platform network backup.</summary>
<interface name="bacula_domtrans_admin" lineno="14">
<summary>
Execute bacula admin bacula
admin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bacula_run_admin" lineno="41">
<summary>
Execute user interfaces in the
bacula admin domain, and allow the
specified role the bacula admin domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bacula_admin" lineno="67">
<summary>
All of the rules required to
administrate an bacula environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bcfg2" filename="policy/modules/services/bcfg2.if">
<summary>bcfg2-server daemon which serves configurations to clients based on the data in its repository</summary>
<interface name="bcfg2_domtrans" lineno="13">
<summary>
Execute bcfg2 in the bcfg2 domain..
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="bcfg2_initrc_domtrans" lineno="32">
<summary>
Execute bcfg2 server in the bcfg2 domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_search_lib" lineno="50">
<summary>
Search bcfg2 lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_read_lib_files" lineno="69">
<summary>
Read bcfg2 lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_manage_lib_files" lineno="88">
<summary>
Manage bcfg2 lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_manage_lib_dirs" lineno="107">
<summary>
Manage bcfg2 lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bcfg2_admin" lineno="133">
<summary>
All of the rules required to administrate
an bcfg2 environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bind" filename="policy/modules/services/bind.if">
<summary>Berkeley internet name domain DNS server.</summary>
<interface name="bind_initrc_domtrans" lineno="13">
<summary>
Execute bind server in the bind domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_domtrans_ndc" lineno="31">
<summary>
Execute ndc in the ndc domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_signal" lineno="49">
<summary>
Send generic signals to BIND.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_signull" lineno="67">
<summary>
Send null sigals to BIND.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_kill" lineno="85">
<summary>
Send BIND the kill signal
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_run_ndc" lineno="110">
<summary>
Execute ndc in the ndc domain, and
allow the specified role the ndc domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the bind domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bind_domtrans" lineno="129">
<summary>
Execute bind in the named domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_dnssec_keys" lineno="147">
<summary>
Read DNSSEC keys.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_config" lineno="165">
<summary>
Read BIND named configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_write_config" lineno="183">
<summary>
Write BIND named configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_manage_config_dirs" lineno="203">
<summary>
Create, read, write, and delete
BIND configuration directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_search_cache" lineno="221">
<summary>
Search the BIND cache directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_manage_cache" lineno="243">
<summary>
Create, read, write, and delete
BIND cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_setattr_pid_dirs" lineno="264">
<summary>
Set the attributes of the BIND pid directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_log" lineno="282">
<summary>
Read BIND log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_setattr_zone_dirs" lineno="303">
<summary>
Set the attributes of the BIND zone directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_read_zone" lineno="321">
<summary>
Read BIND zone files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_manage_zone" lineno="340">
<summary>
Manage BIND zone files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_udp_chat_named" lineno="359">
<summary>
Send and receive datagrams to and from named. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bind_admin" lineno="380">
<summary>
All of the rules required to administrate
an bind environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the bind domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="named_bind_http_port" dftval="false">
<desc>
<p>
Allow BIND to bind apache port.
</p>
</desc>
</tunable>
<tunable name="named_write_master_zones" dftval="false">
<desc>
<p>
Allow BIND to write the master zone files.
Generally this is used for dynamic DNS or zone transfers.
</p>
</desc>
</tunable>
</module>
<module name="bitlbee" filename="policy/modules/services/bitlbee.if">
<summary>Bitlbee service</summary>
<interface name="bitlbee_read_config" lineno="13">
<summary>
Read bitlbee configuration files
</summary>
<param name="domain">
<summary>
Domain allowed accesss.
</summary>
</param>
</interface>
<interface name="bitlbee_admin" lineno="40">
<summary>
All of the rules required to administrate
an bitlbee environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the bitlbee domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bluetooth" filename="policy/modules/services/bluetooth.if">
<summary>Bluetooth tools and system services.</summary>
<interface name="bluetooth_role" lineno="18">
<summary>
Role access for bluetooth
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="bluetooth_stream_connect" lineno="51">
<summary>
Connect to bluetooth over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bluetooth_domtrans" lineno="71">
<summary>
Execute bluetooth in the bluetooth domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="bluetooth_read_config" lineno="89">
<summary>
Read bluetooth daemon configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bluetooth_dbus_chat" lineno="108">
<summary>
Send and receive messages from
bluetooth over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bluetooth_dontaudit_dbus_chat" lineno="129">
<summary>
dontaudit Send and receive messages from
bluetooth over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bluetooth_domtrans_helper" lineno="149">
<summary>
Execute bluetooth_helper in the bluetooth_helper domain. (Deprecated)
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="bluetooth_run_helper" lineno="175">
<summary>
Execute bluetooth_helper in the bluetooth_helper domain, and
allow the specified role the bluetooth_helper domain. (Deprecated)
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the bluetooth_helper domain.
</summary>
</param>
<param name="terminal">
<summary>
The type of the terminal allow the bluetooth_helper domain to use.
</summary>
</param>
<rolecap/>
</interface>
<interface name="bluetooth_dontaudit_read_helper_state" lineno="189">
<summary>
Read bluetooth helper state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bluetooth_admin" lineno="215">
<summary>
All of the rules required to administrate
an bluetooth environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the bluetooth domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="boinc" filename="policy/modules/services/boinc.if">
<summary>policy for boinc</summary>
<interface name="boinc_domtrans" lineno="13">
<summary>
Execute a domain transition to run boinc.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="boinc_initrc_domtrans" lineno="31">
<summary>
Execute boinc server in the boinc domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="boinc_search_lib" lineno="49">
<summary>
Search boinc lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boinc_read_lib_files" lineno="68">
<summary>
Read boinc lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boinc_manage_lib_files" lineno="88">
<summary>
Create, read, write, and delete
boinc lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boinc_manage_var_lib" lineno="107">
<summary>
Manage boinc var_lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="boinc_admin" lineno="134">
<summary>
All of the rules required to administrate
an boinc environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="bugzilla" filename="policy/modules/services/bugzilla.if">
<summary>Bugzilla server</summary>
<interface name="bugzilla_search_dirs" lineno="14">
<summary>
Allow the specified domain to search
bugzilla directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="bugzilla_dontaudit_rw_script_stream_sockets" lineno="33">
<summary>
Do not audit attempts to read and write
bugzilla script unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cachefilesd" filename="policy/modules/services/cachefilesd.if">
<summary>policy for cachefilesd</summary>
<interface name="cachefilesd_domtrans" lineno="30">
<summary>
Execute a domain transition to run cachefilesd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="canna" filename="policy/modules/services/canna.if">
<summary>Canna - kana-kanji conversion server</summary>
<interface name="canna_stream_connect" lineno="13">
<summary>
Connect to Canna using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="canna_admin" lineno="39">
<summary>
All of the rules required to administrate
an canna environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the canna domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ccs" filename="policy/modules/services/ccs.if">
<summary>Cluster Configuration System</summary>
<interface name="ccs_domtrans" lineno="13">
<summary>
Execute a domain transition to run ccs.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ccs_stream_connect" lineno="31">
<summary>
Connect to ccs over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ccs_read_config" lineno="50">
<summary>
Read cluster configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ccs_manage_config" lineno="68">
<summary>
Manage cluster configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="certmaster" filename="policy/modules/services/certmaster.if">
<summary>Certmaster SSL certificate distribution service</summary>
<interface name="certmaster_domtrans" lineno="13">
<summary>
Execute a domain transition to run certmaster.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="certmaster_exec" lineno="31">
<summary>
Execute certmaster in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_read_log" lineno="50">
<summary>
read certmaster logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_append_log" lineno="69">
<summary>
Append to certmaster logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_manage_log" lineno="89">
<summary>
Create, read, write, and delete
certmaster logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmaster_admin" lineno="116">
<summary>
All of the rules required to administrate
an snort environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the syslog domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="certmonger" filename="policy/modules/services/certmonger.if">
<summary>Certificate status monitor and PKI enrollment client</summary>
<interface name="certmonger_domtrans" lineno="13">
<summary>
Execute a domain transition to run certmonger.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="certmonger_initrc_domtrans" lineno="32">
<summary>
Execute certmonger server in the certmonger domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="certmonger_read_pid_files" lineno="50">
<summary>
Read certmonger PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_manage_var_run" lineno="69">
<summary>
Manage certmonger var_run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_search_lib" lineno="90">
<summary>
Search certmonger lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_read_lib_files" lineno="109">
<summary>
Read certmonger lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_manage_lib_files" lineno="129">
<summary>
Create, read, write, and delete
certmonger lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_manage_var_lib" lineno="148">
<summary>
Manage certmonger var_lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_dontaudit_leaks" lineno="168">
<summary>
Dontaudit certmonger leaked files descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_dbus_chat" lineno="189">
<summary>
Send and receive messages from
certmonger over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="certmonger_admin" lineno="216">
<summary>
All of the rules required to administrate
an certmonger environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cfengine" filename="policy/modules/services/cfengine.if">
<summary>policy for cfengine</summary>
<template name="cfengine_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
cfengine init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="cfengine_domtrans_server" lineno="40">
<summary>
Transition to cfengine.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cfengine_search_lib_files" lineno="59">
<summary>
Search cfengine lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cfengine_read_lib_files" lineno="77">
<summary>
Read cfengine lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cfengine_read_log" lineno="96">
<summary>
Allow the specified domain to read cfengine's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cfengine_append_inherited_log" lineno="117">
<summary>
Allow the specified domain to append cfengine's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cfengine_dontaudit_write_log" lineno="136">
<summary>
Dontaudit the specified domain to write cfengine's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cgroup" filename="policy/modules/services/cgroup.if">
<summary>libcg is a library that abstracts the control group file system in Linux.</summary>
<interface name="cgroup_domtrans_cgconfig" lineno="14">
<summary>
Execute a domain transition to run
CG config parser.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_initrc_domtrans_cgconfig" lineno="34">
<summary>
Execute a domain transition to run
CG config parser.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_domtrans_cgred" lineno="54">
<summary>
Execute a domain transition to run
CG rules engine daemon.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_initrc_domtrans_cgred" lineno="75">
<summary>
Execute a domain transition to run
CG rules engine daemon.
domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cgroup_stream_connect" lineno="94">
<summary>
Connect to CG rules engine daemon
over unix stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cgroup_admin" lineno="120">
<summary>
All of the rules required to administrate
an cgroup environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="chronyd" filename="policy/modules/services/chronyd.if">
<summary>Chrony NTP background daemon</summary>
<interface name="chronyd_domtrans" lineno="13">
<summary>
Execute chronyd in the chronyd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_initrc_domtrans" lineno="32">
<summary>
Execute chronyd server in the chronyd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_exec" lineno="50">
<summary>
Execute chronyd
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_read_log" lineno="68">
<summary>
Read chronyd logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_rw_shm" lineno="87">
<summary>
Read and write chronyd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_read_keys" lineno="109">
<summary>
Read chronyd keys files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_append_keys" lineno="127">
<summary>
Append chronyd keys files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="chronyd_admin" lineno="152">
<summary>
All of the rules required to administrate
an chronyd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the chronyd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cipe" filename="policy/modules/services/cipe.if">
<summary>Encrypted tunnel daemon</summary>
</module>
<module name="clamav" filename="policy/modules/services/clamav.if">
<summary>ClamAV Virus Scanner</summary>
<interface name="clamav_domtrans" lineno="13">
<summary>
Execute a domain transition to run clamd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clamav_stream_connect" lineno="31">
<summary>
Connect to run clamd.
</summary>
<param name="domain">
<summary>
Domain allowed to connect.
</summary>
</param>
</interface>
<interface name="clamav_append_log" lineno="50">
<summary>
Allow the specified domain to append
to clamav log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_read_config" lineno="70">
<summary>
Read clamav configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_search_lib" lineno="89">
<summary>
Search clamav libraries directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_read_state_clamd" lineno="108">
<summary>
Read clamd state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_domtrans_clamscan" lineno="127">
<summary>
Execute a domain transition to run clamscan.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_exec_clamscan" lineno="145">
<summary>
Execute clamscan without a transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clamav_admin" lineno="170">
<summary>
All of the rules required to administrate
an clamav environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the clamav domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="clamscan_can_scan_system" dftval="false">
<desc>
<p>
Allow clamscan to non security files on a system
</p>
</desc>
</tunable>
<tunable name="clamd_use_jit" dftval="false">
<desc>
<p>
Allow clamd to use JIT compiler
</p>
</desc>
</tunable>
</module>
<module name="clockspeed" filename="policy/modules/services/clockspeed.if">
<summary>Clockspeed simple network time protocol client</summary>
<interface name="clockspeed_domtrans_cli" lineno="13">
<summary>
Execute clockspeed utilities in the clockspeed_cli domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clockspeed_run_cli" lineno="37">
<summary>
Allow the specified role the clockspeed_cli domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the clockspeed_cli domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="clogd" filename="policy/modules/services/clogd.if">
<summary>clogd - clustered mirror log server</summary>
<interface name="clogd_domtrans" lineno="13">
<summary>
Execute a domain transition to run clogd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="clogd_stream_connect" lineno="34">
<summary>
Connect to clogd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clogd_rw_semaphores" lineno="53">
<summary>
Allow read and write access to clogd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="clogd_rw_shm" lineno="71">
<summary>
Read and write to group shared memory.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="cloudform" filename="policy/modules/services/cloudform.if">
<summary>cloudform policy</summary>
<template name="cloudform_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
cloudform daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="cloudform_exec_mongod" lineno="35">
<summary>
Execute mongod in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cmirrord" filename="policy/modules/services/cmirrord.if">
<summary>policy for cmirrord</summary>
<interface name="cmirrord_domtrans" lineno="13">
<summary>
Execute a domain transition to run cmirrord.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cmirrord_initrc_domtrans" lineno="31">
<summary>
Execute cmirrord server in the cmirrord domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="cmirrord_read_pid_files" lineno="49">
<summary>
Read cmirrord PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cmirrord_rw_shm" lineno="68">
<summary>
Read and write to cmirrord shared memory.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="cmirrord_admin" lineno="99">
<summary>
All of the rules required to administrate
an cmirrord environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cobbler" filename="policy/modules/services/cobbler.if">
<summary>Cobbler installation server.</summary>
<desc>
<p>
Cobbler is a Linux installation server that allows for
rapid setup of network installation environments. It
glues together and automates many associated Linux
tasks so you do not have to hop between lots of various
commands and applications when rolling out new systems,
and, in some cases, changing existing ones.
</p>
</desc>
<interface name="cobblerd_domtrans" lineno="23">
<summary>
Execute a domain transition to run cobblerd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cobblerd_initrc_domtrans" lineno="42">
<summary>
Execute cobblerd server in the cobblerd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="cobbler_list_config" lineno="60">
<summary>
List Cobbler configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_read_config" lineno="79">
<summary>
Read Cobbler configuration files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cobbler_search_lib" lineno="98">
<summary>
Search cobbler dirs in /var/lib
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_read_lib_files" lineno="118">
<summary>
Read cobbler files in /var/lib
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_manage_lib_files" lineno="139">
<summary>
Manage cobbler files in /var/lib
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cobbler_dontaudit_rw_log" lineno="161">
<summary>
Do not audit attempts to read and write
Cobbler log files (leaked fd).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cobblerd_admin" lineno="186">
<summary>
All of the rules required to administrate
an cobblerd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="cobbler_anon_write" dftval="false">
<desc>
<p>
Allow Cobbler to modify public files
used for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="cobbler_can_network_connect" dftval="false">
<desc>
<p>
Allow Cobbler to connect to the
network using TCP.
</p>
</desc>
</tunable>
<tunable name="cobbler_use_cifs" dftval="false">
<desc>
<p>
Allow Cobbler to access cifs file systems.
</p>
</desc>
</tunable>
<tunable name="cobbler_use_nfs" dftval="false">
<desc>
<p>
Allow Cobbler to access nfs file systems.
</p>
</desc>
</tunable>
</module>
<module name="collectd" filename="policy/modules/services/collectd.if">
<summary>Statistics collection daemon for filling RRD files.</summary>
<interface name="collectd_domtrans" lineno="13">
<summary>
Transition to collectd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="collectd_initrc_domtrans" lineno="32">
<summary>
Execute collectd server in the collectd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="collectd_search_lib" lineno="50">
<summary>
Search collectd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="collectd_read_lib_files" lineno="69">
<summary>
Read collectd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="collectd_manage_lib_files" lineno="88">
<summary>
Manage collectd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="collectd_manage_lib_dirs" lineno="107">
<summary>
Manage collectd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="collectd_admin" lineno="133">
<summary>
All of the rules required to administrate
an collectd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="collectd_tcp_network_connect" dftval="false">
<desc>
<p>
Determine whether collectd can connect
to the network using TCP.
</p>
</desc>
</tunable>
</module>
<module name="comsat" filename="policy/modules/services/comsat.if">
<summary>Comsat, a biff server.</summary>
</module>
<module name="condor" filename="policy/modules/services/condor.if">
<summary>policy for condor</summary>
<template name="condor_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
condor init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="condor_domtrans" lineno="44">
<summary>
Transition to condor.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="condor_read_log" lineno="63">
<summary>
Read condor's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="condor_append_log" lineno="82">
<summary>
Append to condor log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_manage_log" lineno="101">
<summary>
Manage condor log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_search_lib" lineno="122">
<summary>
Search condor lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_read_lib_files" lineno="141">
<summary>
Read condor lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_rw_lib_files" lineno="159">
<summary>
Read condor lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_manage_lib_files" lineno="178">
<summary>
Manage condor lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_manage_lib_dirs" lineno="197">
<summary>
Manage condor lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_read_pid_files" lineno="216">
<summary>
Read condor PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_rw_tcp_sockets_startd" lineno="235">
<summary>
Read and write condor_startd server TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_rw_tcp_sockets_schedd" lineno="253">
<summary>
Read and write condor_schedd server TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="condor_startd_ranged_domtrans_to" lineno="283">
<summary>
Allows to start userland processes
by transitioning to the specified domain,
with a range transition.
</summary>
<param name="domain">
<summary>
The process type entered by condor_startd.
</summary>
</param>
<param name="entrypoint">
<summary>
The executable type for the entrypoint.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
</interface>
<interface name="condor_startd_domtrans_to" lineno="312">
<summary>
Allows to start userlandprocesses
by transitioning to the specified domain.
</summary>
<param name="domain">
<summary>
The process type entered by condor_startd.
</summary>
</param>
<param name="entrypoint">
<summary>
The executable type for the entrypoint.
</summary>
</param>
</interface>
<interface name="condor_admin" lineno="331">
<summary>
All of the rules required to administrate
an condor environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="condor_domain_can_network_connect" dftval="false">
<desc>
<p>
Allow codnor domain to connect to the network using TCP.
</p>
</desc>
</tunable>
</module>
<module name="conman" filename="policy/modules/services/conman.if">
<summary>Conman is a program for connecting to remote consoles being managed by conmand</summary>
<interface name="conman_domtrans" lineno="13">
<summary>
Execute conman in the conman domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="conman_read_log" lineno="32">
<summary>
Read conman's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="conman_append_log" lineno="51">
<summary>
Append to conman log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="conman_manage_log" lineno="70">
<summary>
Manage conman log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="consolekit" filename="policy/modules/services/consolekit.if">
<summary>Framework for facilitating multiple user sessions on desktops.</summary>
<interface name="consolekit_domtrans" lineno="13">
<summary>
Execute a domain transition to run consolekit.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="consolekit_dbus_chat" lineno="32">
<summary>
Send and receive messages from
consolekit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="consolekit_read_log" lineno="52">
<summary>
Read consolekit log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="consolekit_dontaudit_read_log" lineno="71">
<summary>
Dontaudit attempts to read consolekit log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="consolekit_manage_log" lineno="89">
<summary>
Manage consolekit log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="consolekit_read_pid_files" lineno="108">
<summary>
Read consolekit PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="consolekit_dontaudit_stream_connect" lineno="128">
<summary>
Dontaudit attempts to connect to consolekit
over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="corosync" filename="policy/modules/services/corosync.if">
<summary>SELinux policy for Corosync Cluster Engine</summary>
<interface name="corosync_domtrans" lineno="13">
<summary>
Execute a domain transition to run corosync.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="corosync_initrc_domtrans" lineno="31">
<summary>
Execute a domain transition to run corosync.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="corosync_exec" lineno="50">
<summary>
Execute corosync in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="corosync_stream_connect" lineno="70">
<summary>
Connect to corosync over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_read_log" lineno="89">
<summary>
Allow the specified domain to read corosync's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosync_rw_tmpfs" lineno="109">
<summary>
Allow the specified domain to read/write corosync's tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="corosyncd_admin" lineno="135">
<summary>
All of the rules required to administrate
an corosync environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the corosyncd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="courier" filename="policy/modules/services/courier.if">
<summary>Courier IMAP and POP3 email servers</summary>
<template name="courier_domain_template" lineno="13">
<summary>
Template for creating courier server processes.
</summary>
<param name="prefix">
<summary>
Prefix name of the server process.
</summary>
</param>
</template>
<interface name="courier_domtrans_authdaemon" lineno="97">
<summary>
Execute the courier authentication daemon with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_stream_connect_authdaemon" lineno="115">
<summary>
Connect to courier-authdaemon over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_domtrans_pop" lineno="135">
<summary>
Execute the courier POP3 and IMAP server with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_read_config" lineno="153">
<summary>
Read courier config files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_manage_spool_dirs" lineno="172">
<summary>
Create, read, write, and delete courier
spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_manage_spool_files" lineno="191">
<summary>
Create, read, write, and delete courier
spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_read_spool" lineno="209">
<summary>
Read courier spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="courier_rw_spool_pipes" lineno="227">
<summary>
Read and write to courier spool pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="cpucontrol" filename="policy/modules/services/cpucontrol.if">
<summary>Services for loading CPU microcode and CPU frequency scaling.</summary>
<interface name="cpucontrol_stub" lineno="13">
<summary>
CPUcontrol stub interface. No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="cron" filename="policy/modules/services/cron.if">
<summary>Periodic execution of scheduled commands.</summary>
<template name="cron_common_crontab_template" lineno="14">
<summary>
The common rules for a crontab domain.
</summary>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<interface name="cron_role" lineno="131">
<summary>
Role access for cron
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="cron_unconfined_role" lineno="190">
<summary>
Role access for unconfined cronjobs
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="cron_admin_role" lineno="226">
<summary>
Role access for cron
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="cron_system_entry" lineno="289">
<summary>
Make the specified program domain accessable
from the system cron jobs.
</summary>
<param name="domain">
<summary>
The type of the process to transition to.
</summary>
</param>
<param name="entrypoint">
<summary>
The type of the file used as an entrypoint to this domain.
</summary>
</param>
</interface>
<interface name="cron_domtrans" lineno="309">
<summary>
Execute cron in the cron system domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_exec" lineno="327">
<summary>
Execute crond_exec_t
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_initrc_domtrans" lineno="345">
<summary>
Execute crond server in the nscd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="cron_use_fds" lineno="364">
<summary>
Inherit and use a file descriptor
from the cron daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_sigchld" lineno="382">
<summary>
Send a SIGCHLD signal to the cron daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_read_pipes" lineno="400">
<summary>
Read a cron daemon unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_write_pipes" lineno="418">
<summary>
Do not audit attempts to write cron daemon unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_pipes" lineno="436">
<summary>
Read and write a cron daemon unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_inherited_user_spool_files" lineno="454">
<summary>
Read and write inherited user spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_inherited_spool_files" lineno="472">
<summary>
Read and write inherited spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_tcp_sockets" lineno="490">
<summary>
Read, and write cron daemon TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_rw_tcp_sockets" lineno="508">
<summary>
Dontaudit Read, and write cron daemon TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_search_spool" lineno="526">
<summary>
Search the directory containing user cron tables.
</summary>
<param name="domain">
<summary>
The type of the process to performing this action.
</summary>
</param>
</interface>
<interface name="cron_manage_pid_files" lineno="545">
<summary>
Manage pid files used by cron
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_anacron_domtrans_system_job" lineno="563">
<summary>
Execute anacron in the cron system domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_use_system_job_fds" lineno="582">
<summary>
Inherit and use a file descriptor
from system cron jobs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_write_system_job_pipes" lineno="600">
<summary>
Write a system cron job unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_system_job_pipes" lineno="618">
<summary>
Read and write a system cron job unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_rw_system_job_stream_sockets" lineno="636">
<summary>
Allow read/write unix stream sockets from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_read_system_job_tmp_files" lineno="654">
<summary>
Read temporary files from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_append_system_job_tmp_files" lineno="677">
<summary>
Do not audit attempts to append temporary
files from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cron_dontaudit_write_system_job_tmp_files" lineno="696">
<summary>
Do not audit attempts to write temporary
files from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cron_read_system_job_lib_files" lineno="716">
<summary>
Read temporary files from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cron_manage_system_job_lib_files" lineno="735">
<summary>
Manage files from the system cron jobs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="cron_can_relabel" dftval="false">
<desc>
<p>
Allow system cron jobs to relabel filesystem
for restoring file contexts.
</p>
</desc>
</tunable>
<tunable name="fcron_crond" dftval="false">
<desc>
<p>
Enable extra rules in the cron domain
to support fcron.
</p>
</desc>
</tunable>
</module>
<module name="ctdbd" filename="policy/modules/services/ctdbd.if">
<summary>policy for ctdbd</summary>
<interface name="ctdbd_domtrans" lineno="13">
<summary>
Transition to ctdbd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ctdbd_initrc_domtrans" lineno="32">
<summary>
Execute ctdbd server in the ctdbd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_read_log" lineno="51">
<summary>
Read ctdbd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ctdbd_append_log" lineno="70">
<summary>
Append to ctdbd log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ctdbd_manage_log" lineno="89">
<summary>
Manage ctdbd log files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ctdbd_search_lib" lineno="110">
<summary>
Search ctdbd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_read_lib_files" lineno="129">
<summary>
Read ctdbd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_manage_lib_files" lineno="148">
<summary>
Manage ctdbd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_manage_lib_dirs" lineno="167">
<summary>
Manage ctdbd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_read_pid_files" lineno="186">
<summary>
Read ctdbd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_stream_connect" lineno="205">
<summary>
Connect to ctdbd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ctdbd_admin" lineno="232">
<summary>
All of the rules required to administrate
an ctdbd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cups" filename="policy/modules/services/cups.if">
<summary>Common UNIX printing system</summary>
<interface name="cups_backend" lineno="18">
<summary>
Setup cups to transtion to the cups backend domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="entry_file">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_domtrans" lineno="45">
<summary>
Execute cups in the cups domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="cups_stream_connect" lineno="63">
<summary>
Connect to cupsd over an unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_tcp_connect" lineno="82">
<summary>
Connect to cups over TCP. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_dbus_chat" lineno="97">
<summary>
Send and receive messages from
cups over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_read_pid_files" lineno="117">
<summary>
Read cups PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_domtrans_config" lineno="136">
<summary>
Execute cups_config in the cups_config domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="cups_signal_config" lineno="155">
<summary>
Send generic signals to the cups
configuration daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_dbus_chat_config" lineno="174">
<summary>
Send and receive messages from
cupsd_config over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_read_config" lineno="195">
<summary>
Read cups configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cups_read_rw_config" lineno="216">
<summary>
Read cups-writable configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cups_read_log" lineno="236">
<summary>
Read cups log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="cups_append_log" lineno="255">
<summary>
Append cups log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_write_log" lineno="274">
<summary>
Write cups log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_stream_connect_ptal" lineno="293">
<summary>
Connect to ptal over an unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cups_admin" lineno="319">
<summary>
All of the rules required to administrate
an cups environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the cups domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="cvs" filename="policy/modules/services/cvs.if">
<summary>Concurrent versions system</summary>
<interface name="cvs_read_data" lineno="13">
<summary>
Read the CVS data and metadata.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cvs_exec" lineno="34">
<summary>
Allow the specified domain to execute cvs
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cvs_dontaudit_list_data" lineno="52">
<summary>
Dontaudit Attempts to list the CVS data and metadata.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="cvs_admin" lineno="77">
<summary>
All of the rules required to administrate
an cvs environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the cvs domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_cvs_read_shadow" dftval="false">
<desc>
<p>
Allow cvs daemon to read shadow
</p>
</desc>
</tunable>
</module>
<module name="cyphesis" filename="policy/modules/services/cyphesis.if">
<summary>Cyphesis WorldForge game server</summary>
<interface name="cyphesis_domtrans" lineno="13">
<summary>
Execute a domain transition to run cyphesis.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="cyrus" filename="policy/modules/services/cyrus.if">
<summary>Cyrus is an IMAP service intended to be run on sealed servers</summary>
<interface name="cyrus_manage_data" lineno="14">
<summary>
Allow caller to create, read, write,
and delete cyrus data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cyrus_write_data" lineno="34">
<summary>
Allow write cyrus data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cyrus_stream_connect" lineno="53">
<summary>
Connect to Cyrus using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="cyrus_admin" lineno="79">
<summary>
All of the rules required to administrate
an cyrus environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the cyrus domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dante" filename="policy/modules/services/dante.if">
<summary>Dante msproxy and socks4/5 proxy server</summary>
</module>
<module name="dbskk" filename="policy/modules/services/dbskk.if">
<summary>Dictionary server for the SKK Japanese input method system.</summary>
</module>
<module name="dbus" filename="policy/modules/services/dbus.if">
<summary>Desktop messaging bus</summary>
<interface name="dbus_stub" lineno="13">
<summary>
DBUS stub interface. No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<template name="dbus_role_template" lineno="41">
<summary>
Role access for dbus
</summary>
<param name="role_prefix">
<summary>
The prefix of the user role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</template>
<interface name="dbus_system_bus_client" lineno="184">
<summary>
Template for creating connections to
the system DBUS.
</summary>
<param name="domain">
<summary>
The type of the domain.
</summary>
</param>
</interface>
<interface name="dbus_session_bus_client" lineno="216">
<summary>
Template for creating connections to
a user DBUS.
</summary>
<param name="domain">
<summary>
The type of the domain.
</summary>
</param>
</interface>
<interface name="dbus_send_session_bus" lineno="239">
<summary>
Send a message the session DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_read_config" lineno="258">
<summary>
Read dbus configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_connect_session_bus" lineno="278">
<summary>
Connect to the system DBUS
for service (acquire_svc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_connect_system_bus" lineno="298">
<summary>
Connect to the system DBUS
for service (acquire_svc).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_send_system_bus" lineno="317">
<summary>
Send a message on the system DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_system_bus_unconfined" lineno="336">
<summary>
Allow unconfined access to the system DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_session_domain" lineno="362">
<summary>
Allow a application domain to be started
by the session dbus.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an
entry point to this domain.
</summary>
</param>
</interface>
<interface name="dbus_system_domain" lineno="389">
<summary>
Create a domain for processes
which can be started by the system dbus
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="dbus_dontaudit_system_bus_rw_tcp_sockets" lineno="439">
<summary>
Dontaudit Read, and write system dbus TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_unconfined" lineno="458">
<summary>
Allow unconfined access to the system DBUS.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_manage_lib_files" lineno="477">
<summary>
Create, read, write, and delete
system dbus lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dbus_read_lib_files" lineno="496">
<summary>
Read system dbus lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dcc" filename="policy/modules/services/dcc.if">
<summary>Distributed checksum clearinghouse spam filtering</summary>
<interface name="dcc_domtrans_cdcc" lineno="13">
<summary>
Execute cdcc in the cdcc domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dcc_run_cdcc" lineno="39">
<summary>
Execute cdcc in the cdcc domain, and
allow the specified role the cdcc domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the cdcc domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dcc_domtrans_client" lineno="58">
<summary>
Execute dcc_client in the dcc_client domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dcc_signal_client" lineno="77">
<summary>
Send a signal to the dcc_client.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dcc_run_client" lineno="102">
<summary>
Execute dcc_client in the dcc_client domain, and
allow the specified role the dcc_client domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the dcc_client domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dcc_domtrans_dbclean" lineno="121">
<summary>
Execute dbclean in the dcc_dbclean domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dcc_run_dbclean" lineno="147">
<summary>
Execute dbclean in the dcc_dbclean domain, and
allow the specified role the dcc_dbclean domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the dcc_dbclean domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dcc_stream_connect_dccifd" lineno="166">
<summary>
Connect to dccifd over a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ddclient" filename="policy/modules/services/ddclient.if">
<summary>Update dynamic IP address at DynDNS.org.</summary>
<interface name="ddclient_domtrans" lineno="13">
<summary>
Execute ddclient in the ddclient domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ddclient_run" lineno="40">
<summary>
Execute ddclient in the ddclient
domain, and allow the specified
role the ddclient domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ddclient_admin" lineno="66">
<summary>
All of the rules required to
administrate an ddclient environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="denyhosts" filename="policy/modules/services/denyhosts.if">
<summary>Deny Hosts.</summary>
<desc>
<p>
DenyHosts is a script intended to be run by Linux
system administrators to help thwart SSH server attacks
(also known as dictionary based attacks and brute force
attacks).
</p>
</desc>
<interface name="denyhosts_domtrans" lineno="21">
<summary>
Execute a domain transition to run denyhosts.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="denyhosts_initrc_domtrans" lineno="39">
<summary>
Execute denyhost server in the denyhost domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="denyhosts_admin" lineno="63">
<summary>
All of the rules required to administrate
an denyhosts environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="devicekit" filename="policy/modules/services/devicekit.if">
<summary>Devicekit modular hardware abstraction layer</summary>
<interface name="devicekit_domtrans" lineno="13">
<summary>
Execute a domain transition to run devicekit.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="devicekit_dgram_send" lineno="32">
<summary>
Send to devicekit over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dbus_chat" lineno="51">
<summary>
Send and receive messages from
devicekit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dbus_chat_disk" lineno="72">
<summary>
Send and receive messages from
devicekit disk over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_signal_power" lineno="92">
<summary>
Send signal devicekit power
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dbus_chat_power" lineno="111">
<summary>
Send and receive messages from
devicekit power over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_read_pid_files" lineno="131">
<summary>
Read devicekit PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_manage_var_run" lineno="150">
<summary>
Manage devicekit var_run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_dontaudit_dbus_chat_disk" lineno="171">
<summary>
Dontaudit Send and receive messages from
devicekit disk over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="devicekit_manage_pid_files" lineno="191">
<summary>
Manage devicekit PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="devicekit_admin" lineno="212">
<summary>
All of the rules required to administrate
an devicekit environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dhcp" filename="policy/modules/services/dhcp.if">
<summary>Dynamic host configuration protocol (DHCP) server</summary>
<interface name="dhcpd_domtrans" lineno="13">
<summary>
Transition to dhcpd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dhcpd_setattr_state_files" lineno="33">
<summary>
Set the attributes of the DCHP
server state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dhcpd_initrc_domtrans" lineno="53">
<summary>
Execute dhcp server in the dhcp domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dhcpd_admin" lineno="78">
<summary>
All of the rules required to administrate
an dhcp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the dhcp domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dictd" filename="policy/modules/services/dictd.if">
<summary>Dictionary daemon</summary>
<interface name="dictd_tcp_connect" lineno="14">
<summary>
Use dictionary services by connecting
over TCP. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dictd_admin" lineno="35">
<summary>
All of the rules required to administrate
an dictd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the dictd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dirsrv-admin" filename="policy/modules/services/dirsrv-admin.if">
<summary>Administration Server for Directory Server, dirsrv-admin.</summary>
<interface name="dirsrvadmin_run_exec" lineno="13">
<summary>
Exec dirsrv-admin programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_run_httpd_script_exec" lineno="32">
<summary>
Exec cgi programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_read_config" lineno="51">
<summary>
Manage dirsrv-adminserver configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_manage_config" lineno="69">
<summary>
Manage dirsrv-adminserver configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_read_tmp" lineno="88">
<summary>
Read dirsrv-adminserver tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_write_tmp" lineno="106">
<summary>
Write dirsrv-adminserver tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_manage_tmp" lineno="124">
<summary>
Manage dirsrv-adminserver tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrvadmin_domtrans_unconfined_script_t" lineno="143">
<summary>
Execute admin cgi programs in caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dirsrv" filename="policy/modules/services/dirsrv.if">
<summary>policy for dirsrv</summary>
<interface name="dirsrv_domtrans" lineno="13">
<summary>
Execute a domain transition to run dirsrv.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dirsrv_signal" lineno="36">
<summary>
Allow caller to signal dirsrv.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_signull" lineno="55">
<summary>
Send a null signal to dirsrv.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_manage_log" lineno="73">
<summary>
Allow a domain to manage dirsrv logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_manage_lock" lineno="93">
<summary>
Allow a domain to manage dirsrv lock.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_filetrans_lock" lineno="112">
<summary>
Allow a domain to manage dirsrv logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_manage_var_lib" lineno="130">
<summary>
Allow a domain to manage dirsrv /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_manage_var_run" lineno="148">
<summary>
Allow a domain to manage dirsrv /var/run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_pid_filetrans" lineno="167">
<summary>
Allow a domain to create dirsrv pid directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_read_var_run" lineno="185">
<summary>
Allow a domain to read dirsrv /var/run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_manage_config" lineno="203">
<summary>
Manage dirsrv configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_read_share" lineno="222">
<summary>
Read dirsrv share files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dirsrv_stream_connect" lineno="242">
<summary>
Connect to dirsrv over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="distcc" filename="policy/modules/services/distcc.if">
<summary>Distributed compiler daemon</summary>
</module>
<module name="djbdns" filename="policy/modules/services/djbdns.if">
<summary>small and secure DNS daemon</summary>
<template name="djbdns_daemontools_domain_template" lineno="14">
<summary>
Create a set of derived types for djbdns
components that are directly supervised by daemontools.
</summary>
<param name="prefix">
<summary>
The prefix to be used for deriving type names.
</summary>
</param>
</template>
<interface name="djbdns_search_key_tinydns" lineno="66">
<summary>
Allow search the djbdns-tinydns key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="djbdns_link_key_tinydns" lineno="84">
<summary>
Allow link to the djbdns-tinydns key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dkim" filename="policy/modules/services/dkim.if">
<summary>DomainKeys Identified Mail milter.</summary>
</module>
<module name="dnsmasq" filename="policy/modules/services/dnsmasq.if">
<summary>dnsmasq DNS forwarder and DHCP server</summary>
<interface name="dnsmasq_domtrans" lineno="14">
<summary>
Execute dnsmasq server in the dnsmasq domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dnsmasq_exec" lineno="33">
<summary>
Execute dnsmasq server in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dnsmasq_initrc_domtrans" lineno="52">
<summary>
Execute the dnsmasq init script in the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_signal" lineno="71">
<summary>
Send dnsmasq a signal
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dnsmasq_signull" lineno="90">
<summary>
Send dnsmasq a signull
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_kill" lineno="109">
<summary>
Send dnsmasq a kill signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_read_config" lineno="127">
<summary>
Read dnsmasq config files.
</summary>
<param name="domain">
<summary>
Domain allowed.
</summary>
</param>
</interface>
<interface name="dnsmasq_write_config" lineno="146">
<summary>
Write to dnsmasq config files.
</summary>
<param name="domain">
<summary>
Domain allowed.
</summary>
</param>
</interface>
<interface name="dnsmasq_delete_pid_files" lineno="166">
<summary>
Delete dnsmasq pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_read_pid_files" lineno="185">
<summary>
Read dnsmasq pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_manage_pid_files" lineno="203">
<summary>
Manage dnsmasq pid files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_create_pid_dirs" lineno="222">
<summary>
Create dnsmasq pid dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dnsmasq_admin" lineno="248">
<summary>
All of the rules required to administrate
an dnsmasq environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the dnsmasq domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="dovecot" filename="policy/modules/services/dovecot.if">
<summary>Dovecot POP and IMAP mail server</summary>
<interface name="dovecot_stream_connect" lineno="13">
<summary>
Connect to dovecot unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dovecot_stream_connect_auth" lineno="33">
<summary>
Connect to dovecot auth unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dovecot_domtrans_deliver" lineno="51">
<summary>
Execute dovecot_deliver in the dovecot_deliver domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dovecot_manage_spool" lineno="69">
<summary>
Create, read, write, and delete the dovecot spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dovecot_dontaudit_unlink_lib_files" lineno="88">
<summary>
Do not audit attempts to delete dovecot lib files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dovecot_dontaudit_rw_tmp_files" lineno="107">
<summary>
Dontaudit attempts to read and write
dovecot tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dovecot_dontaudit_write_deliver_tmp_files" lineno="126">
<summary>
Allow attempts to write inherited
dovecot tmp files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dovecot_rw_pipes" lineno="145">
<summary>
Allow attempts to read and write to
sendmail unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dovecot_admin" lineno="170">
<summary>
All of the rules required to administrate
an dovecot environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the dovecot domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="drbd" filename="policy/modules/services/drbd.if">
<summary>policy for drbd</summary>
<interface name="drbd_domtrans" lineno="13">
<summary>
Execute a domain transition to run drbd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="drbd_search_lib" lineno="31">
<summary>
Search drbd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="drbd_read_lib_files" lineno="50">
<summary>
Read drbd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="drbd_manage_lib_files" lineno="70">
<summary>
Create, read, write, and delete
drbd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="drbd_manage_lib_dirs" lineno="89">
<summary>
Manage drbd lib dirs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="drbd_admin" lineno="110">
<summary>
All of the rules required to administrate
an drbd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="dspam" filename="policy/modules/services/dspam.if">
<summary>policy for dspam</summary>
<interface name="dspam_domtrans" lineno="14">
<summary>
Execute a domain transition to run dspam.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_initrc_domtrans" lineno="33">
<summary>
Execute dspam server in the dspam domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="dspam_read_log" lineno="52">
<summary>
Allow the specified domain to read dspam's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="dspam_append_log" lineno="72">
<summary>
Allow the specified domain to append
dspam log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="dspam_manage_log" lineno="91">
<summary>
Allow domain to manage dspam log files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="dspam_search_lib" lineno="112">
<summary>
Search dspam lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_read_lib_files" lineno="131">
<summary>
Read dspam lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_manage_lib_files" lineno="151">
<summary>
Create, read, write, and delete
dspam lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_manage_lib_dirs" lineno="170">
<summary>
Manage dspam lib dirs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_read_pid_files" lineno="190">
<summary>
Read dspam PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_stream_connect" lineno="209">
<summary>
Connect to DSPAM using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="dspam_admin" lineno="237">
<summary>
All of the rules required to administrate
an dspam environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="exim" filename="policy/modules/services/exim.if">
<summary>Exim mail transfer agent</summary>
<interface name="exim_domtrans" lineno="13">
<summary>
Execute a domain transition to run exim.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="exim_initrc_domtrans" lineno="31">
<summary>
Execute exim in the exim domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="exim_dontaudit_read_tmp_files" lineno="50">
<summary>
Do not audit attempts to read,
exim tmp files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="exim_read_tmp_files" lineno="68">
<summary>
Allow domain to read, exim tmp files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="exim_read_pid_files" lineno="87">
<summary>
Read exim PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_read_log" lineno="107">
<summary>
Allow the specified domain to read exim's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="exim_append_log" lineno="127">
<summary>
Allow the specified domain to append
exim log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="exim_manage_log" lineno="147">
<summary>
Allow the specified domain to manage exim's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="exim_manage_spool_dirs" lineno="167">
<summary>
Create, read, write, and delete
exim spool dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_read_spool_files" lineno="186">
<summary>
Read exim spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_manage_spool_files" lineno="207">
<summary>
Create, read, write, and delete
exim spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="exim_admin" lineno="232">
<summary>
All of the rules required to administrate
an exim environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<tunable name="exim_can_connect_db" dftval="false">
<desc>
<p>
Allow exim to connect to databases (postgres, mysql)
</p>
</desc>
</tunable>
<tunable name="exim_read_user_files" dftval="false">
<desc>
<p>
Allow exim to read unprivileged user files.
</p>
</desc>
</tunable>
<tunable name="exim_manage_user_files" dftval="false">
<desc>
<p>
Allow exim to create, read, write, and delete
unprivileged user files.
</p>
</desc>
</tunable>
</module>
<module name="fail2ban" filename="policy/modules/services/fail2ban.if">
<summary>Update firewall filtering to ban IP addresses with too many password failures.</summary>
<interface name="fail2ban_domtrans" lineno="13">
<summary>
Execute a domain transition to run fail2ban.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fail2ban_stream_connect" lineno="32">
<summary>
Connect to fail2ban over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_rw_stream_sockets" lineno="51">
<summary>
Read and write to an fail2ban unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_read_lib_files" lineno="69">
<summary>
Read fail2ban lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_read_log" lineno="89">
<summary>
Allow the specified domain to read fail2ban's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fail2ban_append_log" lineno="110">
<summary>
Allow the specified domain to append
fail2ban log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fail2ban_read_pid_files" lineno="130">
<summary>
Read fail2ban PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fail2ban_dontaudit_leaks" lineno="149">
<summary>
dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="fail2ban_admin" lineno="176">
<summary>
All of the rules required to administrate
an fail2ban environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the fail2ban domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fail2ban_rw_inherited_tmp_files" lineno="207">
<summary>
Read and write inherited temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="fcoemon" filename="policy/modules/services/fcoemon.if">
<summary>policy for fcoemon</summary>
<interface name="fcoemon_domtrans" lineno="13">
<summary>
Transition to fcoemon.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fcoemon_read_pid_files" lineno="33">
<summary>
Read fcoemon PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fcoemon_dgram_send" lineno="52">
<summary>
Send to a fcoemon unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fcoemon_admin" lineno="71">
<summary>
All of the rules required to administrate
an fcoemon environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="fetchmail" filename="policy/modules/services/fetchmail.if">
<summary>Remote-mail retrieval and forwarding utility</summary>
<interface name="fetchmail_admin" lineno="15">
<summary>
All of the rules required to administrate
an fetchmail environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="finger" filename="policy/modules/services/finger.if">
<summary>Finger user information service.</summary>
<interface name="finger_domtrans" lineno="13">
<summary>
Execute fingerd in the fingerd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="finger_tcp_connect" lineno="31">
<summary>
Allow the specified domain to connect to fingerd with a tcp socket. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="fprintd" filename="policy/modules/services/fprintd.if">
<summary>DBus fingerprint reader service</summary>
<interface name="fprintd_domtrans" lineno="13">
<summary>
Execute a domain transition to run fprintd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="fprintd_dbus_chat" lineno="32">
<summary>
Send and receive messages from
fprintd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="freeipmi" filename="policy/modules/services/freeipmi.if">
<summary>Remote-Console (out-of-band) and System Management Software (in-band) based on Intelligent Platform Management Interface specification</summary>
<template name="freeipmi_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
freeipmi init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="freeipmi_stream_connect" lineno="67">
<summary>
Connect to cluster domains over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="ftp" filename="policy/modules/services/ftp.if">
<summary>File transfer protocol service</summary>
<interface name="ftp_domtrans" lineno="13">
<summary>
Execute a domain transition to run ftpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ftp_initrc_domtrans" lineno="33">
<summary>
Execute ftpd server in the ftpd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ftp_tcp_connect" lineno="51">
<summary>
Use ftp by connecting over TCP. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_read_config" lineno="65">
<summary>
Read ftpd etc files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_check_exec" lineno="84">
<summary>
Execute FTP daemon entry point programs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_read_log" lineno="103">
<summary>
Read FTP transfer logs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_domtrans_ftpdctl" lineno="122">
<summary>
Execute the ftpdctl program in the ftpdctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_run_ftpdctl" lineno="147">
<summary>
Execute the ftpdctl program in the ftpdctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the ftpdctl domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ftp_dyntransition_sftpd" lineno="166">
<summary>
Allow domain dyntransition to chroot_user_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ftp_admin" lineno="192">
<summary>
All of the rules required to administrate
an ftp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the ftp domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_ftpd_anon_write" dftval="false">
<desc>
<p>
Allow ftp servers to upload files, used for public file
transfer services. Directories must be labeled
public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="allow_ftpd_full_access" dftval="false">
<desc>
<p>
Allow ftp servers to login to local users and
read/write all files on the system, governed by DAC.
</p>
</desc>
</tunable>
<tunable name="allow_ftpd_use_cifs" dftval="false">
<desc>
<p>
Allow ftp servers to use cifs
used for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="ftpd_use_fusefs" dftval="false">
<desc>
<p>
Allow ftpd to use ntfs/fusefs volumes.
</p>
</desc>
</tunable>
<tunable name="allow_ftpd_use_nfs" dftval="false">
<desc>
<p>
Allow ftp servers to use nfs
used for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="ftpd_connect_db" dftval="false">
<desc>
<p>
Allow ftp servers to use connect to mysql database
</p>
</desc>
</tunable>
<tunable name="ftp_home_dir" dftval="false">
<desc>
<p>
Allow ftp to read and write files in the user home directories
</p>
</desc>
</tunable>
<tunable name="ftpd_use_passive_mode" dftval="false">
<desc>
<p>
Allow ftp servers to use bind to all unreserved ports for passive mode
</p>
</desc>
</tunable>
</module>
<module name="gatekeeper" filename="policy/modules/services/gatekeeper.if">
<summary>OpenH.323 Voice-Over-IP Gatekeeper</summary>
</module>
<module name="git" filename="policy/modules/services/git.if">
<summary>GIT revision control system.</summary>
<template name="git_role" lineno="18">
<summary>
Role access for Git session.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
User domain for the role.
</summary>
</param>
</template>
<interface name="git_read_generic_sys_content_files" lineno="60">
<summary>
Read generic system content files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="git_cgi_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether Git CGI
can search home directories.
</p>
</desc>
</tunable>
<tunable name="git_cgi_use_cifs" dftval="false">
<desc>
<p>
Determine whether Git CGI
can access cifs file systems.
</p>
</desc>
</tunable>
<tunable name="git_cgi_use_nfs" dftval="false">
<desc>
<p>
Determine whether Git CGI
can access nfs file systems.
</p>
</desc>
</tunable>
<tunable name="git_session_bind_all_unreserved_ports" dftval="false">
<desc>
<p>
Determine whether Git session daemon
can bind TCP sockets to all
unreserved ports.
</p>
</desc>
</tunable>
<tunable name="git_session_users" dftval="false">
<desc>
<p>
Determine whether calling user domains
can execute Git daemon in the
git_session_t domain.
</p>
</desc>
</tunable>
<tunable name="git_system_enable_homedirs" dftval="false">
<desc>
<p>
Determine whether Git system daemon
can search home directories.
</p>
</desc>
</tunable>
<tunable name="git_system_use_cifs" dftval="false">
<desc>
<p>
Determine whether Git system daemon
can access cifs file systems.
</p>
</desc>
</tunable>
<tunable name="git_system_use_nfs" dftval="false">
<desc>
<p>
Determine whether Git system daemon
can access nfs file systems.
</p>
</desc>
</tunable>
</module>
<module name="glance" filename="policy/modules/services/glance.if">
<summary>policy for glance</summary>
<interface name="glance_domtrans_registry" lineno="13">
<summary>
Transition to glance registry.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="glance_domtrans_api" lineno="32">
<summary>
Transition to glance api.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="glance_read_log" lineno="52">
<summary>
Read glance's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="glance_append_log" lineno="71">
<summary>
Append to glance log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_log" lineno="90">
<summary>
Manage glance log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_search_lib" lineno="111">
<summary>
Search glance lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_read_lib_files" lineno="130">
<summary>
Read glance lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_lib_files" lineno="149">
<summary>
Manage glance lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_lib_dirs" lineno="168">
<summary>
Manage glance lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_read_pid_files" lineno="188">
<summary>
Read glance PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_manage_pid_files" lineno="207">
<summary>
Manage glance PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glance_admin" lineno="234">
<summary>
All of the rules required to administrate
an glance environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="glusterd" filename="policy/modules/services/glusterd.if">
<summary>policy for glusterd</summary>
<interface name="glusterd_domtrans" lineno="14">
<summary>
Transition to glusterd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="glusterd_initrc_domtrans" lineno="34">
<summary>
Execute glusterd server in the glusterd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glusterd_read_log" lineno="54">
<summary>
Read glusterd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="glusterd_append_log" lineno="73">
<summary>
Append to glusterd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glusterd_manage_log" lineno="92">
<summary>
Manage glusterd log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="glusterd_admin" lineno="120">
<summary>
All of the rules required to administrate
an glusterd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="gluster_anon_write" dftval="false">
<desc>
<p>
Allow glusterfsd to modify public files used for public file
transfer services. Files/Directories must be labeled
public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="gluster_export_all_ro" dftval="false">
<desc>
<p>
Allow glusterfsd to share any file/directory read only.
</p>
</desc>
</tunable>
<tunable name="gluster_export_all_rw" dftval="true">
<desc>
<p>
Allow glusterfsd to share any file/directory read/write.
</p>
</desc>
</tunable>
</module>
<module name="gnomeclock" filename="policy/modules/services/gnomeclock.if">
<summary>Gnome clock handler for setting the time.</summary>
<interface name="gnomeclock_domtrans" lineno="13">
<summary>
Execute a domain transition to run gnomeclock.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gnomeclock_run" lineno="37">
<summary>
Execute gnomeclock in the gnomeclock domain, and
allow the specified role the gnomeclock domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the gnomeclock domain.
</summary>
</param>
</interface>
<interface name="gnomeclock_dbus_chat" lineno="57">
<summary>
Send and receive messages from
gnomeclock over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gnomeclock_dontaudit_dbus_chat" lineno="78">
<summary>
Do not audit send and receive messages from
gnomeclock over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="gpm" filename="policy/modules/services/gpm.if">
<summary>General Purpose Mouse driver</summary>
<interface name="gpm_stream_connect" lineno="14">
<summary>
Connect to GPM over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpm_getattr_gpmctl" lineno="34">
<summary>
Get the attributes of the GPM
control channel named socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpm_dontaudit_getattr_gpmctl" lineno="55">
<summary>
Do not audit attempts to get the
attributes of the GPM control channel
named socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="gpm_setattr_gpmctl" lineno="74">
<summary>
Set the attributes of the GPM
control channel named socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="gpsd" filename="policy/modules/services/gpsd.if">
<summary>gpsd monitor daemon</summary>
<interface name="gpsd_domtrans" lineno="13">
<summary>
Execute a domain transition to run gpsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="gpsd_run" lineno="37">
<summary>
Execute gpsd in the gpsd domain, and
allow the specified role the gpsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the gpsd domain.
</summary>
</param>
</interface>
<interface name="gpsd_rw_shm" lineno="56">
<summary>
Read and write gpsd shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="hal" filename="policy/modules/services/hal.if">
<summary>Hardware abstraction layer</summary>
<interface name="hal_domtrans" lineno="13">
<summary>
Execute hal in the hal domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_getattr" lineno="31">
<summary>
Get the attributes of a hal process.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_read_state" lineno="49">
<summary>
Read hal system state
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="hal_ptrace" lineno="68">
<summary>
Allow ptrace of hal domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_use_fds" lineno="86">
<summary>
Allow domain to use file descriptors from hal.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="hal_dontaudit_use_fds" lineno="104">
<summary>
Do not audit attempts to use file descriptors from hal.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="hal_rw_pipes" lineno="123">
<summary>
Allow attempts to read and write to
hald unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="hal_dontaudit_rw_pipes" lineno="142">
<summary>
Do not audit attempts to read and write to
hald unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="hal_dgram_send" lineno="161">
<summary>
Send to hal over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_stream_connect" lineno="180">
<summary>
Send to hal over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_dontaudit_rw_dgram_sockets" lineno="198">
<summary>
Dontaudit read/write to a hal unix datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_dbus_send" lineno="216">
<summary>
Send a dbus message to hal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_dbus_chat" lineno="236">
<summary>
Send and receive messages from
hal over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_domtrans_mac" lineno="256">
<summary>
Execute hal mac in the hal mac domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_write_log" lineno="275">
<summary>
Allow attempts to write the hal
log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_dontaudit_write_log" lineno="295">
<summary>
Do not audit attempts to write the hal
log files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="hal_rw_log" lineno="313">
<summary>
Manage hald log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_manage_log" lineno="331">
<summary>
Manage hald log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_read_tmp_files" lineno="351">
<summary>
Read hald tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_dontaudit_append_lib_files" lineno="370">
<summary>
Do not audit attempts to read or write
HAL libraries files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_read_pid_files" lineno="388">
<summary>
Read hald PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_dontaudit_read_pid_files" lineno="408">
<summary>
Do not audit attempts to read
hald PID files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="hal_rw_pid_files" lineno="427">
<summary>
Read/Write hald PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_manage_pid_dirs" lineno="446">
<summary>
Manage hald PID dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hal_manage_pid_files" lineno="465">
<summary>
Manage hald PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="hddtemp" filename="policy/modules/services/hddtemp.if">
<summary>hddtemp hard disk temperature tool running as a daemon</summary>
<interface name="hddtemp_domtrans" lineno="13">
<summary>
Execute hddtemp in the hddtemp domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hddtemp_exec" lineno="32">
<summary>
Execute hddtemp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="howl" filename="policy/modules/services/howl.if">
<summary>Port of Apple Rendezvous multicast DNS</summary>
<interface name="howl_signal" lineno="13">
<summary>
Send generic signals to howl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="hypervkvp" filename="policy/modules/services/hypervkvp.if">
<summary>policy for hypervkvp</summary>
<interface name="hypervkvp_domtrans" lineno="13">
<summary>
Execute hypervkvpd in the hypervkvp domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="hypervkvp_search_lib" lineno="32">
<summary>
Search hypervkvp lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hypervkvp_read_lib_files" lineno="51">
<summary>
Read hypervkvp lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hypervkvp_manage_lib_files" lineno="72">
<summary>
Create, read, write, and delete
hypervkvp lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="i18n_input" filename="policy/modules/services/i18n_input.if">
<summary>IIIMF htt server</summary>
<interface name="i18n_use" lineno="13">
<summary>
Use i18n_input over a TCP connection. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="icecast" filename="policy/modules/services/icecast.if">
<summary> ShoutCast compatible streaming media server</summary>
<interface name="icecast_domtrans" lineno="13">
<summary>
Execute a domain transition to run icecast.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="icecast_signal" lineno="31">
<summary>
Allow domain signal icecast
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_initrc_domtrans" lineno="49">
<summary>
Execute icecast server in the icecast domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_read_pid_files" lineno="67">
<summary>
Read icecast PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_manage_pid_files" lineno="86">
<summary>
Manage icecast pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_read_log" lineno="106">
<summary>
Allow the specified domain to read icecast's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="icecast_append_log" lineno="126">
<summary>
Allow the specified domain to append
icecast log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="icecast_manage_log" lineno="145">
<summary>
Allow domain to manage icecast log files
</summary>
<param name="domain">
<summary>
Domain allow access.
</summary>
</param>
</interface>
<interface name="icecast_admin" lineno="171">
<summary>
All of the rules required to administrate
an icecast environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="icecast_connect_any" dftval="false">
<desc>
<p>
Determine whether icecast can listen
on and connect to any TCP port.
</p>
</desc>
</tunable>
</module>
<module name="ifplugd" filename="policy/modules/services/ifplugd.if">
<summary>Bring up/down ethernet interfaces based on cable detection.</summary>
<interface name="ifplugd_domtrans" lineno="13">
<summary>
Execute a domain transition to run ifplugd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ifplugd_signal" lineno="31">
<summary>
Send a generic signal to ifplugd
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_read_config" lineno="49">
<summary>
Read ifplugd etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_manage_config" lineno="68">
<summary>
Manage ifplugd etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_read_pid_files" lineno="88">
<summary>
Read ifplugd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ifplugd_admin" lineno="114">
<summary>
All of the rules required to administrate
an ifplugd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the ifplugd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="imaze" filename="policy/modules/services/imaze.if">
<summary>iMaze game server</summary>
</module>
<module name="inetd" filename="policy/modules/services/inetd.if">
<summary>Internet services daemon.</summary>
<interface name="inetd_core_service_domain" lineno="27">
<summary>
Define the specified domain as a inetd service.
</summary>
<desc>
<p>
Define the specified domain as a inetd service. The
inetd_service_domain(), inetd_tcp_service_domain(),
or inetd_udp_service_domain() interfaces should be used
instead of this interface, as this interface only provides
the common rules to these three interfaces.
</p>
</desc>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_tcp_service_domain" lineno="61">
<summary>
Define the specified domain as a TCP inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_udp_service_domain" lineno="87">
<summary>
Define the specified domain as a UDP inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_service_domain" lineno="112">
<summary>
Define the specified domain as a TCP and UDP inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="inetd_use_fds" lineno="138">
<summary>
Inherit and use file descriptors from inetd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inetd_tcp_connect" lineno="156">
<summary>
Connect to the inetd service using a TCP connection. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inetd_domtrans_child" lineno="170">
<summary>
Run inetd child process in the inet child domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inetd_udp_send" lineno="189">
<summary>
Send UDP network traffic to inetd. (Deprecated)
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="inetd_rw_tcp_sockets" lineno="203">
<summary>
Read and write inetd TCP sockets.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="inn" filename="policy/modules/services/inn.if">
<summary>Internet News NNTP server</summary>
<interface name="inn_exec" lineno="14">
<summary>
Allow the specified domain to execute innd
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_exec_config" lineno="33">
<summary>
Allow the specified domain to execute
inn configuration files in /etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_manage_log" lineno="51">
<summary>
Create, read, write, and delete the innd log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_manage_pid" lineno="70">
<summary>
Create, read, write, and delete the innd pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_read_config" lineno="91">
<summary>
Read innd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_read_news_lib" lineno="111">
<summary>
Read innd news library files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_read_news_spool" lineno="131">
<summary>
Read innd news library files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_dgram_send" lineno="151">
<summary>
Send to a innd unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_domtrans" lineno="169">
<summary>
Execute inn in the inn domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="inn_admin" lineno="195">
<summary>
All of the rules required to administrate
an inn environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the inn domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ircd" filename="policy/modules/services/ircd.if">
<summary>IRC server</summary>
</module>
<module name="irqbalance" filename="policy/modules/services/irqbalance.if">
<summary>IRQ balancing daemon</summary>
</module>
<module name="isns" filename="policy/modules/services/isns.if">
<summary>Internet Storage Name Service.</summary>
<interface name="isnsd_admin" lineno="20">
<summary>
All of the rules required to
administrate an isnsd environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="jabber" filename="policy/modules/services/jabber.if">
<summary>Jabber instant messaging server</summary>
<interface name="jabber_domtrans_jabberd" lineno="13">
<summary>
Execute a domain transition to run jabberd services
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="jabber_domtrans_router" lineno="31">
<summary>
Execute a domain transition to run jabberd router service
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="jabberd_read_lib_files" lineno="49">
<summary>
Read jabberd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jabberd_dontaudit_read_lib_files" lineno="68">
<summary>
Dontaudit inherited read jabberd lib files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="jabberd_manage_lib_files" lineno="87">
<summary>
Create, read, write, and delete
jabberd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="jabber_admin" lineno="113">
<summary>
All of the rules required to administrate
an jabber environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the jabber domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="keepalived" filename="policy/modules/services/keepalived.if">
<summary> keepalived - load-balancing and high-availability service</summary>
<interface name="keepalived_domtrans" lineno="13">
<summary>
Execute keepalived in the keepalived domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="kerberos" filename="policy/modules/services/kerberos.if">
<summary>MIT Kerberos admin and KDC</summary>
<desc>
<p>
This policy supports:
</p>
<p>
Servers:
<ul>
<li>kadmind</li>
<li>krb5kdc</li>
</ul>
</p>
<p>
Clients:
<ul>
<li>kinit</li>
<li>kdestroy</li>
<li>klist</li>
<li>ksu (incomplete)</li>
</ul>
</p>
</desc>
<interface name="kerberos_exec_kadmind" lineno="34">
<summary>
Execute kadmind in the current domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_domtrans_kpropd" lineno="52">
<summary>
Execute a domain transition to run kpropd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kerberos_use" lineno="70">
<summary>
Use kerberos services
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_read_config" lineno="131">
<summary>
Read the kerberos configuration file (/etc/krb5.conf).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_dontaudit_write_config" lineno="152">
<summary>
Do not audit attempts to write the kerberos
configuration file (/etc/krb5.conf).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kerberos_rw_config" lineno="171">
<summary>
Read and write the kerberos configuration file (/etc/krb5.conf).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_read_keytab" lineno="191">
<summary>
Read the kerberos key table.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_rw_keytab" lineno="210">
<summary>
Read/Write the kerberos key table.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_etc_filetrans_keytab" lineno="229">
<summary>
Create keytab file in /etc
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="kerberos_keytab_template" lineno="253">
<summary>
Create a derived type for kerberos keytab
</summary>
<param name="prefix">
<summary>
The prefix to be used for deriving type names.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<interface name="kerberos_read_kdc_config" lineno="274">
<summary>
Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_manage_host_rcache" lineno="294">
<summary>
Read the kerberos kdc configuration file (/etc/krb5kdc.conf).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="kerberos_connect_524" lineno="327">
<summary>
Connect to krb524 service
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerberos_admin" lineno="356">
<summary>
All of the rules required to administrate
an kerberos environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the kerberos domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mta_tmp_filetrans_host_rcache" lineno="413">
<summary>
Type transition files created in /tmp
to the krb5_host_rcache type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="kerberos_read_home_content" lineno="431">
<summary>
read kerberos homedir content (.k5login)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<tunable name="allow_kerberos" dftval="false">
<desc>
<p>
Allow confined applications to run with kerberos.
</p>
</desc>
</tunable>
</module>
<module name="kerneloops" filename="policy/modules/services/kerneloops.if">
<summary>Service for reporting kernel oopses to kerneloops.org</summary>
<interface name="kerneloops_domtrans" lineno="13">
<summary>
Execute a domain transition to run kerneloops.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="kerneloops_dbus_chat" lineno="33">
<summary>
Send and receive messages from
kerneloops over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerneloops_dontaudit_dbus_chat" lineno="54">
<summary>
dontaudit attempts to Send and receive messages from
kerneloops over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kerneloops_manage_tmp_files" lineno="74">
<summary>
Allow domain to manage kerneloops tmp files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="kerneloops_admin" lineno="100">
<summary>
All of the rules required to administrate
an kerneloops environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the kerneloops domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="keystone" filename="policy/modules/services/keystone.if">
<summary>policy for keystone</summary>
<interface name="keystone_domtrans" lineno="13">
<summary>
Transition to keystone.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="keystone_read_log" lineno="32">
<summary>
Read keystone's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="keystone_append_log" lineno="51">
<summary>
Append to keystone log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_manage_log" lineno="70">
<summary>
Manage keystone log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_search_lib" lineno="91">
<summary>
Search keystone lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_read_lib_files" lineno="110">
<summary>
Read keystone lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_manage_lib_files" lineno="129">
<summary>
Manage keystone lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_manage_lib_dirs" lineno="148">
<summary>
Manage keystone lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="keystone_admin" lineno="174">
<summary>
All of the rules required to administrate
an keystone environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ksmtuned" filename="policy/modules/services/ksmtuned.if">
<summary>Kernel Samepage Merging (KSM) Tuning Daemon</summary>
<interface name="ksmtuned_domtrans" lineno="13">
<summary>
Execute a domain transition to run ksmtuned.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ksmtuned_initrc_domtrans" lineno="31">
<summary>
Execute ksmtuned server in the ksmtuned domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ksmtuned_admin" lineno="56">
<summary>
All of the rules required to administrate
an ksmtuned environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ktalk" filename="policy/modules/services/ktalk.if">
<summary>KDE Talk daemon</summary>
</module>
<module name="l2tpd" filename="policy/modules/services/l2tpd.if">
<summary>Layer 2 Tunneling Protocol daemons.</summary>
<interface name="l2tpd_domtrans" lineno="13">
<summary>
Transition to l2tpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="l2tpd_initrc_domtrans" lineno="32">
<summary>
Execute l2tpd server in the l2tpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_dgram_send" lineno="50">
<summary>
Send to l2tpd via a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_rw_socket" lineno="69">
<summary>
Read and write l2tpd sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_read_pid_files" lineno="87">
<summary>
Read l2tpd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_stream_connect" lineno="107">
<summary>
Connect to l2tpd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_rw_pipes" lineno="127">
<summary>
Read and write l2tpd unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="l2tpd_admin" lineno="152">
<summary>
All of the rules required to administrate
an l2tpd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ldap" filename="policy/modules/services/ldap.if">
<summary>OpenLDAP directory server</summary>
<interface name="ldap_domtrans" lineno="13">
<summary>
Execute OpenLDAP in the ldap domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ldap_initrc_domtrans" lineno="32">
<summary>
Execute OpenLDAP server in the ldap domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ldap_list_db" lineno="52">
<summary>
Read the contents of the OpenLDAP
database directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_read_db_files" lineno="71">
<summary>
Read the contents of the OpenLDAP
database files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_read_config" lineno="90">
<summary>
Read the OpenLDAP configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ldap_use" lineno="109">
<summary>
Use LDAP over TCP connection. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_stream_connect" lineno="123">
<summary>
Connect to slapd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_stream_connect_dirsrv" lineno="146">
<summary>
Connect to dirsrv over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ldap_admin" lineno="172">
<summary>
All of the rules required to administrate
an ldap environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the ldap domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="likewise" filename="policy/modules/services/likewise.if">
<summary>Likewise Active Directory support for UNIX.</summary>
<desc>
<p>
Likewise Open is a free, open source application that joins Linux, Unix,
and Mac machines to Microsoft Active Directory to securely authenticate
users with their domain credentials.
</p>
</desc>
<template name="likewise_domain_template" lineno="26">
<summary>
The template to define a likewise domain.
</summary>
<desc>
<p>
This template creates a domain to be used for
a new likewise daemon.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The type of daemon to be used.
</summary>
</param>
</template>
<interface name="likewise_stream_connect_lsassd" lineno="98">
<summary>
Connect to lsassd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="lircd" filename="policy/modules/services/lircd.if">
<summary>Linux infared remote control daemon</summary>
<interface name="lircd_domtrans" lineno="13">
<summary>
Execute a domain transition to run lircd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lircd_stream_connect" lineno="33">
<summary>
Connect to lircd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lircd_read_config" lineno="52">
<summary>
Read lircd etc file
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="lircd_admin" lineno="77">
<summary>
All of the rules required to administrate
a lircd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the syslog domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="lldpad" filename="policy/modules/services/lldpad.if">
<summary>Intel LLDP Agent.</summary>
<interface name="lldpad_domtrans" lineno="13">
<summary>
Transition to lldpad.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lldpad_dgram_send" lineno="32">
<summary>
Send to lldpad with a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lldpad_dgram_recv" lineno="51">
<summary>
Recv to lldpad with a unix dgram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lldpad_admin" lineno="77">
<summary>
All of the rules required to
administrate an lldpad environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="lpd" filename="policy/modules/services/lpd.if">
<summary>Line printer daemon</summary>
<interface name="lpd_role" lineno="18">
<summary>
Role access for lpd
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="lpd_domtrans_checkpc" lineno="47">
<summary>
Execute lpd in the lpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_run_checkpc" lineno="72">
<summary>
Execute amrecover in the lpd domain, and
allow the specified role the lpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the lpd domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lpd_list_spool" lineno="91">
<summary>
List the contents of the printer spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_read_spool" lineno="110">
<summary>
Read the printer spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_manage_spool" lineno="129">
<summary>
Create, read, write, and delete printer spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_relabel_spool" lineno="150">
<summary>
Relabel from and to the spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lpd_read_config" lineno="170">
<summary>
List the contents of the printer spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<template name="lpd_domtrans_lpr" lineno="189">
<summary>
Transition to a user lpr domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<interface name="lpd_exec_lpr" lineno="208">
<summary>
Allow the specified domain to execute lpr
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="use_lpd_server" dftval="false">
<desc>
<p>
Use lpd server instead of cups
</p>
</desc>
</tunable>
</module>
<module name="lsm" filename="policy/modules/services/lsm.if">
<summary>libStorageMgmt plug-in daemon </summary>
<interface name="lsmd_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the lsmd domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lsmd_read_pid_files" lineno="31">
<summary>
Read lsmd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="lsmd_plugin_connect_any" dftval="false">
<desc>
<p>
Determine whether lsmd_plugin can
connect to all TCP ports.
</p>
</desc>
</tunable>
</module>
<module name="mailman" filename="policy/modules/services/mailman.if">
<summary>Mailman is for managing electronic mail discussion and e-newsletter lists</summary>
<template name="mailman_domain_template" lineno="19">
<summary>
The template to define a mailmain domain.
</summary>
<desc>
<p>
This template creates a domain to be used for
a new mailman daemon.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The type of daemon to be used eg, cgi would give mailman_cgi_
</summary>
</param>
</template>
<interface name="mailman_domtrans" lineno="103">
<summary>
Execute mailman in the mailman domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_run" lineno="127">
<summary>
Execute the mailman program in the mailman domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to allow the mailman domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mailman_domtrans_cgi" lineno="147">
<summary>
Execute mailman CGI scripts in the
mailman CGI domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mailman_exec" lineno="165">
<summary>
Execute mailman in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowd access.
</summary>
</param>
</interface>
<interface name="mailman_signal_cgi" lineno="183">
<summary>
Send generic signals to the mailman cgi domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_search_data" lineno="201">
<summary>
Allow domain to search data directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_data_files" lineno="219">
<summary>
Allow domain to to read mailman data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_manage_data_files" lineno="240">
<summary>
Allow domain to to create mailman data files
and write the directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_list_data" lineno="259">
<summary>
List the contents of mailman data directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_data_symlinks" lineno="277">
<summary>
Allow read acces to mailman data symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_log" lineno="295">
<summary>
Read mailman logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_append_log" lineno="313">
<summary>
Append to mailman logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_manage_log" lineno="332">
<summary>
Create, read, write, and delete
mailman logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_read_archive" lineno="351">
<summary>
Allow domain to read mailman archive files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mailman_domtrans_queue" lineno="371">
<summary>
Execute mailman_queue in the mailman_queue domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="matahari" filename="policy/modules/services/matahari.if">
<summary>policy for matahari</summary>
<template name="matahari_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
matahari init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="matahari_search_lib" lineno="39">
<summary>
Search matahari lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="matahari_read_lib_files" lineno="58">
<summary>
Read matahari lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="matahari_manage_lib_files" lineno="78">
<summary>
Create, read, write, and delete
matahari lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="matahari_manage_lib_dirs" lineno="97">
<summary>
Manage matahari lib dirs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="matahari_read_pid_files" lineno="116">
<summary>
Read matahari PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="matahari_manage_pid_files" lineno="135">
<summary>
Read matahari PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="matahari_hostd_domtrans" lineno="154">
<summary>
Execute a domain transition to run matahari_hostd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="matahari_netd_domtrans" lineno="172">
<summary>
Execute a domain transition to run matahari_netd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="matahari_serviced_domtrans" lineno="190">
<summary>
Execute a domain transition to run matahari_serviced.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="matahari_admin" lineno="215">
<summary>
All of the rules required to administrate
an matahari environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="memcached" filename="policy/modules/services/memcached.if">
<summary>high-performance memory object caching system</summary>
<interface name="memcached_domtrans" lineno="13">
<summary>
Execute a domain transition to run memcached.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="memcached_read_pid_files" lineno="32">
<summary>
Read memcached PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="memcached_admin" lineno="58">
<summary>
All of the rules required to administrate
an memcached environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the memcached domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="memcached_manage_pid_files" lineno="87">
<summary>
Manage memcached PID files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="memcached_stream_connect" lineno="106">
<summary>
Connect to memcached over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="milter" filename="policy/modules/services/milter.if">
<summary>Milter mail filters</summary>
<template name="milter_template" lineno="14">
<summary>
Create a set of derived types for various
mail filter applications using the milter interface.
</summary>
<param name="milter_name">
<summary>
The name to be used for deriving type names.
</summary>
</param>
</template>
<interface name="milter_stream_connect_all" lineno="57">
<summary>
MTA communication with milter sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_getattr_all_sockets" lineno="76">
<summary>
Allow getattr of milter sockets
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_setattr_all_dirs" lineno="95">
<summary>
Allow setattr of milter dirs
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_manage_spamass_state" lineno="113">
<summary>
Manage spamassassin milter state
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="milter_delete_dkim_pid_files" lineno="134">
<summary>
Delete dkim-milter PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mip6d" filename="policy/modules/services/mip6d.if">
<summary>Mobile IPv6 and NEMO Basic Support implementation</summary>
<interface name="mip6d_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the mip6d domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="mirrormanager" filename="policy/modules/services/mirrormanager.if">
<summary>policy for mirrormanager</summary>
<interface name="mirrormanager_domtrans" lineno="13">
<summary>
Execute mirrormanager in the mirrormanager domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mirrormanager_read_log" lineno="33">
<summary>
Read mirrormanager's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mirrormanager_append_log" lineno="52">
<summary>
Append to mirrormanager log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_manage_log" lineno="71">
<summary>
Manage mirrormanager log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_search_lib" lineno="92">
<summary>
Search mirrormanager lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_read_lib_files" lineno="111">
<summary>
Read mirrormanager lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_manage_lib_files" lineno="131">
<summary>
Manage mirrormanager lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_manage_lib_dirs" lineno="150">
<summary>
Manage mirrormanager lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_read_pid_files" lineno="169">
<summary>
Read mirrormanager PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_manage_pid_files" lineno="188">
<summary>
Manage mirrormanager PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_manage_pid_sock_files" lineno="207">
<summary>
Manage mirrormanager PID sock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mirrormanager_admin" lineno="227">
<summary>
All of the rules required to administrate
an mirrormanager environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="modemmanager" filename="policy/modules/services/modemmanager.if">
<summary>Provides a DBus interface to communicate with mobile broadband (GSM, CDMA, UMTS, ...) cards.</summary>
<interface name="modemmanager_domtrans" lineno="13">
<summary>
Execute a domain transition to run modemmanager.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="modemmanager_dbus_chat" lineno="32">
<summary>
Send and receive messages from
modemmanager over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="monop" filename="policy/modules/services/monop.if">
<summary>Monopoly daemon</summary>
</module>
<module name="mpd" filename="policy/modules/services/mpd.if">
<summary>policy for daemon for playing music</summary>
<interface name="mpd_domtrans" lineno="13">
<summary>
Execute a domain transition to run mpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mpd_initrc_domtrans" lineno="32">
<summary>
Execute mpd server in the mpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_read_data_files" lineno="50">
<summary>
Read mpd data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_read_tmpfs_files" lineno="69">
<summary>
Read mpd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_manage_tmpfs_files" lineno="88">
<summary>
Manage mpd tmpfs files.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="mpd_manage_data_files" lineno="108">
<summary>
Manage mpd data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_search_lib" lineno="128">
<summary>
Search mpd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_read_lib_files" lineno="147">
<summary>
Read mpd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_manage_lib_files" lineno="167">
<summary>
Create, read, write, and delete
mpd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_var_lib_filetrans" lineno="197">
<summary>
Create an object in the root directory, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="mpd_manage_lib_dirs" lineno="215">
<summary>
Manage mpd lib dirs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_dbus_chat" lineno="235">
<summary>
Send and receive messages from
mpd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mpd_admin" lineno="262">
<summary>
All of the rules required to administrate
an mpd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mta" filename="policy/modules/services/mta.if">
<summary>Policy common to all email tranfer agents.</summary>
<interface name="mta_stub" lineno="13">
<summary>
MTA stub interface. No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="mta_base_mail_template" lineno="41">
<summary>
Basic mail transfer agent domain template.
</summary>
<desc>
<p>
This template creates a derived domain which is
a email transfer agent, which sends mail on
behalf of the user.
</p>
<p>
This is the basic types and rules, common
to the system agent and user agents.
</p>
</desc>
<param name="domain_prefix">
<summary>
The prefix of the domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<interface name="mta_filetrans_aliases" lineno="164">
<summary>
Type transition files created in calling dir
to the mail address aliases type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="domain">
<summary>
Directory to transition on.
</summary>
</param>
</interface>
<interface name="mta_role" lineno="187">
<summary>
Role access for mta
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="mta_read_home" lineno="214">
<summary>
ALlow domain to read mail content in the homedir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_manage_home_rw" lineno="234">
<summary>
Allow domain to manage mail content in the homedir
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_mailserver" lineno="260">
<summary>
Make the specified domain usable for a mail server.
</summary>
<param name="type">
<summary>
Type to be used as a mail server domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="mta_agent_executable" lineno="279">
<summary>
Make the specified type a MTA executable file.
</summary>
<param name="type">
<summary>
Type to be used as a mail client.
</summary>
</param>
</interface>
<interface name="mta_dontaudit_leaks_system_mail" lineno="299">
<summary>
Dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="mta_system_content" lineno="318">
<summary>
Make the specified type by a system MTA.
</summary>
<param name="type">
<summary>
Type to be used as a mail client.
</summary>
</param>
</interface>
<interface name="mta_sendmail_mailserver" lineno="351">
<summary>
Modified mailserver interface for
sendmail daemon use.
</summary>
<desc>
<p>
A modified MTA mail server interface for
the sendmail program. It's design does
not fit well with policy, and using the
regular interface causes a type_transition
conflict if direct running of init scripts
is enabled.
</p>
<p>
This interface should most likely only be used
by the sendmail policy.
</p>
</desc>
<param name="domain">
<summary>
The type to be used for the mail server.
</summary>
</param>
</interface>
<interface name="mta_mailserver_sender" lineno="372">
<summary>
Make a type a mailserver type used
for sending mail.
</summary>
<param name="domain">
<summary>
Mail server domain type used for sending mail.
</summary>
</param>
</interface>
<interface name="mta_mailserver_delivery" lineno="391">
<summary>
Make a type a mailserver type used
for delivering mail to local users.
</summary>
<param name="domain">
<summary>
Mail server domain type used for delivering mail.
</summary>
</param>
</interface>
<interface name="mta_mailserver_user_agent" lineno="412">
<summary>
Make a type a mailserver type used
for sending mail on behalf of local
users to the local mail spool.
</summary>
<param name="domain">
<summary>
Mail server domain type used for sending local mail.
</summary>
</param>
</interface>
<interface name="mta_send_mail" lineno="437">
<summary>
Send mail from the system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_signal" lineno="468">
<summary>
Send mail client a signal
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="mta_sendmail_domtrans" lineno="501">
<summary>
Execute send mail in a specified domain.
</summary>
<desc>
<p>
Execute send mail in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain to transition from.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="mta_signal_system_mail" lineno="528">
<summary>
Send system mail client a signal
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_kill_system_mail" lineno="546">
<summary>
Send system mail client a kill signal
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_sendmail_exec" lineno="564">
<summary>
Execute sendmail in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_read_config" lineno="583">
<summary>
Read mail server configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mta_write_config" lineno="605">
<summary>
write mail server configuration.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mta_read_aliases" lineno="624">
<summary>
Read mail address aliases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_manage_aliases" lineno="643">
<summary>
Create, read, write, and delete mail address aliases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_etc_filetrans_aliases" lineno="664">
<summary>
Type transition files created in /etc
to the mail address aliases type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_rw_aliases" lineno="683">
<summary>
Read and write mail aliases.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mta_dontaudit_rw_delivery_tcp_sockets" lineno="703">
<summary>
Do not audit attempts to read and write TCP
sockets of mail delivery domains.
</summary>
<param name="domain">
<summary>
Mail server domain.
</summary>
</param>
</interface>
<interface name="mta_tcp_connect_all_mailservers" lineno="721">
<summary>
Connect to all mail servers over TCP. (Deprecated)
</summary>
<param name="domain">
<summary>
Mail server domain.
</summary>
</param>
</interface>
<interface name="mta_dontaudit_read_spool_symlinks" lineno="736">
<summary>
Do not audit attempts to read a symlink
in the mail spool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_getattr_spool" lineno="754">
<summary>
Get the attributes of mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_dontaudit_getattr_spool_files" lineno="776">
<summary>
Do not audit attempts to get the attributes
of mail spool files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_spool_filetrans" lineno="808">
<summary>
Create private objects in the
mail spool directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="mta_rw_spool" lineno="827">
<summary>
Read and write the mail spool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_append_spool" lineno="849">
<summary>
Create, read, and write the mail spool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_delete_spool" lineno="871">
<summary>
Delete from the mail spool.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_manage_spool" lineno="890">
<summary>
Create, read, write, and delete mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_search_queue" lineno="911">
<summary>
Search mail queue dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_list_queue" lineno="930">
<summary>
List the mail queue.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_read_queue" lineno="949">
<summary>
Read the mail queue.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_dontaudit_rw_queue" lineno="969">
<summary>
Do not audit attempts to read and
write the mail queue.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="mta_manage_queue" lineno="989">
<summary>
Create, read, write, and delete
mail queue files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_spool_filetrans_queue" lineno="1020">
<summary>
Type transition files created in calling dir
to the mail address aliases type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
Directory to transition on.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="mta_read_sendmail_bin" lineno="1040">
<summary>
Read sendmail binary.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_rw_user_mail_stream_sockets" lineno="1059">
<summary>
Read and write unix domain stream sockets
of user mail domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mta_signal_user_agent" lineno="1077">
<summary>
Send all user mail client a signal
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="munin" filename="policy/modules/services/munin.if">
<summary>Munin network-wide load graphing (formerly LRRD)</summary>
<interface name="munin_stream_connect" lineno="14">
<summary>
Connect to munin over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="munin_read_config" lineno="34">
<summary>
Read munin configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="munin_dontaudit_leaks" lineno="55">
<summary>
dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="munin_append_log" lineno="74">
<summary>
Append to the munin log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="munin_search_lib" lineno="94">
<summary>
Search munin library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="munin_dontaudit_search_lib" lineno="114">
<summary>
Do not audit attempts to search
munin library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="munin_plugin_template" lineno="133">
<summary>
Create a set of derived types for various
munin plugins,
</summary>
<param name="plugins_group_name">
<summary>
The name to be used for deriving type names.
</summary>
</param>
</template>
<interface name="munin_admin" lineno="180">
<summary>
All of the rules required to administrate
an munin environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the munin domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="mysql" filename="policy/modules/services/mysql.if">
<summary>Policy for MySQL</summary>
<interface name="mysql_domtrans" lineno="13">
<summary>
Execute MySQL in the mysql domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_exec" lineno="31">
<summary>
Execute MySQL in the coller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_safe_exec" lineno="49">
<summary>
Execute MySQL_safe in the coller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_signal" lineno="67">
<summary>
Send a generic signal to MySQL.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_tcp_connect" lineno="85">
<summary>
Allow the specified domain to connect to postgresql with a tcp socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_stream_connect" lineno="107">
<summary>
Connect to MySQL using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mysql_read_config" lineno="128">
<summary>
Read MySQL configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mysql_search_db" lineno="151">
<summary>
Search the directories that contain MySQL
database storage.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_list_db" lineno="171">
<summary>
List the directories that contain MySQL
database storage.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_rw_db_dirs" lineno="190">
<summary>
Read and write to the MySQL database directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_manage_db_dirs" lineno="209">
<summary>
Create, read, write, and delete MySQL database directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_append_db_files" lineno="228">
<summary>
Append to the MySQL database directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_rw_db_files" lineno="247">
<summary>
Read and write to the MySQL database directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_manage_db_files" lineno="266">
<summary>
Create, read, write, and delete MySQL database files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_rw_db_sockets" lineno="286">
<summary>
Read and write to the MySQL database
named socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_write_log" lineno="306">
<summary>
Write to the MySQL log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_domtrans_mysql_safe" lineno="325">
<summary>
Execute MySQL server in the mysql domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_read_pid_files" lineno="343">
<summary>
Read MySQL PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_search_pid_files" lineno="363">
<summary>
Search MySQL PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mysql_admin" lineno="387">
<summary>
All of the rules required to administrate an mysql environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the mysql domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="mysql_connect_any" dftval="false">
<desc>
<p>
Allow mysqld to connect to all ports
</p>
</desc>
</tunable>
</module>
<module name="nagios" filename="policy/modules/services/nagios.if">
<summary>Net Saint / NAGIOS - network monitoring server</summary>
<interface name="nagios_dontaudit_rw_pipes" lineno="15">
<summary>
Do not audit attempts to read or write nagios
unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nagios_read_config" lineno="35">
<summary>
Allow the specified domain to read
nagios configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nagios_read_tmp_files" lineno="56">
<summary>
Allow the specified domain to read
nagios temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_rw_inerited_tmp_files" lineno="76">
<summary>
Allow the specified domain to read
nagios temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_domtrans_nrpe" lineno="96">
<summary>
Execute the nagios NRPE with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_search_spool" lineno="114">
<summary>
Search nagios spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_read_log" lineno="133">
<summary>
Read nagios logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_dontaudit_rw_log" lineno="152">
<summary>
dontaudit Read and write nagios logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="nagios_plugin_template" lineno="171">
<summary>
Create a set of derived types for various
nagios plugins,
</summary>
<param name="plugins_group_name">
<summary>
The name to be used for deriving type names.
</summary>
</param>
</template>
<interface name="nrpe_dontaudit_write_pipes" lineno="223">
<summary>
Do not audit attempts to write nrpe daemon unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nagios_admin" lineno="248">
<summary>
All of the rules required to administrate
an nagios environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the nagios domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="nessus" filename="policy/modules/services/nessus.if">
<summary>Nessus network scanning daemon</summary>
<interface name="nessus_tcp_connect" lineno="13">
<summary>
Connect to nessus over a TCP socket (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="networkmanager" filename="policy/modules/services/networkmanager.if">
<summary>Manager for dynamically switching between networks.</summary>
<interface name="networkmanager_rw_udp_sockets" lineno="14">
<summary>
Read and write NetworkManager UDP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_rw_packet_sockets" lineno="33">
<summary>
Read and write NetworkManager packet sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_rw_routing_sockets" lineno="53">
<summary>
Read and write NetworkManager netlink
routing sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_domtrans" lineno="71">
<summary>
Execute NetworkManager with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_dbus_chat" lineno="91">
<summary>
Send and receive messages from
NetworkManager over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_dontaudit_dbus_chat" lineno="112">
<summary>
Send and receive messages from
NetworkManager over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_signal" lineno="132">
<summary>
Send a generic signal to NetworkManager
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_initrc_domtrans" lineno="150">
<summary>
Execute NetworkManager scripts with an automatic domain transition to initrc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_pid_files" lineno="168">
<summary>
Read NetworkManager PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_read_var_lib_files" lineno="187">
<summary>
Read NetworkManager PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_run" lineno="214">
<summary>
Execute NetworkManager in the NetworkManager domain, and
allow the specified role the NetworkManager domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the NetworkManager domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="networkmanager_attach_tun_iface" lineno="233">
<summary>
Allow caller to relabel tun_socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="networkmanager_append_log" lineno="253">
<summary>
Allow the specified domain to append
to Network Manager log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="nis" filename="policy/modules/services/nis.if">
<summary>Policy for NIS (YP) servers and clients</summary>
<interface name="nis_use_ypbind_uncond" lineno="26">
<summary>
Use the ypbind service to access NIS services
unconditionally.
</summary>
<desc>
<p>
Use the ypbind service to access NIS services
unconditionally.
</p>
<p>
This interface was added because of apache and
spamassassin, to fix a nested conditionals problem.
When that support is added, this should be removed,
and the regular interface should be used.
</p>
</desc>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="nis_use_ypbind" lineno="91">
<summary>
Use the ypbind service to access NIS services.
</summary>
<desc>
<p>
Allow the specified domain to use the ypbind service
to access Network Information Service (NIS) services.
Information that can be retreived from NIS includes
usernames, passwords, home directories, and groups.
If the network is configured to have a single sign-on
using NIS, it is likely that any program that does
authentication will need this access.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
<rolecap/>
</interface>
<interface name="nis_authenticate" lineno="108">
<summary>
Use the nis to authenticate passwords
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nis_domtrans_ypbind" lineno="126">
<summary>
Execute ypbind in the ypbind domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_run_ypbind" lineno="152">
<summary>
Execute ypbind in the ypbind domain, and
allow the specified role the ypbind domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the ypbind domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="nis_signal_ypbind" lineno="171">
<summary>
Send generic signals to ypbind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_list_var_yp" lineno="189">
<summary>
List the contents of the NIS data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_udp_send_ypbind" lineno="208">
<summary>
Send UDP network traffic to NIS clients. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_tcp_connect_ypbind" lineno="222">
<summary>
Connect to ypbind over TCP. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_read_ypbind_pid" lineno="236">
<summary>
Read ypbind pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_delete_ypbind_pid" lineno="255">
<summary>
Delete ypbind pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_read_ypserv_config" lineno="274">
<summary>
Read ypserv configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_domtrans_ypxfr" lineno="293">
<summary>
Execute ypxfr in the ypxfr domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_initrc_domtrans" lineno="313">
<summary>
Execute nis server in the nis domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_initrc_domtrans_ypbind" lineno="331">
<summary>
Execute nis server in the nis domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nis_admin" lineno="356">
<summary>
All of the rules required to administrate
an nis environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="nova" filename="policy/modules/services/nova.if">
<summary>openstack-nova</summary>
<interface name="nova_manage_lib_files" lineno="13">
<summary>
Manage nova lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="nova_domain_template" lineno="33">
<summary>
Creates types and rules for a basic
openstack-nova systemd daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
</module>
<module name="nscd" filename="policy/modules/services/nscd.if">
<summary>Name service cache daemon</summary>
<interface name="nscd_signal" lineno="13">
<summary>
Send generic signals to NSCD.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_kill" lineno="31">
<summary>
Send NSCD the kill signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_signull" lineno="49">
<summary>
Send signulls to NSCD.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_domtrans" lineno="67">
<summary>
Execute NSCD in the nscd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="nscd_exec" lineno="87">
<summary>
Allow the specified domain to execute nscd
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_socket_use" lineno="106">
<summary>
Use NSCD services by connecting using
a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_use" lineno="136">
<summary>
Use nscd services
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_shm_use" lineno="155">
<summary>
Use NSCD services by mapping the database from
an inherited NSCD file descriptor.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_dontaudit_search_pid" lineno="188">
<summary>
Do not audit attempts to search the NSCD pid directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_read_pid" lineno="206">
<summary>
Read NSCD pid file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_unconfined" lineno="225">
<summary>
Unconfined access to NSCD services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_run" lineno="250">
<summary>
Execute nscd in the nscd domain, and
allow the specified role the nscd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the nscd domain.
</summary>
</param>
</interface>
<interface name="nscd_initrc_domtrans" lineno="269">
<summary>
Execute the nscd server init script.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nscd_admin" lineno="294">
<summary>
All of the rules required to administrate
an nscd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the nscd domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="nscd_use_shm" dftval="false">
<desc>
<p>
Allow confined applications to use nscd shared memory.
</p>
</desc>
</tunable>
</module>
<module name="nsd" filename="policy/modules/services/nsd.if">
<summary>Authoritative only name server</summary>
<interface name="nsd_udp_chat" lineno="13">
<summary>
Send and receive datagrams from NSD. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nsd_tcp_connect" lineno="27">
<summary>
Connect to NSD over a TCP socket (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="nslcd" filename="policy/modules/services/nslcd.if">
<summary>nslcd - local LDAP name service daemon.</summary>
<interface name="nslcd_domtrans" lineno="13">
<summary>
Execute a domain transition to run nslcd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="nslcd_initrc_domtrans" lineno="31">
<summary>
Execute nslcd server in the nslcd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="nslcd_read_pid_files" lineno="49">
<summary>
Read nslcd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nslcd_stream_connect" lineno="68">
<summary>
Connect to nslcd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed to connect.
</summary>
</param>
</interface>
<interface name="nslcd_admin" lineno="94">
<summary>
All of the rules required to administrate
an nslcd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ntop" filename="policy/modules/services/ntop.if">
<summary>Network Top</summary>
<interface name="ntop_domtrans" lineno="13">
<summary>
Execute a domain transition to run ntop.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ntop_initrc_domtrans" lineno="31">
<summary>
Execute ntop server in the ntop domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ntop_read_config" lineno="49">
<summary>
Read ntop content in /etc
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntop_search_lib" lineno="68">
<summary>
Search ntop dirs in /var/lib
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntop_read_lib_files" lineno="87">
<summary>
Read ntop files in /var/lib
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntop_manage_lib_files" lineno="106">
<summary>
Manage ntop files in /var/lib
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntop_admin" lineno="132">
<summary>
All of the rules required to administrate
an ntop environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ntp" filename="policy/modules/services/ntp.if">
<summary>Network time protocol daemon</summary>
<interface name="ntp_stub" lineno="13">
<summary>
NTP stub interface. No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ntp_domtrans" lineno="29">
<summary>
Execute ntp server in the ntpd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ntp_run" lineno="55">
<summary>
Execute ntp in the ntp domain, and
allow the specified role the ntp domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ntp_domtrans_ntpdate" lineno="74">
<summary>
Execute ntp server in the ntpd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ntp_initrc_domtrans" lineno="93">
<summary>
Execute ntp server in the ntpd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ntp_rw_shm" lineno="111">
<summary>
Read and write ntpd shared memory.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ntp_admin" lineno="140">
<summary>
All of the rules required to administrate
an ntp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the ntp domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="numad" filename="policy/modules/services/numad.if">
<summary>policy for numad</summary>
<interface name="numad_domtrans" lineno="13">
<summary>
Transition to numad.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="numad_admin" lineno="33">
<summary>
All of the rules required to administrate
an numad environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="nut" filename="policy/modules/services/nut.if">
<summary>nut - Network UPS Tools </summary>
</module>
<module name="nx" filename="policy/modules/services/nx.if">
<summary>NX remote desktop</summary>
<interface name="nx_spec_domtrans_server" lineno="13">
<summary>
Transition to NX server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nx_read_home_files" lineno="31">
<summary>
Read nx home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nx_search_var_lib" lineno="51">
<summary>
Read nx home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="nx_var_lib_filetrans" lineno="80">
<summary>
Create an object in the root directory, with a private
type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
</module>
<module name="oav" filename="policy/modules/services/oav.if">
<summary>Open AntiVirus scannerdaemon and signature update</summary>
<interface name="oav_domtrans_update" lineno="13">
<summary>
Execute oav_update in the oav_update domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oav_run_update" lineno="39">
<summary>
Execute oav_update in the oav_update domain, and
allow the specified role the oav_update domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the oav_update domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="oddjob" filename="policy/modules/services/oddjob.if">
<summary>
Oddjob provides a mechanism by which unprivileged applications can
request that specified privileged operations be performed on their
behalf.
</summary>
<interface name="oddjob_domtrans" lineno="17">
<summary>
Execute a domain transition to run oddjob.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="oddjob_dontaudit_rw_fifo_file" lineno="36">
<summary>
Do not audit attempts to read and write
oddjob fifo file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="oddjob_system_entry" lineno="60">
<summary>
Make the specified program domain accessable
from the oddjob.
</summary>
<param name="domain">
<summary>
The type of the process to transition to.
</summary>
</param>
<param name="entrypoint">
<summary>
The type of the file used as an entrypoint to this domain.
</summary>
</param>
</interface>
<interface name="oddjob_dbus_chat" lineno="80">
<summary>
Send and receive messages from
oddjob over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oddjob_sigchld" lineno="100">
<summary>
Send a SIGCHLD signal to oddjob.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oddjob_domtrans_mkhomedir" lineno="118">
<summary>
Execute a domain transition to run oddjob_mkhomedir.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="oddjob_run_mkhomedir" lineno="142">
<summary>
Execute the oddjob_mkhomedir program in the oddjob_mkhomedir domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="oddjob_ranged_domain" lineno="172">
<summary>
Create a domain which can be started by init,
with a range transition.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
</interface>
</module>
<module name="oident" filename="policy/modules/services/oident.if">
<summary>SELinux policy for Oident daemon.</summary>
<desc>
<p>
Oident daemon is a server that implements the TCP/IP
standard IDENT user identification protocol as
specified in the RFC 1413 document.
</p>
</desc>
<interface name="oident_read_user_content" lineno="21">
<summary>
Allow the specified domain to read
Oidentd personal configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oident_manage_user_content" lineno="41">
<summary>
Allow the specified domain to create, read, write, and delete
Oidentd personal configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oident_relabel_user_content" lineno="61">
<summary>
Allow the specified domain to relabel
Oidentd personal configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="openca" filename="policy/modules/services/openca.if">
<summary>OpenCA - Open Certificate Authority</summary>
<interface name="openca_domtrans" lineno="14">
<summary>
Execute the OpenCA program with
a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openca_signal" lineno="34">
<summary>
Send OpenCA generic signals.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openca_sigstop" lineno="52">
<summary>
Send OpenCA stop signals.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openca_kill" lineno="70">
<summary>
Kill OpenCA.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="openct" filename="policy/modules/services/openct.if">
<summary>Service for handling smart card readers.</summary>
<interface name="openct_signull" lineno="13">
<summary>
Send openct a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_exec" lineno="31">
<summary>
Execute openct in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_domtrans" lineno="50">
<summary>
Execute a domain transition to run openct.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openct_read_pid_files" lineno="69">
<summary>
Read openct PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openct_stream_connect" lineno="88">
<summary>
Connect to openct over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="openhpid" filename="policy/modules/services/openhpid.if">
<summary>policy for openhpid</summary>
<interface name="openhpid_domtrans" lineno="14">
<summary>
Transition to openhpid.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openhpid_initrc_domtrans" lineno="34">
<summary>
Execute openhpid server in the openhpid domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openhpid_search_lib" lineno="53">
<summary>
Search openhpid lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openhpid_read_lib_files" lineno="72">
<summary>
Read openhpid lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openhpid_manage_lib_files" lineno="91">
<summary>
Manage openhpid lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openhpid_manage_lib_dirs" lineno="110">
<summary>
Manage openhpid lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openhpid_admin" lineno="137">
<summary>
All of the rules required to administrate
an openhpid environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="openshift-origin" filename="policy/modules/services/openshift-origin.if">
<summary></summary>
</module>
<module name="openshift" filename="policy/modules/services/openshift.if">
<summary> policy for openshift </summary>
<interface name="openshift_initrc_domtrans" lineno="13">
<summary>
Execute openshift server in the openshift domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="openshift_dontaudit_read_initrc" lineno="32">
<summary>
Execute openshift server in the openshift domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="openshift_initrc_run" lineno="54">
<summary>
Execute openshift server in the openshift domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
Role access to this domain.
</summary>
</param>
</interface>
<interface name="openshift_initrc_signull" lineno="74">
<summary>
Send a null signal to openshift init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_initrc_signal" lineno="92">
<summary>
Send a signal to openshift init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_search_cache" lineno="110">
<summary>
Search openshift cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_read_cache_files" lineno="129">
<summary>
Read openshift cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_cache_files" lineno="149">
<summary>
Create, read, write, and delete
openshift cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_cache_dirs" lineno="169">
<summary>
Create, read, write, and delete
openshift cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_read_log" lineno="190">
<summary>
Allow the specified domain to read openshift's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="openshift_append_log" lineno="210">
<summary>
Allow the specified domain to append
openshift log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openshift_manage_log" lineno="229">
<summary>
Allow domain to manage openshift log files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="openshift_getattr_lib" lineno="250">
<summary>
Getattr openshift lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_search_lib" lineno="269">
<summary>
Search openshift lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_read_lib_files" lineno="290">
<summary>
Read openshift lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_append_lib_files" lineno="311">
<summary>
Read openshift lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_lib_files" lineno="331">
<summary>
Create, read, write, and delete
openshift lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_lib_dirs" lineno="351">
<summary>
Manage openshift lib dirs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_content" lineno="370">
<summary>
Manage openshift lib content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_lib_filetrans" lineno="407">
<summary>
Create private objects in the
mail lib directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<param name="name" optional="true">
<summary>
The name of the object being created.
</summary>
</param>
</interface>
<interface name="openshift_read_pid_files" lineno="426">
<summary>
Read openshift PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_admin" lineno="453">
<summary>
All of the rules required to administrate
an openshift environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<template name="openshift_service_domain_template" lineno="496">
<summary>
Make the specified type usable as a openshift domain.
</summary>
<param name="openshiftdomain_prefix">
<summary>
The prefix of the domain (e.g., openshift
is the prefix for openshift_t).
</summary>
</param>
</template>
<template name="openshift_net_type" lineno="542">
<summary>
Make the specified type usable as a openshift domain.
</summary>
<param name="type">
<summary>
Type to be used as a openshift domain type.
</summary>
</param>
</template>
<interface name="openshift_rw_inherited_content" lineno="560">
<summary>
Read and write inherited openshift files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_tmp_files" lineno="578">
<summary>
Manage openshift tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_manage_tmp_sockets" lineno="596">
<summary>
Manage openshift tmp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_mounton_tmp" lineno="614">
<summary>
Mounton openshift tmp directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_dontaudit_rw_inherited_fifo_files" lineno="632">
<summary>
Dontaudit Read and write inherited script fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openshift_transition" lineno="651">
<summary>
Allow calling app to transition to an openshift domain
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<rolecap/>
</interface>
<interface name="openshift_dyntransition" lineno="675">
<summary>
Allow calling app to transition to an openshift domain
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<rolecap/>
</interface>
<interface name="openshift_run" lineno="705">
<summary>
Execute openshift in the openshift domain, and
allow the specified role the openshift domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
<tunable name="openshift_use_nfs" dftval="false">
<desc>
<p>
Allow openshift to access nfs file systems without labels
</p>
</desc>
</tunable>
</module>
<module name="openvpn" filename="policy/modules/services/openvpn.if">
<summary>full-featured SSL VPN solution</summary>
<interface name="openvpn_domtrans" lineno="13">
<summary>
Execute OPENVPN clients in the openvpn domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_run" lineno="38">
<summary>
Execute OPENVPN clients in the openvpn domain, and
allow the specified role the openvpn domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the openvpn domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="openvpn_kill" lineno="57">
<summary>
Send OPENVPN clients the kill signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_signal" lineno="75">
<summary>
Send generic signals to OPENVPN clients.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_signull" lineno="93">
<summary>
Send signulls to OPENVPN clients.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvpn_read_config" lineno="113">
<summary>
Allow the specified domain to read
OpenVPN configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="openvpn_admin" lineno="141">
<summary>
All of the rules required to administrate
an openvpn environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the openvpn domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="openvpn_enable_homedirs" dftval="false">
<desc>
<p>
Allow openvpn to read home directories
</p>
</desc>
</tunable>
<tunable name="openvpn_run_unconfined" dftval="false">
<desc>
<p>
Allow openvpn to run unconfined scripts
</p>
</desc>
</tunable>
</module>
<module name="openvswitch" filename="policy/modules/services/openvswitch.if">
<summary> Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. </summary>
<interface name="openvswitch_domain_template" lineno="14">
<summary>
Transition to openvswitch.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openvswitch_domtrans" lineno="36">
<summary>
Execute TEMPLATE in the openvswitch domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="openvswitch_stream_connect" lineno="55">
<summary>
Allow stream connect to openvswitch.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_read_pid_files" lineno="74">
<summary>
Read openvswitch PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_search_lib" lineno="93">
<summary>
Search openvswitch lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_read_lib_files" lineno="112">
<summary>
Read openvswitch lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_manage_lib_files" lineno="131">
<summary>
Manage openvswitch lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="openvswitch_manage_lib_dirs" lineno="150">
<summary>
Manage openvswitch lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="openwsman" filename="policy/modules/services/openwsman.if">
<summary>WS-Management Server</summary>
<interface name="openwsman_domtrans" lineno="13">
<summary>
Execute openwsman in the openwsman domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="oracleasm" filename="policy/modules/services/oracleasm.if">
<summary>policy for oracleasm</summary>
<interface name="oracleasm_domtrans" lineno="13">
<summary>
Transition to oracleasm.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="oracleasm_initrc_domtrans" lineno="33">
<summary>
Execute oracleasm server in the oracleasm domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="oracleasm_admin" lineno="59">
<summary>
All of the rules required to administrate
an oracleasm environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="osad" filename="policy/modules/services/osad.if">
<summary>Client-side service written in Python that responds to pings and runs rhn_check when told to by osa-dispatcher. </summary>
<interface name="osad_domtrans" lineno="13">
<summary>
Execute osad in the osad domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="osad_initrc_domtrans" lineno="32">
<summary>
Execute osad server in the osad domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="osad_read_log" lineno="50">
<summary>
Read osad's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="osad_append_log" lineno="69">
<summary>
Append to osad log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="osad_manage_log" lineno="88">
<summary>
Manage osad log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="osad_read_pid_files" lineno="108">
<summary>
Read osad PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="osad_admin" lineno="135">
<summary>
All of the rules required to administrate
an osad environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pacemaker" filename="policy/modules/services/pacemaker.if">
<summary>policy for pacemaker</summary>
<interface name="pacemaker_domtrans" lineno="13">
<summary>
Transition to pacemaker.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pacemaker_initrc_domtrans" lineno="32">
<summary>
Execute pacemaker server in the pacemaker domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_search_lib" lineno="50">
<summary>
Search pacemaker lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_read_lib_files" lineno="69">
<summary>
Read pacemaker lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_manage_lib_files" lineno="88">
<summary>
Manage pacemaker lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_manage_lib_dirs" lineno="107">
<summary>
Manage pacemaker lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_read_pid_files" lineno="126">
<summary>
Read pacemaker PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pacemaker_admin" lineno="152">
<summary>
All of the rules required to administrate
an pacemaker environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pads" filename="policy/modules/services/pads.if">
<summary>Passive Asset Detection System</summary>
<desc>
<p>
PADS is a libpcap based detection engine used to
passively detect network assets. It is designed to
complement IDS technology by providing context to IDS
alerts.
</p>
</desc>
<interface name="pads_admin" lineno="28">
<summary>
All of the rules required to administrate
an pads environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="passenger" filename="policy/modules/services/passenger.if">
<summary>Ruby on rails deployment for Apache and Nginx servers.</summary>
<interface name="passenger_domtrans" lineno="13">
<summary>
Execute passenger in the passenger domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="passenger_exec" lineno="31">
<summary>
Execute passenger in the current domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="passenger_read_lib_files" lineno="49">
<summary>
Read passenger lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_manage_lib_files" lineno="69">
<summary>
Manage passenger lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_manage_pid_content" lineno="90">
<summary>
Manage passenger var_run content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_stream_connect" lineno="112">
<summary>
Connect to passenger unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_manage_tmp_files" lineno="130">
<summary>
Allow to manage passenger tmp files/dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="passenger_rw_tmp_sock_files" lineno="150">
<summary>
Allow to manage passenger tmp sock_files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="pcp" filename="policy/modules/services/pcp.if">
<summary>The pcp command summarizes the status of a Performance Co-Pilot (PCP) installation</summary>
<template name="pcp_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
pcp daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="pcp_read_lib_files" lineno="38">
<summary>
Allow domain to read pcp lib files
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</interface>
<interface name="pcp_admin" lineno="58">
<summary>
All of the rules required to administrate
an pcp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="pcp_pmie_exec" lineno="102">
<summary>
Allow the specified domain to execute pcp_pmie
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pcp_pmlogger_exec" lineno="122">
<summary>
Allow the specified domain to execute pcp_pmlogger
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<tunable name="pcp_bind_all_unreserved_ports" dftval="false">
<desc>
<p>
Allow pcp to bind to all unreserved_ports
</p>
</desc>
</tunable>
</module>
<module name="pcscd" filename="policy/modules/services/pcscd.if">
<summary>PCSC smart card service</summary>
<interface name="pcscd_domtrans" lineno="13">
<summary>
Execute a domain transition to run pcscd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pcscd_read_pub_files" lineno="31">
<summary>
Read pcscd pub files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_manage_pub_files" lineno="50">
<summary>
Manage pcscd pub files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_manage_pub_pipes" lineno="69">
<summary>
Manage pcscd pub fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcscd_stream_connect" lineno="88">
<summary>
Connect to pcscd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="pegasus" filename="policy/modules/services/pegasus.if">
<summary>The Open Group Pegasus CIM/WBEM Server.</summary>
</module>
<module name="perdition" filename="policy/modules/services/perdition.if">
<summary>Perdition POP and IMAP proxy</summary>
<interface name="perdition_tcp_connect" lineno="13">
<summary>
Connect to perdition over a TCP socket (Deprecated)
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="pingd" filename="policy/modules/services/pingd.if">
<summary>Pingd of the Whatsup cluster node up/down detection utility</summary>
<interface name="pingd_domtrans" lineno="13">
<summary>
Execute a domain transition to run pingd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pingd_read_config" lineno="31">
<summary>
Read pingd etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pingd_manage_config" lineno="50">
<summary>
Manage pingd etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pingd_admin" lineno="78">
<summary>
All of the rules required to administrate
an pingd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the pingd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="piranha" filename="policy/modules/services/piranha.if">
<summary>policy for piranha</summary>
<template name="piranha_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
cluster init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="piranha_domtrans_fos" lineno="64">
<summary>
Execute a domain transition to run fos.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="piranha_domtrans_lvs" lineno="82">
<summary>
Execute a domain transition to run lvsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="piranha_domtrans_pulse" lineno="100">
<summary>
Execute a domain transition to run pulse.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="piranha_pulse_initrc_domtrans" lineno="118">
<summary>
Execute pulse server in the pulse domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="piranha_read_log" lineno="137">
<summary>
Allow the specified domain to read piranha's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="piranha_append_log" lineno="157">
<summary>
Allow the specified domain to append
piranha log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="piranha_manage_log" lineno="176">
<summary>
Allow domain to manage piranha log files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<tunable name="piranha_lvs_can_network_connect" dftval="false">
<desc>
<p>
Allow piranha-lvs domain to connect to the network using TCP.
</p>
</desc>
</tunable>
</module>
<module name="pkcsslotd" filename="policy/modules/services/pkcsslotd.if">
<summary>policy for pkcsslotd</summary>
<interface name="pkcsslotd_domtrans" lineno="13">
<summary>
Transition to pkcsslotd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="pkcsslotd_search_lib" lineno="32">
<summary>
Search pkcsslotd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcsslotd_read_lib_files" lineno="51">
<summary>
Read pkcsslotd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcsslotd_manage_lib_files" lineno="70">
<summary>
Manage pkcsslotd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcsslotd_manage_lib_dirs" lineno="89">
<summary>
Manage pkcsslotd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pkcsslotd_admin" lineno="109">
<summary>
All of the rules required to administrate
an pkcsslotd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="plymouthd" filename="policy/modules/services/plymouthd.if">
<summary>policy for plymouthd</summary>
<interface name="plymouthd_domtrans" lineno="13">
<summary>
Execute a domain transition to run plymouthd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="plymouthd_exec" lineno="31">
<summary>
Execute the plymoth daemon in the current domain
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="plymouthd_exec_plymouth" lineno="49">
<summary>
Execute the plymoth command in the current domain
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="plymouthd_domtrans_plymouth" lineno="67">
<summary>
Execute a domain transition to run plymouthd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="plymouthd_read_pid_files" lineno="86">
<summary>
Read plymouthd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_manage_var_run" lineno="105">
<summary>
Manage plymouthd var_run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_search_lib" lineno="126">
<summary>
Search plymouthd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_read_lib_files" lineno="145">
<summary>
Read plymouthd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_manage_lib_files" lineno="165">
<summary>
Create, read, write, and delete
plymouthd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_manage_var_lib" lineno="184">
<summary>
Manage plymouthd var_lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_search_spool" lineno="205">
<summary>
Search plymouthd spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_read_spool_files" lineno="224">
<summary>
Read plymouthd spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_manage_spool_files" lineno="244">
<summary>
Create, read, write, and delete
plymouthd spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_manage_spool" lineno="263">
<summary>
Allow domain to manage plymouthd spool files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="plymouthd_admin" lineno="284">
<summary>
All of the rules required to administrate
an plymouthd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="plymouthd_stream_connect" lineno="314">
<summary>
Allow domain to Stream socket connect
to Plymouth daemon.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="policykit" filename="policy/modules/services/policykit.if">
<summary>Policy framework for controlling privileges for system-wide services.</summary>
<interface name="policykit_dbus_chat" lineno="14">
<summary>
Send and receive messages from
policykit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_dbus_chat_auth" lineno="37">
<summary>
Send and receive messages from
policykit over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_domtrans_auth" lineno="59">
<summary>
Execute a domain transition to run polkit_auth.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="policykit_run_auth" lineno="83">
<summary>
Execute a policy_auth in the policy_auth domain, and
allow the specified role the policy_auth domain,
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the load_policy domain.
</summary>
</param>
</interface>
<interface name="policykit_domtrans_grant" lineno="105">
<summary>
Execute a domain transition to run polkit_grant.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="policykit_run_grant" lineno="130">
<summary>
Execute a policy_grant in the policy_grant domain, and
allow the specified role the policy_grant domain,
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the load_policy domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="policykit_read_reload" lineno="153">
<summary>
read policykit reload files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_rw_reload" lineno="172">
<summary>
rw policykit reload files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_domtrans_resolve" lineno="191">
<summary>
Execute a domain transition to run polkit_resolve.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="policykit_search_lib" lineno="211">
<summary>
Search policykit lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="policykit_read_lib" lineno="230">
<summary>
read policykit lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="policykit_role" lineno="257">
<summary>
The per role template for the policykit module.
</summary>
<param name="user_role">
<summary>
Role allowed access
</summary>
</param>
<param name="user_domain">
<summary>
User domain for the role
</summary>
</param>
</template>
<interface name="policykit_signal_auth" lineno="274">
<summary>
Send generic signal to policy_auth
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="portmap" filename="policy/modules/services/portmap.if">
<summary>RPC port mapping service.</summary>
<interface name="portmap_domtrans_helper" lineno="13">
<summary>
Execute portmap_helper in the helper domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="portmap_run_helper" lineno="40">
<summary>
Execute portmap helper in the helper domain, and
allow the specified role the helper domain.
Communicate with portmap.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the portmap domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portmap_udp_send" lineno="59">
<summary>
Send UDP network traffic to portmap. (Deprecated)
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="portmap_udp_chat" lineno="73">
<summary>
Send and receive UDP network traffic from portmap. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="portmap_tcp_connect" lineno="87">
<summary>
Connect to portmap over a TCP socket (Deprecated)
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="portreserve" filename="policy/modules/services/portreserve.if">
<summary>Reserve well-known ports in the RPC port range.</summary>
<interface name="portreserve_domtrans" lineno="13">
<summary>
Execute a domain transition to run portreserve.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="portreserve_initrc_domtrans" lineno="31">
<summary>
Execute portreserve in the portreserve domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="portreserve_read_config" lineno="52">
<summary>
Allow the specified domain to read
portreserve etcuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="portreserve_manage_config" lineno="75">
<summary>
Allow the specified domain to manage
portreserve etcuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="portreserve_admin" lineno="102">
<summary>
All of the rules required to administrate
an portreserve environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
</interface>
</module>
<module name="portslave" filename="policy/modules/services/portslave.if">
<summary>Portslave terminal server software</summary>
<interface name="portslave_domtrans" lineno="13">
<summary>
Execute portslave with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
</module>
<module name="postfix" filename="policy/modules/services/postfix.if">
<summary>Postfix email server</summary>
<interface name="postfix_stub" lineno="13">
<summary>
Postfix stub interface. No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="postfix_domain_template" lineno="30">
<summary>
Creates types and rules for a basic
postfix process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<template name="postfix_server_domain_template" lineno="120">
<summary>
Creates a postfix server process domain.
</summary>
<param name="prefix">
<summary>
Prefix of the domain.
</summary>
</param>
</template>
<template name="postfix_user_domain_template" lineno="166">
<summary>
Creates a process domain for programs
that are ran by users.
</summary>
<param name="prefix">
<summary>
Prefix of the domain.
</summary>
</param>
</template>
<interface name="postfix_read_config" lineno="195">
<summary>
Read postfix configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_config_filetrans" lineno="226">
<summary>
Create files with the specified type in
the postfix configuration directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="postfix_dontaudit_rw_local_tcp_sockets" lineno="247">
<summary>
Do not audit attempts to read and
write postfix local delivery
TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="postfix_rw_local_pipes" lineno="266">
<summary>
Allow read/write postfix local pipes
TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_rw_public_pipes" lineno="285">
<summary>
Allow read/write postfix public pipes
TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_read_local_state" lineno="303">
<summary>
Allow domain to read postfix local process state
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_read_master_state" lineno="322">
<summary>
Allow domain to read postfix master process state
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_use_fds_master" lineno="342">
<summary>
Use postfix master process file
file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_dontaudit_use_fds" lineno="362">
<summary>
Do not audit attempts to use
postfix master process file
file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_map" lineno="380">
<summary>
Execute postfix_map in the postfix_map domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_run_map" lineno="405">
<summary>
Execute postfix_map in the postfix_map domain, and
allow the specified role the postfix_map domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_domtrans_master" lineno="425">
<summary>
Execute the master postfix program in the
postfix_master domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_initrc_domtrans" lineno="444">
<summary>
Execute the master postfix in the postfix master domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_exec_master" lineno="463">
<summary>
Execute the master postfix program in the
caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_stream_connect_master" lineno="481">
<summary>
Connect to postfix master process using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_rw_master_pipes" lineno="499">
<summary>
Allow read/write postfix master pipes
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_postdrop" lineno="518">
<summary>
Execute the master postdrop in the
postfix_postdrop domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_postqueue" lineno="537">
<summary>
Execute the master postqueue in the
postfix_postqueue domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_exec_postqueue" lineno="555">
<summary>
Execute the master postqueue in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_create_private_sockets" lineno="573">
<summary>
Create a named socket in a postfix private directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_manage_private_sockets" lineno="592">
<summary>
manage named socket in a postfix private directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_smtp" lineno="612">
<summary>
Execute the master postfix program in the
postfix_master domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postfix_getattr_spool_files" lineno="630">
<summary>
Getattr postfix mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_search_spool" lineno="649">
<summary>
Search postfix mail spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_list_spool" lineno="668">
<summary>
List postfix mail spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_read_spool_files" lineno="687">
<summary>
Read postfix mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_manage_spool_files" lineno="706">
<summary>
Create, read, write, and delete postfix mail spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_rw_spool_maildrop_files" lineno="725">
<summary>
Read, write, and delete postfix maildrop spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_manage_spool_maildrop_files" lineno="744">
<summary>
Create, read, write, and delete postfix maildrop spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_domtrans_user_mail_handler" lineno="765">
<summary>
Execute postfix user mail programs
in their respective domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postfix_admin" lineno="790">
<summary>
All of the rules required to administrate
an postfix environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postfix_run_postdrop" lineno="866">
<summary>
Execute the master postdrop in the
postfix_postdrop domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the iptables domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_postfix_local_write_mail_spool" dftval="true">
<desc>
<p>
Allow postfix_local domain full write access to mail_spool directories
</p>
</desc>
</tunable>
</module>
<module name="postfixpolicyd" filename="policy/modules/services/postfixpolicyd.if">
<summary>Postfix policy server</summary>
<interface name="postfixpolicyd_admin" lineno="20">
<summary>
All of the rules required to administrate
an postfixpolicyd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the postfixpolicyd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="postgresql" filename="policy/modules/services/postgresql.if">
<summary>PostgreSQL relational database</summary>
<interface name="postgresql_role" lineno="18">
<summary>
Role access for SE-PostgreSQL.
</summary>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
<param name="user_domain">
<summary>
The type of the user domain.
</summary>
</param>
</interface>
<interface name="postgresql_loadable_module" lineno="104">
<summary>
Marks as a SE-PostgreSQL loadable shared library module
</summary>
<param name="type">
<summary>
Type marked as a database object type.
</summary>
</param>
</interface>
<interface name="postgresql_database_object" lineno="122">
<summary>
Marks as a SE-PostgreSQL database object type
</summary>
<param name="type">
<summary>
Type marked as a database object type.
</summary>
</param>
</interface>
<interface name="postgresql_schema_object" lineno="140">
<summary>
Marks as a SE-PostgreSQL schema object type
</summary>
<param name="type">
<summary>
Type marked as a schema object type.
</summary>
</param>
</interface>
<interface name="postgresql_table_object" lineno="158">
<summary>
Marks as a SE-PostgreSQL table/column/tuple object type
</summary>
<param name="type">
<summary>
Type marked as a table/column/tuple object type.
</summary>
</param>
</interface>
<interface name="postgresql_system_table_object" lineno="176">
<summary>
Marks as a SE-PostgreSQL system table/column/tuple object type
</summary>
<param name="type">
<summary>
Type marked as a table/column/tuple object type.
</summary>
</param>
</interface>
<interface name="postgresql_sequence_object" lineno="195">
<summary>
Marks as a SE-PostgreSQL sequence type
</summary>
<param name="type">
<summary>
Type marked as a sequence type.
</summary>
</param>
</interface>
<interface name="postgresql_view_object" lineno="213">
<summary>
Marks as a SE-PostgreSQL view object type
</summary>
<param name="type">
<summary>
Type marked as a view object type.
</summary>
</param>
</interface>
<interface name="postgresql_procedure_object" lineno="231">
<summary>
Marks as a SE-PostgreSQL procedure object type
</summary>
<param name="type">
<summary>
Type marked as a database object type.
</summary>
</param>
</interface>
<interface name="postgresql_language_object" lineno="249">
<summary>
Marks as a SE-PostgreSQL procedural language object type
</summary>
<param name="type">
<summary>
Type marked as a procedural language object type.
</summary>
</param>
</interface>
<interface name="postgresql_blob_object" lineno="267">
<summary>
Marks as a SE-PostgreSQL binary large object type
</summary>
<param name="type">
<summary>
Type marked as a database binary large object type.
</summary>
</param>
</interface>
<interface name="postgresql_search_db" lineno="285">
<summary>
Allow the specified domain to search postgresql's database directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_manage_db" lineno="303">
<summary>
Allow the specified domain to manage postgresql's database.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_domtrans" lineno="323">
<summary>
Execute postgresql in the postgresql domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="postgresql_exec" lineno="341">
<summary>
Execute Postgresql in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_signal" lineno="359">
<summary>
Allow domain to signal postgresql
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_read_config" lineno="377">
<summary>
Allow the specified domain to read postgresql's etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="postgresql_tcp_connect" lineno="398">
<summary>
Allow the specified domain to connect to postgresql with a tcp socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_stream_connect" lineno="419">
<summary>
Allow the specified domain to connect to postgresql with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_unpriv_client" lineno="440">
<summary>
Allow the specified domain unprivileged accesses to unifined database objects
managed by SE-PostgreSQL,
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_unconfined" lineno="527">
<summary>
Allow the specified domain unconfined accesses to any database objects
managed by SE-PostgreSQL,
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="postgresql_admin" lineno="551">
<summary>
All of the rules required to administrate an postgresql environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the postgresql domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="postgresql_can_rsync" dftval="false">
<desc>
<p>
Allow postgresql to use ssh and rsync for point-in-time recovery
</p>
</desc>
</tunable>
<tunable name="sepgsql_enable_users_ddl" dftval="true">
<desc>
<p>
Allow unprivileged users to execute DDL statement
</p>
</desc>
</tunable>
<tunable name="sepgsql_unconfined_dbadm" dftval="true">
<desc>
<p>
Allow database admins to execute DML statement
</p>
</desc>
</tunable>
</module>
<module name="postgrey" filename="policy/modules/services/postgrey.if">
<summary>Postfix grey-listing server</summary>
<interface name="postgrey_stream_connect" lineno="13">
<summary>
Write to postgrey socket
</summary>
<param name="domain">
<summary>
Domain allowed to talk to postgrey
</summary>
</param>
</interface>
<interface name="postgrey_search_spool" lineno="33">
<summary>
Search the spool directory
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="postgrey_admin" lineno="58">
<summary>
All of the rules required to administrate
an postgrey environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the postgrey domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ppp" filename="policy/modules/services/ppp.if">
<summary>Point to Point Protocol daemon creates links in ppp networks</summary>
<interface name="ppp_use_fds" lineno="13">
<summary>
Use PPP file discriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_dontaudit_use_fds" lineno="32">
<summary>
Do not audit attempts to inherit
and use PPP file discriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ppp_sigchld" lineno="50">
<summary>
Send a SIGCHLD signal to PPP.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_kill" lineno="70">
<summary>
Send ppp a kill signal
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_signal" lineno="88">
<summary>
Send a generic signal to PPP.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_signull" lineno="106">
<summary>
Send a generic signull to PPP.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_domtrans" lineno="124">
<summary>
Execute domain in the ppp domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_run_cond" lineno="149">
<summary>
Conditionally execute ppp daemon on behalf of a user or staff type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the ppp domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ppp_run" lineno="177">
<summary>
Unconditionally execute ppp daemon on behalf of a user or staff type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the ppp domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ppp_exec" lineno="201">
<summary>
Execute domain in the ppp caller.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_config" lineno="220">
<summary>
Read ppp configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_rw_config" lineno="239">
<summary>
Read PPP-writable configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_secrets" lineno="259">
<summary>
Read PPP secrets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_read_pid_files" lineno="279">
<summary>
Read PPP pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_manage_pid_files" lineno="297">
<summary>
Create, read, write, and delete PPP pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_pid_filetrans" lineno="315">
<summary>
Create, read, write, and delete PPP pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ppp_initrc_domtrans" lineno="333">
<summary>
Execute ppp server in the ntpd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ppp_admin" lineno="358">
<summary>
All of the rules required to administrate
an ppp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="pppd_can_insmod" dftval="false">
<desc>
<p>
Allow pppd to load kernel modules for certain modems
</p>
</desc>
</tunable>
<tunable name="pppd_for_user" dftval="false">
<desc>
<p>
Allow pppd to be run for a regular user
</p>
</desc>
</tunable>
</module>
<module name="prelude" filename="policy/modules/services/prelude.if">
<summary>Prelude hybrid intrusion detection system</summary>
<interface name="prelude_domtrans" lineno="13">
<summary>
Execute a domain transition to run prelude.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="prelude_domtrans_audisp" lineno="31">
<summary>
Execute a domain transition to run prelude_audisp.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="prelude_signal_audisp" lineno="49">
<summary>
Signal the prelude_audisp domain.
</summary>
<param name="domain">
<summary>
Domain allowed acccess.
</summary>
</param>
</interface>
<interface name="prelude_read_spool" lineno="67">
<summary>
Read the prelude spool files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="prelude_manage_spool" lineno="86">
<summary>
Manage to prelude-manager spool files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="prelude_admin" lineno="113">
<summary>
All of the rules required to administrate
an prelude environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="privoxy" filename="policy/modules/services/privoxy.if">
<summary>Privacy enhancing web proxy.</summary>
<interface name="privoxy_admin" lineno="20">
<summary>
All of the rules required to administrate
an privoxy environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="privoxy_connect_any" dftval="false">
<desc>
<p>
Allow privoxy to connect to all ports, not just
HTTP, FTP, and Gopher ports.
</p>
</desc>
</tunable>
</module>
<module name="procmail" filename="policy/modules/services/procmail.if">
<summary>Procmail mail delivery agent</summary>
<interface name="procmail_domtrans" lineno="13">
<summary>
Execute procmail with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_exec" lineno="33">
<summary>
Execute procmail in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_read_tmp_files" lineno="53">
<summary>
Read procmail tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_rw_tmp_files" lineno="72">
<summary>
Read/write procmail tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="procmail_read_home_files" lineno="91">
<summary>
Read procmail home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="psad" filename="policy/modules/services/psad.if">
<summary>Intrusion Detection and Log Analysis with iptables</summary>
<interface name="psad_domtrans" lineno="13">
<summary>
Execute a domain transition to run psad.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="psad_signal" lineno="31">
<summary>
Send a generic signal to psad
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_signull" lineno="49">
<summary>
Send a null signal to psad.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_read_config" lineno="67">
<summary>
Read psad etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_manage_config" lineno="86">
<summary>
Manage psad etc configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_read_pid_files" lineno="107">
<summary>
Read psad PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_rw_pid_files" lineno="126">
<summary>
Read psad PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_read_log" lineno="146">
<summary>
Allow the specified domain to read psad's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="psad_append_log" lineno="167">
<summary>
Allow the specified domain to append to psad's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="psad_write_log" lineno="188">
<summary>
Allow the specified domain to write to psad's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="psad_rw_fifo_file" lineno="207">
<summary>
Read and write psad fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_rw_tmp_files" lineno="227">
<summary>
Read and write psad tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="psad_admin" lineno="253">
<summary>
All of the rules required to administrate
an psad environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the syslog domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="publicfile" filename="policy/modules/services/publicfile.if">
<summary>publicfile supplies files to the public through HTTP and FTP</summary>
</module>
<module name="puppet" filename="policy/modules/services/puppet.if">
<summary>Puppet client daemon</summary>
<desc>
<p>
Puppet is a configuration management system written in Ruby.
The client daemon is responsible for periodically requesting the
desired system state from the server and ensuring the state of
the client system matches.
</p>
</desc>
<interface name="puppet_domtrans_master" lineno="22">
<summary>
Execute puppet_master in the puppet_master
domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="puppet_rw_tmp" lineno="44">
<summary>
Read / Write to Puppet temp files. Puppet uses
some system binaries (groupadd, etc) that run in
a non-puppet domain and redirects output into temp
files.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="puppet_read_config" lineno="63">
<summary>
Allow the specified domain to read puppet's config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_read_log" lineno="83">
<summary>
Allow the specified domain to read puppet's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_create_log" lineno="102">
<summary>
Allow the specified domain to create puppet's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_append_log" lineno="121">
<summary>
Allow the specified domain to append puppet's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_read_lib" lineno="140">
<summary>
Read Puppet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_manage_lib" lineno="159">
<summary>
Manage Puppet lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_search_log" lineno="178">
<summary>
Allow the specified domain to search puppet's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="puppet_search_pid" lineno="197">
<summary>
Allow the specified domain to search puppet's pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="puppet_manage_all_files" dftval="false">
<desc>
<p>
Allow Puppet client to manage all file
types.
</p>
</desc>
</tunable>
<tunable name="puppetmaster_use_db" dftval="false">
<desc>
<p>
Allow Puppet master to use connect to mysql and postgresql database
</p>
</desc>
</tunable>
</module>
<module name="pxe" filename="policy/modules/services/pxe.if">
<summary>Server for the PXE network boot protocol</summary>
</module>
<module name="pyicqt" filename="policy/modules/services/pyicqt.if">
<summary>PyICQt is an ICQ transport for XMPP server.</summary>
</module>
<module name="pyzor" filename="policy/modules/services/pyzor.if">
<summary>Pyzor is a distributed, collaborative spam detection and filtering network.</summary>
<interface name="pyzor_role" lineno="18">
<summary>
Role access for pyzor
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="pyzor_signal" lineno="44">
<summary>
Send generic signals to pyzor
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pyzor_domtrans" lineno="62">
<summary>
Execute pyzor with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pyzor_exec" lineno="82">
<summary>
Execute pyzor in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pyzor_admin" lineno="109">
<summary>
All of the rules required to administrate
an pyzor environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the pyzor domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="qmail" filename="policy/modules/services/qmail.if">
<summary>Qmail Mail Server</summary>
<template name="qmail_child_domain_template" lineno="18">
<summary>
Template for qmail parent/sub-domain pairs
</summary>
<param name="child_prefix">
<summary>
The prefix of the child domain
</summary>
</param>
<param name="parent_domain">
<summary>
The name of the parent domain.
</summary>
</param>
</template>
<interface name="qmail_domtrans_inject" lineno="60">
<summary>
Transition to qmail_inject_t
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="qmail_domtrans_queue" lineno="86">
<summary>
Transition to qmail_queue_t
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="qmail_read_config" lineno="113">
<summary>
Read qmail configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="qmail_smtpd_service_domain" lineno="145">
<summary>
Define the specified domain as a qmail-smtp service.
Needed by antivirus/antispam filters.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="qmail_manage_spool_dirs" lineno="164">
<summary>
Create, read, write, and delete qmail
spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qmail_manage_spool_files" lineno="183">
<summary>
Create, read, write, and delete qmail
spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qmail_rw_spool_pipes" lineno="201">
<summary>
Read and write to qmail spool pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="qpidd" filename="policy/modules/services/qpidd.if">
<summary>policy for qpidd</summary>
<interface name="qpidd_domtrans" lineno="13">
<summary>
Execute a domain transition to run qpidd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="qpidd_initrc_domtrans" lineno="32">
<summary>
Execute qpidd server in the qpidd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="qpidd_read_pid_files" lineno="50">
<summary>
Read qpidd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_manage_var_run" lineno="69">
<summary>
Manage qpidd var_run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_search_lib" lineno="90">
<summary>
Search qpidd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_read_lib_files" lineno="109">
<summary>
Read qpidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_manage_lib_files" lineno="129">
<summary>
Create, read, write, and delete
qpidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_manage_var_lib" lineno="148">
<summary>
Manage qpidd var_lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_admin" lineno="176">
<summary>
All of the rules required to administrate
an qpidd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="qpidd_rw_semaphores" lineno="206">
<summary>
Allow read and write access to qpidd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="qpidd_rw_shm" lineno="224">
<summary>
Read and write to qpidd shared memory.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="quantum" filename="policy/modules/services/quantum.if">
<summary>Quantum is a virtual network service for Openstack</summary>
<interface name="neutron_domtrans" lineno="13">
<summary>
Transition to neutron.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="neutron_read_log" lineno="33">
<summary>
Read neutron's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="neutron_append_log" lineno="52">
<summary>
Append to neutron log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_manage_log" lineno="71">
<summary>
Manage neutron log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_search_lib" lineno="92">
<summary>
Search neutron lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_read_lib_files" lineno="111">
<summary>
Read neutron lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_manage_lib_files" lineno="130">
<summary>
Manage neutron lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_manage_lib_dirs" lineno="149">
<summary>
Manage neutron lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_rw_fifo_file" lineno="168">
<summary>
Read and write neutron fifo files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_sigchld" lineno="186">
<summary>
Allow domain to send sigchld to neutron process.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_stream_connect" lineno="205">
<summary>
Connect to neutron over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="neutron_admin" lineno="226">
<summary>
All of the rules required to administrate
an neutron environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="radius" filename="policy/modules/services/radius.if">
<summary>RADIUS authentication and accounting server.</summary>
<interface name="radius_use" lineno="13">
<summary>
Use radius over a UDP connection. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="radius_admin" lineno="34">
<summary>
All of the rules required to administrate
an radius environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="radvd" filename="policy/modules/services/radvd.if">
<summary>IPv6 router advertisement daemon</summary>
<interface name="radvd_read_pid_files" lineno="13">
<summary>
Read radvd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="radvd_admin" lineno="39">
<summary>
All of the rules required to administrate
an radvd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="razor" filename="policy/modules/services/razor.if">
<summary>A distributed, collaborative, spam detection and filtering network.</summary>
<desc>
<p>
A distributed, collaborative, spam detection and filtering network.
</p>
<p>
This policy will work with either the ATrpms provided config
file in /etc/razor, or with the default of dumping everything into
$HOME/.razor.
</p>
</desc>
<template name="razor_common_domain_template" lineno="25">
<summary>
Template to create types and rules common to
all razor domains.
</summary>
<param name="prefix">
<summary>
The prefix of the domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<interface name="razor_role" lineno="121">
<summary>
Role access for razor
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="razor_domtrans" lineno="153">
<summary>
Execute razor in the system razor domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="razor_manage_user_home_files" lineno="172">
<summary>
Create, read, write, and delete razor files
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<interface name="razor_read_lib_files" lineno="192">
<summary>
read razor lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rdisc" filename="policy/modules/services/rdisc.if">
<summary>Network router discovery daemon</summary>
<interface name="rdisc_exec" lineno="13">
<summary>
Execute rdisc in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="remotelogin" filename="policy/modules/services/remotelogin.if">
<summary>Policy for rshd, rlogind, and telnetd.</summary>
<interface name="remotelogin_domtrans" lineno="13">
<summary>
Domain transition to the remote login domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="remotelogin_signal" lineno="31">
<summary>
allow Domain to signal remote login domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="resmgr" filename="policy/modules/services/resmgr.if">
<summary>Resource management daemon</summary>
<interface name="resmgr_stream_connect" lineno="14">
<summary>
Connect to resmgrd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rgmanager" filename="policy/modules/services/rgmanager.if">
<summary>SELinux policy for rgmanager</summary>
<interface name="rgmanager_domtrans" lineno="13">
<summary>
Execute a domain transition to run rgmanager.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rgmanager_rw_semaphores" lineno="33">
<summary>
Allow read and write access to rgmanager semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_stream_connect" lineno="51">
<summary>
Connect to rgmanager over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_manage_tmpfs_files" lineno="70">
<summary>
Allow manage rgmanager tmpfs files.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rgmanager_manage_tmp_files" lineno="90">
<summary>
Allow manage rgmanager tmp files.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rgmanager_manage_pid_files" lineno="110">
<summary>
Allow manage rgmanager pid files.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rgmanager_admin" lineno="136">
<summary>
All of the rules required to administrate
an rgmanager environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the rgmanager domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rgmanager_manage_files" lineno="172">
<summary>
Allow the specified domain to manage rgmanager's lib/run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rgmanager_search_lib" lineno="195">
<summary>
Allow the specified domain to search rgmanager's lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="rgmanager_can_network_connect" dftval="false">
<desc>
<p>
Allow rgmanager domain to connect to the network using TCP.
</p>
</desc>
</tunable>
</module>
<module name="rhcs" filename="policy/modules/services/rhcs.if">
<summary>RHCS - Red Hat Cluster Suite</summary>
<template name="rhcs_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
rhcs init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="rhcs_domtrans_dlm_controld" lineno="74">
<summary>
Execute a domain transition to run dlm_controld.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_dlm_controld" lineno="94">
<summary>
Connect to dlm_controld over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_dlm_controld_semaphores" lineno="113">
<summary>
Allow read and write access to dlm_controld semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_fenced" lineno="134">
<summary>
Execute a domain transition to run fenced.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_getattr_fenced" lineno="153">
<summary>
Allow a domain to getattr on fenced executable.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_rw_fenced_semaphores" lineno="171">
<summary>
Allow read and write access to fenced semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_fenced" lineno="192">
<summary>
Connect to fenced over an unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_gfs_controld" lineno="212">
<summary>
Execute a domain transition to run gfs_controld.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_gfs_controld_semaphores" lineno="231">
<summary>
Allow read and write access to gfs_controld semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_gfs_controld_shm" lineno="252">
<summary>
Read and write to gfs_controld_t shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_gfs_controld" lineno="273">
<summary>
Connect to gfs_controld_t over an unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_groupd" lineno="292">
<summary>
Execute a domain transition to run groupd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_groupd" lineno="312">
<summary>
Connect to groupd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_groupd_semaphores" lineno="331">
<summary>
Allow read and write access to groupd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_groupd_shm" lineno="352">
<summary>
Read and write to group shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_cluster_shm" lineno="373">
<summary>
Read and write to cluster domains shared memory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_cluster_semaphores" lineno="398">
<summary>
Read and write access to cluster domains semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_cluster" lineno="417">
<summary>
Connect to cluster domains over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_stream_connect_cluster_to" lineno="443">
<summary>
Connect to cluster domains over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_qdiskd" lineno="463">
<summary>
Execute a domain transition to run qdiskd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_read_qdiskd_tmpfs_files" lineno="482">
<summary>
Allow domain to read qdiskd tmpfs files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_domtrans_cluster" lineno="500">
<summary>
Execute a domain transition to run cluster administrative domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_initrc_domtrans_cluster" lineno="520">
<summary>
Execute cluster init scripts in
the init script domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhcs_exec_cluster" lineno="538">
<summary>
Execute cluster in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_read_log_cluster" lineno="557">
<summary>
Read cluster log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_setattr_log_cluster" lineno="577">
<summary>
Setattr cluster log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_inherited_cluster_tmp_files" lineno="595">
<summary>
Allow the specified domain to read/write inherited cluster's tmpf files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_manage_cluster_tmp_files" lineno="613">
<summary>
Allow manage cluster tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_rw_cluster_tmpfs" lineno="632">
<summary>
Allow the specified domain to read/write cluster's tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_manage_cluster_tmpfs_files" lineno="650">
<summary>
Allow manage cluster tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_manage_cluster_pid_files" lineno="669">
<summary>
Allow manage cluster pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_read_cluster_pid_files" lineno="688">
<summary>
Allow read cluster pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_read_cluster_lib_files" lineno="707">
<summary>
Allow domain to read cluster lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_manage_cluster_lib_files" lineno="726">
<summary>
Allow domain to manage cluster lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhcs_relabel_cluster_lib_files" lineno="745">
<summary>
Allow domain to relabel cluster lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="fenced_can_network_connect" dftval="false">
<desc>
<p>
Allow fenced domain to connect to the network using TCP.
</p>
</desc>
</tunable>
<tunable name="fenced_can_ssh" dftval="false">
<desc>
<p>
Allow fenced domain to execute ssh.
</p>
</desc>
</tunable>
<tunable name="cluster_can_network_connect" dftval="false">
<desc>
<p>
Allow cluster administrative domains to connect to the network using TCP.
</p>
</desc>
</tunable>
<tunable name="cluster_manage_all_files" dftval="true">
<desc>
<p>
Allow cluster administrative domains to manage all files on a system.
</p>
</desc>
</tunable>
<tunable name="cluster_use_execmem" dftval="false">
<desc>
<p>
Allow cluster administrative cluster domains memcheck-amd64- to use executable memory
</p>
</desc>
</tunable>
</module>
<module name="rhev" filename="policy/modules/services/rhev.if">
<summary>rhev polic module contains policies for rhev apps</summary>
<interface name="rhev_domtrans_agentd" lineno="13">
<summary>
Execute rhev-agentd in the rhev_agentd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhev_read_pid_files_agentd" lineno="31">
<summary>
Read rhev-agentd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhev_stream_connect_agentd" lineno="51">
<summary>
Connect to rhev_agentd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhev_sigchld_agentd" lineno="70">
<summary>
Send sigchld to rhev-agentd
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
</module>
<module name="rhgb" filename="policy/modules/services/rhgb.if">
<summary> Red Hat Graphical Boot </summary>
<interface name="rhgb_stub" lineno="13">
<summary>
RHGB stub interface. No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
N/A
</summary>
</param>
</interface>
<interface name="rhgb_use_fds" lineno="29">
<summary>
Use a rhgb file descriptor.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rhgb_getpgid" lineno="47">
<summary>
Get the process group of rhgb.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhgb_signal" lineno="65">
<summary>
Send a signal to rhgb.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhgb_rw_stream_sockets" lineno="83">
<summary>
Read and write to unix stream sockets.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rhgb_dontaudit_rw_stream_sockets" lineno="102">
<summary>
Do not audit attempts to read and write
rhgb unix domain stream sockets.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rhgb_stream_connect" lineno="120">
<summary>
Connected to rhgb unix stream socket.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rhgb_rw_shm" lineno="138">
<summary>
Read and write to rhgb shared memory.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rhgb_use_ptys" lineno="156">
<summary>
Read from and write to the rhgb devpts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhgb_dontaudit_use_ptys" lineno="174">
<summary>
dontaudit Read from and write to the rhgb devpts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhgb_rw_tmpfs_files" lineno="192">
<summary>
Read and write to rhgb temporary file system.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="rhnsd" filename="policy/modules/services/rhnsd.if">
<summary>policy for rhnsd</summary>
<interface name="rhnsd_domtrans" lineno="13">
<summary>
Transition to rhnsd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhnsd_initrc_domtrans" lineno="32">
<summary>
Execute rhnsd server in the rhnsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhnsd_manage_config" lineno="51">
<summary>
Allow the specified domain to manage
rhnsd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhnsd_admin" lineno="77">
<summary>
All of the rules required to administrate
an rhnsd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rhsmcertd" filename="policy/modules/services/rhsmcertd.if">
<summary>Subscription Management Certificate Daemon policy</summary>
<interface name="rhsmcertd_domtrans" lineno="13">
<summary>
Transition to rhsmcertd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rhsmcertd_initrc_domtrans" lineno="33">
<summary>
Execute rhsmcertd server in the rhsmcertd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_read_log" lineno="53">
<summary>
Read rhsmcertd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rhsmcertd_append_log" lineno="72">
<summary>
Append to rhsmcertd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_manage_log" lineno="91">
<summary>
Manage rhsmcertd log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_search_lib" lineno="112">
<summary>
Search rhsmcertd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_read_lib_files" lineno="131">
<summary>
Read rhsmcertd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_manage_lib_files" lineno="150">
<summary>
Manage rhsmcertd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_manage_lib_dirs" lineno="169">
<summary>
Manage rhsmcertd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_read_pid_files" lineno="189">
<summary>
Read rhsmcertd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_stream_connect" lineno="209">
<summary>
Connect to rhsmcertd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_dbus_chat" lineno="229">
<summary>
Send and receive messages from
rhsmcertd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_dontaudit_dbus_chat" lineno="250">
<summary>
Dontaudit Send and receive messages from
rhsmcertd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rhsmcertd_admin" lineno="277">
<summary>
All of the rules required to administrate
an rhsmcertd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ricci" filename="policy/modules/services/ricci.if">
<summary>Ricci cluster management agent</summary>
<interface name="ricci_domtrans" lineno="13">
<summary>
Execute a domain transition to run ricci.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_initrc_domtrans" lineno="31">
<summary>
Execute ricci server in the ricci domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modcluster" lineno="49">
<summary>
Execute a domain transition to run ricci_modcluster.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_dontaudit_use_modcluster_fds" lineno="68">
<summary>
Do not audit attempts to use
ricci_modcluster file descriptors.
</summary>
<param name="domain">
<summary>
The type of process not to audit.
</summary>
</param>
</interface>
<interface name="ricci_dontaudit_rw_modcluster_pipes" lineno="87">
<summary>
Do not audit attempts to read write
ricci_modcluster unamed pipes.
</summary>
<param name="domain">
<summary>
The type of process not to audit.
</summary>
</param>
</interface>
<interface name="ricci_stream_connect_modclusterd" lineno="105">
<summary>
Connect to ricci_modclusterd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ricci_rw_modclusterd_tmpfs_files" lineno="124">
<summary>
Read and write to ricci_modclusterd temporary file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modlog" lineno="143">
<summary>
Execute a domain transition to run ricci_modlog.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modrpm" lineno="161">
<summary>
Execute a domain transition to run ricci_modrpm.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modservice" lineno="179">
<summary>
Execute a domain transition to run ricci_modservice.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_domtrans_modstorage" lineno="197">
<summary>
Execute a domain transition to run ricci_modstorage.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ricci_read_lib_files" lineno="215">
<summary>
Allow the specified domain to read ricci's lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ricci_manage_lib_files" lineno="235">
<summary>
Allow the specified domain to manage ricci's lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ricci_admin" lineno="262">
<summary>
All of the rules required to administrate
an ricci environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rlogin" filename="policy/modules/services/rlogin.if">
<summary>Remote login daemon</summary>
<interface name="rlogin_domtrans" lineno="13">
<summary>
Execute rlogind in the rlogin domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rlogin_read_home_content" lineno="32">
<summary>
read rlogin homedir content (.config)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="roundup" filename="policy/modules/services/roundup.if">
<summary>Roundup Issue Tracking System policy</summary>
<interface name="roundup_admin" lineno="20">
<summary>
All of the rules required to administrate
an roundup environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the roundup domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rpc" filename="policy/modules/services/rpc.if">
<summary>Remote Procedure Call Daemon for managment of network based process communication</summary>
<interface name="rpc_stub" lineno="13">
<summary>
RPC stub interface. No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="rpc_domain_template" lineno="35">
<summary>
The template to define a rpc domain.
</summary>
<desc>
<p>
This template creates a domain to be used for
a new rpc daemon.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The type of daemon to be used.
</summary>
</param>
</template>
<interface name="rpc_udp_send" lineno="135">
<summary>
Send UDP network traffic to rpc and recieve UDP traffic from rpc. (Deprecated)
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpc_dontaudit_getattr_exports" lineno="150">
<summary>
Do not audit attempts to get the attributes
of the NFS export file.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpc_read_exports" lineno="168">
<summary>
Allow read access to exports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpc_write_exports" lineno="186">
<summary>
Allow write access to exports.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpc_domtrans_nfsd" lineno="204">
<summary>
Execute domain in nfsd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpc_initrc_domtrans_nfsd" lineno="222">
<summary>
Execute domain in nfsd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_domtrans_rpcd" lineno="240">
<summary>
Execute domain in rpcd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="rpc_kill_rpcd" lineno="259">
<summary>
Send kill signals to rpcd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_run_rpcd" lineno="284">
<summary>
Execute rpcd in the rcpd domain, and
allow the specified role the rpcd domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpc_initrc_domtrans_rpcd" lineno="303">
<summary>
Execute domain in rpcd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_read_nfs_content" lineno="322">
<summary>
Read NFS exported content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpc_manage_nfs_rw_content" lineno="343">
<summary>
Allow domain to create read and write NFS directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpc_manage_nfs_ro_content" lineno="364">
<summary>
Allow domain to create read and write NFS directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rpc_udp_rw_nfs_sockets" lineno="384">
<summary>
Allow domain to read and write to an NFS UDP socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_udp_send_nfs" lineno="402">
<summary>
Send UDP traffic to NFSd. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_search_nfs_state_data" lineno="416">
<summary>
Search NFS state data in /var/lib/nfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_read_nfs_state_data" lineno="435">
<summary>
Read NFS state data in /var/lib/nfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpc_manage_nfs_state_data" lineno="454">
<summary>
Manage NFS state data in /var/lib/nfs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_gssd_read_tmp" dftval="true">
<desc>
<p>
Allow gssd to read temp directory. For access to kerberos tgt.
</p>
</desc>
</tunable>
</module>
<module name="rpcbind" filename="policy/modules/services/rpcbind.if">
<summary>Universal Addresses to RPC Program Number Mapper</summary>
<interface name="rpcbind_domtrans" lineno="13">
<summary>
Execute a domain transition to run rpcbind.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rpcbind_stream_connect" lineno="31">
<summary>
Connect to rpcbindd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_read_pid_files" lineno="50">
<summary>
Read rpcbind PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_search_lib" lineno="69">
<summary>
Search rpcbind lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_read_lib_files" lineno="88">
<summary>
Read rpcbind lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_manage_lib_files" lineno="108">
<summary>
Create, read, write, and delete
rpcbind lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rpcbind_admin" lineno="134">
<summary>
All of the rules required to administrate
an rpcbind environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the rpcbind domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="rshd" filename="policy/modules/services/rshd.if">
<summary>Remote shell service.</summary>
<interface name="rshd_domtrans" lineno="13">
<summary>
Domain transition to rshd.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="rsync" filename="policy/modules/services/rsync.if">
<summary>Fast incremental file transfer for synchronization</summary>
<interface name="rsync_entry_type" lineno="14">
<summary>
Make rsync an entry point for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which init scripts are an entrypoint.
</summary>
</param>
</interface>
<interface name="rsync_entry_spec_domtrans" lineno="47">
<summary>
Execute a rsync in a specified domain.
</summary>
<desc>
<p>
Execute a rsync in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain to transition from.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="rsync_entry_domtrans" lineno="80">
<summary>
Execute a rsync in a specified domain.
</summary>
<desc>
<p>
Execute a rsync in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain to transition from.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="rsync_exec" lineno="99">
<summary>
Execute rsync in the caller domain domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rsync_read_config" lineno="117">
<summary>
Read rsync config files.
</summary>
<param name="domain">
<summary>
Domain allowed.
</summary>
</param>
</interface>
<interface name="rsync_write_config" lineno="136">
<summary>
Write to rsync config files.
</summary>
<param name="domain">
<summary>
Domain allowed.
</summary>
</param>
</interface>
<interface name="rsync_manage_config" lineno="155">
<summary>
Manage rsync config files.
</summary>
<param name="domain">
<summary>
Domain allowed.
</summary>
</param>
</interface>
<interface name="rsync_filetrans_config" lineno="180">
<summary>
Create objects in the amavis spool directories
with a private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
</interface>
<tunable name="rsync_client" dftval="false">
<desc>
<p>
Allow rsync to run as a client
</p>
</desc>
</tunable>
<tunable name="rsync_export_all_ro" dftval="false">
<desc>
<p>
Allow rsync to export any files/directories read only.
</p>
</desc>
</tunable>
<tunable name="allow_rsync_anon_write" dftval="false">
<desc>
<p>
Allow rsync to modify public files
used for public file transfer services. Files/Directories must be
labeled public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="rsync_use_cifs" dftval="false">
<desc>
<p>
Allow rsync servers to share cifs files systems
</p>
</desc>
</tunable>
<tunable name="rsync_use_nfs" dftval="false">
<desc>
<p>
Allow rsync servers to share nfs files systems
</p>
</desc>
</tunable>
</module>
<module name="rtas" filename="policy/modules/services/rtas.if">
<summary>Platform diagnostics report firmware events.</summary>
<interface name="rtas_errd_domtrans" lineno="13">
<summary>
Execute rtas_errd in the rtas_errd domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rtas_errd_read_log" lineno="33">
<summary>
Read rtas_errd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="rtas_errd_append_log" lineno="52">
<summary>
Append to rtas_errd log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rtas_errd_manage_log" lineno="71">
<summary>
Manage rtas_errd log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rtas_errd_read_pid_files" lineno="92">
<summary>
Read rtas_errd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rtas_errd_admin" lineno="112">
<summary>
All of the rules required to administrate
an rtas_errd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rtkit" filename="policy/modules/services/rtkit.if">
<summary>Realtime scheduling for user processes.</summary>
<interface name="rtkit_daemon_domtrans" lineno="13">
<summary>
Execute a domain transition to run rtkit_daemon.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rtkit_daemon_dbus_chat" lineno="32">
<summary>
Send and receive messages from
rtkit_daemon over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rtkit_daemon_dontaudit_dbus_chat" lineno="53">
<summary>
Do not audit send and receive messages from
rtkit_daemon over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rtkit_scheduled" lineno="73">
<summary>
Allow rtkit to control scheduling for your process
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="rwho" filename="policy/modules/services/rwho.if">
<summary>Who is logged in on other machines?</summary>
<interface name="rwho_domtrans" lineno="13">
<summary>
Execute a domain transition to run rwho.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="rwho_search_log" lineno="31">
<summary>
Search rwho log directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_read_log_files" lineno="50">
<summary>
Read rwho log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_search_spool" lineno="70">
<summary>
Search rwho spool directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_read_spool_files" lineno="89">
<summary>
Read rwho spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_manage_spool_files" lineno="109">
<summary>
Create, read, write, and delete
rwho spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="rwho_admin" lineno="135">
<summary>
All of the rules required to administrate
an rwho environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="samba" filename="policy/modules/services/samba.if">
<summary>
SMB and CIFS client/server programs for UNIX and
name Service Switch daemon for resolving names
from Windows NT servers.
</summary>
<interface name="samba_domtrans_nmbd" lineno="17">
<summary>
Execute nmbd net in the nmbd_t domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="samba_initrc_domtrans" lineno="36">
<summary>
Execute samba server in the samba domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="samba_domtrans_net" lineno="54">
<summary>
Execute samba net in the samba_net domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="samba_domtrans_unconfined_net" lineno="73">
<summary>
Execute samba net in the samba_unconfined_net domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="samba_run_net" lineno="99">
<summary>
Execute samba net in the samba_net domain, and
allow the specified role the samba_net domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the samba_net domain.
</summary>
</param>
<rolecap/>
</interface>
<template name="samba_role_notrans" lineno="118">
<summary>
The role for the samba module.
</summary>
<param name="role">
<summary>
The role to be allowed the samba_net domain.
</summary>
</param>
</template>
<interface name="samba_run_unconfined_net" lineno="143">
<summary>
Execute samba net in the samba_unconfined_net domain, and
allow the specified role the samba_unconfined_net domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the samba_unconfined_net domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_domtrans_smbmount" lineno="162">
<summary>
Execute smbmount in the smbmount domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="samba_run_smbmount" lineno="188">
<summary>
Execute smbmount interactively and do
a domain transition to the smbmount domain.
</summary>
<param name="domain">
<summary>
Domain allowed acces.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the smbmount domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_read_config" lineno="209">
<summary>
Allow the specified domain to read
samba configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_rw_config" lineno="230">
<summary>
Allow the specified domain to read
and write samba configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_manage_config" lineno="251">
<summary>
Allow the specified domain to read
and write samba configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_read_log" lineno="272">
<summary>
Allow the specified domain to read samba's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_append_log" lineno="293">
<summary>
Allow the specified domain to append to samba's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_exec_log" lineno="313">
<summary>
Execute samba log in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="samba_read_secrets" lineno="332">
<summary>
Allow the specified domain to read samba's secrets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_read_share_files" lineno="351">
<summary>
Allow the specified domain to read samba's shares
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_search_var" lineno="371">
<summary>
Allow the specified domain to search
samba /var directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_read_var_files" lineno="392">
<summary>
Allow the specified domain to
read samba /var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_dontaudit_write_var_files" lineno="413">
<summary>
Do not audit attempts to write samba
/var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_rw_var_files" lineno="432">
<summary>
Allow the specified domain to
read and write samba /var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_manage_var_files" lineno="453">
<summary>
Allow the specified domain to
read and write samba /var files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_domtrans_smbcontrol" lineno="474">
<summary>
Execute a domain transition to run smbcontrol.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="samba_run_smbcontrol" lineno="499">
<summary>
Execute smbcontrol in the smbcontrol domain, and
allow the specified role the smbcontrol domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the smbcontrol domain.
</summary>
</param>
</interface>
<interface name="samba_domtrans_smbd" lineno="518">
<summary>
Execute smbd in the smbd_t domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="samba_dontaudit_use_fds" lineno="537">
<summary>
Do not audit attempts to use file descriptors from samba.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="samba_write_smbmount_tcp_sockets" lineno="555">
<summary>
Allow the specified domain to write to smbmount tcp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_rw_smbmount_tcp_sockets" lineno="573">
<summary>
Allow the specified domain to read and write to smbmount tcp sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_domtrans_winbind_helper" lineno="591">
<summary>
Execute winbind_helper in the winbind_helper domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="samba_run_winbind_helper" lineno="617">
<summary>
Execute winbind_helper in the winbind_helper domain, and
allow the specified role the winbind_helper domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the winbind_helper domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="samba_read_winbind_pid" lineno="636">
<summary>
Allow the specified domain to read the winbind pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_signal_nmbd" lineno="655">
<summary>
Allow domain to signal samba
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="samba_stream_connect_nmbd" lineno="672">
<summary>
Connect to nmbd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="samba_signal_smbd" lineno="692">
<summary>
Allow domain to signal samba
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="samba_stream_connect_winbind" lineno="709">
<summary>
Connect to winbind.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="samba_helper_template" lineno="741">
<summary>
Create a set of derived types for apache
web content.
</summary>
<param name="prefix">
<summary>
The prefix to be used for deriving type names.
</summary>
</param>
</template>
<interface name="samba_search_pid" lineno="771">
<summary>
Search the samba pid directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="samba_admin" lineno="797">
<summary>
All of the rules required to administrate
an samba environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the samba domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_smbd_anon_write" dftval="false">
<desc>
<p>
Allow samba to modify public files used for public file
transfer services. Files/Directories must be labeled
public_content_rw_t.
</p>
</desc>
</tunable>
<tunable name="samba_create_home_dirs" dftval="false">
<desc>
<p>
Allow samba to create new home directories (e.g. via PAM)
</p>
</desc>
</tunable>
<tunable name="samba_domain_controller" dftval="false">
<desc>
<p>
Allow samba to act as the domain controller, add users,
groups and change passwords.
</p>
</desc>
</tunable>
<tunable name="samba_portmapper" dftval="false">
<desc>
<p>
Allow samba to act as a portmapper
</p>
</desc>
</tunable>
<tunable name="samba_enable_home_dirs" dftval="false">
<desc>
<p>
Allow samba to share users home directories.
</p>
</desc>
</tunable>
<tunable name="samba_export_all_ro" dftval="false">
<desc>
<p>
Allow samba to share any file/directory read only.
</p>
</desc>
</tunable>
<tunable name="samba_export_all_rw" dftval="false">
<desc>
<p>
Allow samba to share any file/directory read/write.
</p>
</desc>
</tunable>
<tunable name="samba_run_unconfined" dftval="false">
<desc>
<p>
Allow samba to run unconfined scripts
</p>
</desc>
</tunable>
<tunable name="samba_share_nfs" dftval="false">
<desc>
<p>
Allow samba to export NFS volumes.
</p>
</desc>
</tunable>
<tunable name="samba_share_fusefs" dftval="false">
<desc>
<p>
Allow samba to export ntfs/fusefs volumes.
</p>
</desc>
</tunable>
</module>
<module name="sanlock" filename="policy/modules/services/sanlock.if">
<summary>policy for sanlock</summary>
<interface name="sanlock_domtrans" lineno="13">
<summary>
Execute a domain transition to run sanlock.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sanlock_initrc_domtrans" lineno="32">
<summary>
Execute sanlock server in the sanlock domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="sanlock_manage_pid_files" lineno="50">
<summary>
Create, read, write, and delete sanlock PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sanlock_stream_connect" lineno="69">
<summary>
Connect to sanlock over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sanlock_admin" lineno="95">
<summary>
All of the rules required to administrate
an sanlock environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="sanlock_use_nfs" dftval="false">
<desc>
<p>
Allow sanlock to manage nfs files
</p>
</desc>
</tunable>
<tunable name="sanlock_use_samba" dftval="false">
<desc>
<p>
Allow sanlock to manage cifs files
</p>
</desc>
</tunable>
<tunable name="sanlock_use_fusefs" dftval="false">
<desc>
<p>
Allow sanlock to read/write fuse files
</p>
</desc>
</tunable>
</module>
<module name="sasl" filename="policy/modules/services/sasl.if">
<summary>SASL authentication server</summary>
<interface name="sasl_connect" lineno="13">
<summary>
Connect to SASL.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sasl_admin" lineno="39">
<summary>
All of the rules required to administrate
an sasl environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_saslauthd_read_shadow" dftval="false">
<desc>
<p>
Allow sasl to read shadow
</p>
</desc>
</tunable>
</module>
<module name="sblim" filename="policy/modules/services/sblim.if">
<summary> Standards Based Linux Instrumentation for Manageability. </summary>
<template name="sblim_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
sblim daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="sblim_domtrans_gatherd" lineno="41">
<summary>
Transition to gatherd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sblim_read_pid_files" lineno="60">
<summary>
Read gatherd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sblim_stream_connect_sfcbd" lineno="79">
<summary>
Connect to sblim_sfcb over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sblim_getattr_exec_sfcbd" lineno="100">
<summary>
Getattr on sblim executable.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sblim_stream_connect_sfcb" lineno="119">
<summary>
Connect to sblim_sfcb over a unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sblim_rw_semaphores_sfcbd" lineno="138">
<summary>
Allow read and write access to sblim semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sblim_admin" lineno="159">
<summary>
All of the rules required to administrate
an gatherd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sendmail" filename="policy/modules/services/sendmail.if">
<summary>Policy for sendmail.</summary>
<interface name="sendmail_stub" lineno="13">
<summary>
Sendmail stub interface. No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_rw_pipes" lineno="30">
<summary>
Allow attempts to read and write to
sendmail unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sendmail_domtrans" lineno="48">
<summary>
Domain transition to sendmail.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_initrc_domtrans" lineno="66">
<summary>
Execute sendmail in the sendmail domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="sendmail_run" lineno="90">
<summary>
Execute the sendmail program in the sendmail domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the sendmail domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_signal" lineno="109">
<summary>
Send generic signals to sendmail.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_rw_tcp_sockets" lineno="127">
<summary>
Read and write sendmail TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_dontaudit_rw_tcp_sockets" lineno="146">
<summary>
Do not audit attempts to read and write
sendmail TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sendmail_rw_unix_stream_sockets" lineno="164">
<summary>
Read and write sendmail unix_stream_sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_dontaudit_rw_unix_stream_sockets" lineno="183">
<summary>
Do not audit attempts to read and write
sendmail unix_stream_sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_read_log" lineno="202">
<summary>
Read sendmail logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_manage_log" lineno="222">
<summary>
Create, read, write, and delete sendmail logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_create_log" lineno="241">
<summary>
Create sendmail logs with the correct type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_manage_tmp_files" lineno="259">
<summary>
Manage sendmail tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_run_unconfined" lineno="286">
<summary>
Execute sendmail in the unconfined sendmail domain, and
allow the specified role the unconfined sendmail domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sendmail_domtrans_unconfined" lineno="305">
<summary>
Execute sendmail in the unconfined sendmail domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sendmail_admin" lineno="331">
<summary>
All of the rules required to administrate
an sendmail environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="sensord" filename="policy/modules/services/sensord.if">
<summary>Sensor information logging daemon</summary>
<interface name="sensord_domtrans" lineno="13">
<summary>
Execute sensord in the sensord domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sensord_admin" lineno="33">
<summary>
All of the rules required to administrate
an sensord environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="setroubleshoot" filename="policy/modules/services/setroubleshoot.if">
<summary>SELinux troubleshooting service</summary>
<interface name="setroubleshoot_stream_connect" lineno="13">
<summary>
Connect to setroubleshootd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dontaudit_stream_connect" lineno="34">
<summary>
Dontaudit attempts to connect to setroubleshootd
over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dbus_chat" lineno="54">
<summary>
Send and receive messages from
setroubleshoot over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dontaudit_dbus_chat" lineno="75">
<summary>
dontaudit send and receive messages from
setroubleshoot over dbus.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="setroubleshoot_dbus_chat_fixit" lineno="96">
<summary>
Send and receive messages from
setroubleshoot over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_fixit_dontaudit_leaks" lineno="116">
<summary>
Dontaudit read/write to a setroubleshoot leaked sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="setroubleshoot_admin" lineno="136">
<summary>
All of the rules required to administrate
an setroubleshoot environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sge" filename="policy/modules/services/sge.if">
<summary>Policy for gridengine MPI jobs</summary>
<tunable name="sge_use_nfs" dftval="false">
<desc>
<p>
Allow sge to access nfs file systems.
</p>
</desc>
</tunable>
<tunable name="sge_domain_can_network_connect" dftval="false">
<desc>
<p>
Allow sge to connect to the network using any TCP port
</p>
</desc>
</tunable>
</module>
<module name="slpd" filename="policy/modules/services/slpd.if">
<summary>OpenSLP server daemon to dynamically register services.</summary>
<interface name="slpd_domtrans" lineno="13">
<summary>
Transition to slpd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="slpd_initrc_domtrans" lineno="32">
<summary>
Execute slpd server in the slpd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="slpd_admin" lineno="57">
<summary>
All of the rules required to administrate
an slpd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="slrnpull" filename="policy/modules/services/slrnpull.if">
<summary>Service for downloading news feeds the slrn newsreader.</summary>
<interface name="slrnpull_search_spool" lineno="13">
<summary>
Allow the domain to search slrnpull spools.
</summary>
<param name="pty_type">
<summary>
domain allowed access
</summary>
</param>
</interface>
<interface name="slrnpull_manage_spool" lineno="33">
<summary>
Allow the domain to create, read,
write, and delete slrnpull spools.
</summary>
<param name="pty_type">
<summary>
domain allowed access
</summary>
</param>
</interface>
</module>
<module name="smartmon" filename="policy/modules/services/smartmon.if">
<summary>Smart disk monitoring daemon policy</summary>
<interface name="smartmon_read_tmp_files" lineno="13">
<summary>
Allow caller to read smartmon temporary files.
</summary>
<param name="domain">
<summary>
The process type reading the temporary files.
</summary>
</param>
</interface>
<interface name="smartmon_admin" lineno="39">
<summary>
All of the rules required to administrate
an smartmon environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="smartmon_3ware" dftval="false">
<desc>
<p>
Enable additional permissions needed to support
devices on 3ware controllers.
</p>
</desc>
</tunable>
</module>
<module name="smokeping" filename="policy/modules/services/smokeping.if">
<summary>Smokeping network latency measurement.</summary>
<interface name="smokeping_domtrans" lineno="13">
<summary>
Execute a domain transition to run smokeping.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="smokeping_initrc_domtrans" lineno="31">
<summary>
Execute smokeping server in the smokeping domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_read_pid_files" lineno="49">
<summary>
Read smokeping PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_manage_pid_files" lineno="68">
<summary>
Manage smokeping PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_getattr_lib_files" lineno="87">
<summary>
Get attributes of smokeping lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_read_lib_files" lineno="106">
<summary>
Read smokeping lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_manage_lib_files" lineno="125">
<summary>
Manage smokeping lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smokeping_admin" lineno="151">
<summary>
All of the rules required to administrate
a smokeping environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="smstools" filename="policy/modules/services/smstools.if">
<summary> Tools to send and receive short messages through GSM modems or mobile phones.</summary>
<interface name="smsd_search_lib" lineno="13">
<summary>
Search smsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_read_lib_files" lineno="32">
<summary>
Read smsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_manage_lib_files" lineno="51">
<summary>
Manage smsd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smsd_manage_lib_dirs" lineno="70">
<summary>
Manage smsd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="smstools_admin" lineno="96">
<summary>
All of the rules required to
administrate an smstools environment.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="snmp" filename="policy/modules/services/snmp.if">
<summary>Simple network management protocol services</summary>
<interface name="snmp_stream_connect" lineno="13">
<summary>
Connect to snmpd using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_tcp_connect" lineno="32">
<summary>
Use snmp over a TCP connection. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_udp_chat" lineno="46">
<summary>
Send and receive UDP traffic to SNMP (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_read_snmp_var_lib_files" lineno="60">
<summary>
Read snmpd libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_read_snmp_var_lib_dirs" lineno="81">
<summary>
Read snmpd libraries directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_manage_var_lib_dirs" lineno="100">
<summary>
Manage snmpd libraries directories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_append_snmp_var_lib_files" lineno="119">
<summary>
Append snmpd libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_manage_var_lib_files" lineno="139">
<summary>
Manage snmpd libraries files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="snmp_dontaudit_read_snmp_var_lib_files" lineno="159">
<summary>
dontaudit Read snmpd libraries.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="snmp_dontaudit_write_snmp_var_lib_files" lineno="178">
<summary>
dontaudit write snmpd libraries files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="snmp_admin" lineno="203">
<summary>
All of the rules required to administrate
an snmp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the snmp domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="snort" filename="policy/modules/services/snort.if">
<summary>Snort network intrusion detection system</summary>
<interface name="snort_domtrans" lineno="13">
<summary>
Execute a domain transition to run snort.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="snort_admin" lineno="38">
<summary>
All of the rules required to administrate
an snort environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the snort domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="soundserver" filename="policy/modules/services/soundserver.if">
<summary>sound server for network audio server programs, nasd, yiff, etc</summary>
<interface name="soundserver_tcp_connect" lineno="13">
<summary>
Connect to the sound server over a TCP socket (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="soundserver_admin" lineno="34">
<summary>
All of the rules required to administrate
an soundd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the soundd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="spamassassin" filename="policy/modules/services/spamassassin.if">
<summary>Filter used for removing unsolicited email.</summary>
<interface name="spamassassin_role" lineno="19">
<summary>
Role access for spamassassin
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
<rolecap/>
</interface>
<interface name="spamassassin_exec" lineno="57">
<summary>
Execute the standalone spamassassin
program in the caller directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_signal_spamd" lineno="76">
<summary>
Singnal the spam assassin daemon
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="spamassassin_exec_spamd" lineno="95">
<summary>
Execute the spamassassin daemon
program in the caller directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_domtrans_client" lineno="113">
<summary>
Execute spamassassin client in the spamassassin client domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_kill_client" lineno="132">
<summary>
Send kill signal to spamassassin client
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_manage_home_client" lineno="150">
<summary>
Manage spamc home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_exec_client" lineno="172">
<summary>
Execute the spamassassin client
program in the caller directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_domtrans_local_client" lineno="190">
<summary>
Execute spamassassin standalone client in the user spamassassin domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_read_lib_files" lineno="208">
<summary>
read spamd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_manage_lib_files" lineno="230">
<summary>
Create, read, write, and delete
spamd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="spamassassin_read_spamd_tmp_files" lineno="249">
<summary>
Read temporary spamd file.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="spamassassin_dontaudit_getattr_spamd_tmp_sockets" lineno="269">
<summary>
Do not audit attempts to get attributes of temporary
spamd sockets/
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="spamd_stream_connect" lineno="287">
<summary>
Connect to run spamd.
</summary>
<param name="domain">
<summary>
Domain allowed to connect.
</summary>
</param>
</interface>
<interface name="spamassassin_read_pid_files" lineno="306">
<summary>
Read spamd pid file.
</summary>
<param name="domain">
<summary>
Domain allowed to connect.
</summary>
</param>
</interface>
<interface name="spamassassin_spamd_admin" lineno="332">
<summary>
All of the rules required to administrate
an spamassassin environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the spamassassin domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="spamassassin_can_network" dftval="false">
<desc>
<p>
Allow user spamassassin clients to use the network.
</p>
</desc>
</tunable>
<tunable name="spamd_enable_home_dirs" dftval="true">
<desc>
<p>
Allow spamd to read/write user home directories.
</p>
</desc>
</tunable>
</module>
<module name="speedtouch" filename="policy/modules/services/speedtouch.if">
<summary>Alcatel speedtouch USB ADSL modem</summary>
</module>
<module name="squid" filename="policy/modules/services/squid.if">
<summary>Squid caching http proxy server</summary>
<interface name="squid_domtrans" lineno="13">
<summary>
Execute squid in the squid domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="squid_exec" lineno="32">
<summary>
Execute squid
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="squid_signal" lineno="50">
<summary>
Send generic signals to squid.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_rw_stream_sockets" lineno="69">
<summary>
Allow read and write squid
unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_dontaudit_search_cache" lineno="87">
<summary>
Do not audit attempts to search squid cache dirs
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="squid_read_config" lineno="106">
<summary>
Read squid configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="squid_read_log" lineno="126">
<summary>
Append squid logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="squid_append_log" lineno="145">
<summary>
Append squid logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_manage_logs" lineno="166">
<summary>
Create, read, write, and delete
squid logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="squid_use" lineno="185">
<summary>
Use squid services by connecting over TCP. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="squid_admin" lineno="206">
<summary>
All of the rules required to administrate
an squid environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the squid domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="squid_connect_any" dftval="false">
<desc>
<p>
Allow squid to connect to all ports, not just
HTTP, FTP, and Gopher ports.
</p>
</desc>
</tunable>
<tunable name="squid_use_tproxy" dftval="false">
<desc>
<p>
Allow squid to run as a transparent proxy (TPROXY)
</p>
</desc>
</tunable>
</module>
<module name="ssh" filename="policy/modules/services/ssh.if">
<summary>Secure shell client and server policy.</summary>
<template name="ssh_basic_client_template" lineno="34">
<summary>
Basic SSH client template.
</summary>
<desc>
<p>
This template creates a derived domains which are used
for ssh client sessions. A derived
type is also created to protect the user ssh keys.
</p>
<p>
This template was added for NX.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="user_domain">
<summary>
The type of the domain.
</summary>
</param>
<param name="user_role">
<summary>
The role associated with the user domain.
</summary>
</param>
</template>
<template name="ssh_server_template" lineno="171">
<summary>
The template to define a ssh server.
</summary>
<desc>
<p>
This template creates a domains to be used for
creating a ssh server. This is typically done
to have multiple ssh servers of different sensitivities,
such as for an internal network-facing ssh server, and
a external network-facing ssh server.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the server domain (e.g., sshd
is the prefix for sshd_t).
</summary>
</param>
</template>
<template name="ssh_role_template" lineno="318">
<summary>
Role access for ssh
</summary>
<param name="role_prefix">
<summary>
The prefix of the role (e.g., user
is the prefix for user_r).
</summary>
</param>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
<rolecap/>
</template>
<interface name="ssh_sigchld" lineno="465">
<summary>
Send a SIGCHLD signal to the ssh server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_signal" lineno="483">
<summary>
Send a generic signal to the ssh server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_read_pipes" lineno="501">
<summary>
Read a ssh server unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_rw_pipes" lineno="518">
<summary>
Read and write a ssh server unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_rw_stream_sockets" lineno="536">
<summary>
Read and write ssh server unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_rw_dgram_sockets" lineno="554">
<summary>
Read and write ssh server unix dgram sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_rw_tcp_sockets" lineno="572">
<summary>
Read and write ssh server TCP sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_dontaudit_rw_tcp_sockets" lineno="591">
<summary>
Do not audit attempts to read and write
ssh server TCP sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ssh_tcp_connect" lineno="609">
<summary>
Connect to SSH daemons over TCP sockets. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_domtrans" lineno="623">
<summary>
Execute the ssh daemon sshd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_initrc_domtrans" lineno="642">
<summary>
Execute sshd server in the sshd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ssh_exec" lineno="660">
<summary>
Execute the ssh client in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_setattr_key_files" lineno="679">
<summary>
Set the attributes of sshd key files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_agent_exec" lineno="698">
<summary>
Execute the ssh agent client in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_read_user_home_files" lineno="717">
<summary>
Read ssh home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_domtrans_keygen" lineno="738">
<summary>
Execute the ssh key generator in the ssh keygen domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_exec_keygen" lineno="756">
<summary>
Execute the ssh key generator in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ssh_run_keygen" lineno="781">
<summary>
Execute ssh-keygen in the iptables domain, and
allow the specified role the ssh-keygen domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ssh_dontaudit_read_server_keys" lineno="800">
<summary>
Read ssh server keys
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_manage_user_home_files" lineno="818">
<summary>
Manage ssh home directory content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_create_user_home_files" lineno="840">
<summary>
Create Secure Shell home directory
content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_delete_tmp" lineno="862">
<summary>
Delete from the ssh temp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_signull" lineno="881">
<summary>
Send a null signal to sshd processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_dyntransition_chroot_user" lineno="898">
<summary>
Allow domain dyntransition to chroot_user_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_getattr_user_home_dir" lineno="917">
<summary>
Getattr ssh home directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_dontaudit_search_user_home_dir" lineno="935">
<summary>
Dontaudit search ssh home directory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ssh_dontaudit_use_ptys" lineno="954">
<summary>
Do not audit attempts to read and
write the sshd pty type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ssh_use_ptys" lineno="972">
<summary>
Read and write inherited sshd pty type.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="ssh_admin_server" lineno="997">
<summary>
All of the rules required to administrate
an sshd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_ssh_keysign" dftval="false">
<desc>
<p>
allow host key based authentication
</p>
</desc>
</tunable>
<tunable name="ssh_sysadm_login" dftval="false">
<desc>
<p>
Allow ssh logins as sysadm_r:sysadm_t
</p>
</desc>
</tunable>
<tunable name="ssh_chroot_rw_homedirs" dftval="false">
<desc>
<p>
Allow ssh with chroot env to read and write files
in the user home directories
</p>
</desc>
</tunable>
<tunable name="ssh_chroot_full_access" dftval="false">
<desc>
<p>
Allow ssh with chroot env to manage all files
</p>
</desc>
</tunable>
<tunable name="ssh_chroot_manage_apache_content" dftval="false">
<desc>
<p>
Allow ssh with chroot env to apache content
</p>
</desc>
</tunable>
</module>
<module name="sssd" filename="policy/modules/services/sssd.if">
<summary>System Security Services Daemon</summary>
<interface name="sssd_domtrans" lineno="13">
<summary>
Execute a domain transition to run sssd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sssd_initrc_domtrans" lineno="31">
<summary>
Execute sssd server in the sssd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_read_public_files" lineno="49">
<summary>
Read sssd public files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_read_pid_files" lineno="69">
<summary>
Read sssd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_manage_pids" lineno="88">
<summary>
Manage sssd var_run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_search_lib" lineno="108">
<summary>
Search sssd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_dontaudit_search_lib" lineno="127">
<summary>
Do not audit attempts to search sssd lib directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sssd_read_lib_files" lineno="145">
<summary>
Read sssd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_manage_lib_files" lineno="166">
<summary>
Create, read, write, and delete
sssd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_dbus_chat" lineno="187">
<summary>
Send and receive messages from
sssd over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_stream_connect" lineno="207">
<summary>
Connect to sssd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sssd_admin" lineno="233">
<summary>
All of the rules required to administrate
an sssd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the sssd domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="stapserver" filename="policy/modules/services/stapserver.if">
<summary> Instrumentation System Server </summary>
<interface name="stapserver_domtrans" lineno="13">
<summary>
Execute stapserver in the stapserver domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="stapserver_read_log" lineno="32">
<summary>
Read stapserver's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="stapserver_append_log" lineno="51">
<summary>
Append to stapserver log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stapserver_manage_log" lineno="70">
<summary>
Manage stapserver log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stapserver_read_pid_files" lineno="90">
<summary>
Read stapserver PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stapserver_manage_lib" lineno="109">
<summary>
Manage stapserver lib files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="stapserver_admin" lineno="130">
<summary>
All of the rules required to administrate
an stapserver environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="stunnel" filename="policy/modules/services/stunnel.if">
<summary>SSL Tunneling Proxy</summary>
<interface name="stunnel_service_domain" lineno="18">
<summary>
Define the specified domain as a stunnel inetd service.
</summary>
<param name="domain">
<summary>
The type associated with the stunnel inetd service process.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
</module>
<module name="svnserve" filename="policy/modules/services/svnserve.if">
<summary>policy for svnserve</summary>
<interface name="svnserve_domtrans" lineno="14">
<summary>
Transition to svnserve.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="svnserve_initrc_domtrans" lineno="34">
<summary>
Execute svnserve server in the svnserve domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="svnserve_read_pid_files" lineno="52">
<summary>
Read svnserve PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="svnserve_admin" lineno="73">
<summary>
All of the rules required to administrate
an svnserve environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="swift" filename="policy/modules/services/swift.if">
<summary>policy for swift</summary>
<interface name="swift_domtrans" lineno="13">
<summary>
Execute TEMPLATE in the swift domin.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="swift_read_pid_files" lineno="32">
<summary>
Read swift PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="swift_manage_data_files" lineno="51">
<summary>
Manage swift data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="swift_manage_lock" lineno="71">
<summary>
Read and write swift lock files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="swift_filetrans_lock" lineno="90">
<summary>
Transition content labels to swift named content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="swift_can_network" dftval="false">
<desc>
<p>
Determine whether swift can
connect to all TCP ports
</p>
</desc>
</tunable>
</module>
<module name="sysstat" filename="policy/modules/services/sysstat.if">
<summary>Policy for sysstat. Reports on various system states</summary>
<interface name="sysstat_manage_log" lineno="14">
<summary>
Manage sysstat logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="tcpd" filename="policy/modules/services/tcpd.if">
<summary>Policy for TCP daemon.</summary>
<interface name="tcpd_domtrans" lineno="13">
<summary>
Execute tcpd in the tcpd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="tcpd_wrapped_domain" lineno="37">
<summary>
Create a domain for services that
utilize tcp wrappers.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
</module>
<module name="telnet" filename="policy/modules/services/telnet.if">
<summary>Telnet daemon</summary>
</module>
<module name="tftp" filename="policy/modules/services/tftp.if">
<summary>Trivial file transfer protocol daemon</summary>
<interface name="tftp_read_content" lineno="13">
<summary>
Read tftp content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_search_rw_content" lineno="36">
<summary>
Search tftp /var/lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_list_rw_content" lineno="55">
<summary>
Search tftp /var/lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_manage_rw_content" lineno="74">
<summary>
Manage tftp /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tftp_filetrans_tftpdir" lineno="105">
<summary>
Create objects in tftpdir directories
with specified types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
Private file type.
</summary>
</param>
<param name="object_class">
<summary>
Class of the object being created.
</summary>
</param>
</interface>
<interface name="tftp_admin" lineno="126">
<summary>
All of the rules required to administrate
an tftp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="tftp_anon_write" dftval="false">
<desc>
<p>
Allow tftp to modify public files
used for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="tftp_use_nfs" dftval="false">
<desc>
<p>
Allow tftp to read from a NFS store
for public file transfer services.
</p>
</desc>
</tunable>
<tunable name="tftp_use_cifs" dftval="false">
<desc>
<p>
Allow tftp to read from a CIFS store
for public file transfer services.
</p>
</desc>
</tunable>
</module>
<module name="tgtd" filename="policy/modules/services/tgtd.if">
<summary>Linux Target Framework Daemon.</summary>
<desc>
<p>
Linux target framework (tgt) aims to simplify various
SCSI target driver (iSCSI, Fibre Channel, SRP, etc) creation
and maintenance. Our key goals are the clean integration into
the scsi-mid layer and implementing a great portion of tgt
in user space.
</p>
</desc>
<interface name="tgtd_rw_semaphores" lineno="22">
<summary>
Allow read and write access to tgtd semaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tgtd_manage_semaphores" lineno="40">
<summary>
Manage tgtd sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tgtd_stream_connect" lineno="58">
<summary>
Connect to tgtd using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="timidity" filename="policy/modules/services/timidity.if">
<summary>MIDI to WAV converter and player configured as a service</summary>
</module>
<module name="tomcat" filename="policy/modules/services/tomcat.if">
<summary>policy for tomcat</summary>
<template name="tomcat_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
tomcat daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="tomcat_domtrans" lineno="85">
<summary>
Transition to tomcat.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tomcat_search_cache" lineno="104">
<summary>
Search tomcat cache directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_read_cache_files" lineno="123">
<summary>
Read tomcat cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_manage_cache_files" lineno="143">
<summary>
Create, read, write, and delete
tomcat cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_manage_cache_dirs" lineno="162">
<summary>
Manage tomcat cache dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_read_log" lineno="182">
<summary>
Read tomcat's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="tomcat_append_log" lineno="201">
<summary>
Append to tomcat log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_manage_log" lineno="220">
<summary>
Manage tomcat log files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_search_lib" lineno="241">
<summary>
Search tomcat lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_read_lib_files" lineno="260">
<summary>
Read tomcat lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_manage_lib_files" lineno="279">
<summary>
Manage tomcat lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_manage_lib_dirs" lineno="298">
<summary>
Manage tomcat lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_read_pid_files" lineno="317">
<summary>
Read tomcat PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tomcat_admin" lineno="338">
<summary>
All of the rules required to administrate
an tomcat environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="tor" filename="policy/modules/services/tor.if">
<summary>TOR, the onion router</summary>
<interface name="tor_domtrans" lineno="13">
<summary>
Execute a domain transition to run TOR.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tor_admin" lineno="38">
<summary>
All of the rules required to administrate
an tor environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the tor domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="tor_bind_all_unreserved_ports" dftval="false">
<desc>
<p>
Allow tor daemon to bind
tcp sockets to all unreserved ports.
</p>
</desc>
</tunable>
</module>
<module name="transproxy" filename="policy/modules/services/transproxy.if">
<summary>HTTP transperant proxy</summary>
</module>
<module name="tuned" filename="policy/modules/services/tuned.if">
<summary>Dynamic adaptive system tuning daemon</summary>
<interface name="tuned_domtrans" lineno="13">
<summary>
Execute a domain transition to run tuned.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="tuned_exec" lineno="31">
<summary>
Execute tuned in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tuned_read_pid_files" lineno="50">
<summary>
Read tuned PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tuned_manage_pid_files" lineno="69">
<summary>
Manage tuned PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="tuned_initrc_domtrans" lineno="88">
<summary>
Execute tuned server in the tuned domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="tuned_admin" lineno="113">
<summary>
All of the rules required to administrate
an tuned environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="ucspitcp" filename="policy/modules/services/ucspitcp.if">
<summary>ucspitcp policy</summary>
<desc>
<p>
Policy for DJB's ucspi-tcpd
</p>
</desc>
<interface name="ucspitcp_service_domain" lineno="23">
<summary>
Define a specified domain as a ucspitcp service.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
</module>
<module name="ulogd" filename="policy/modules/services/ulogd.if">
<summary>Iptables/netfilter userspace logging daemon.</summary>
<interface name="ulogd_domtrans" lineno="13">
<summary>
Execute a domain transition to run ulogd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ulogd_read_config" lineno="33">
<summary>
Allow the specified domain to read
ulogd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ulogd_read_log" lineno="53">
<summary>
Allow the specified domain to read ulogd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ulogd_search_log" lineno="73">
<summary>
Allow the specified domain to search ulogd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="ulogd_append_log" lineno="93">
<summary>
Allow the specified domain to append to ulogd's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ulogd_admin" lineno="120">
<summary>
All of the rules required to administrate
an ulogd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the syslog domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="uptime" filename="policy/modules/services/uptime.if">
<summary>Uptime daemon</summary>
</module>
<module name="usbmuxd" filename="policy/modules/services/usbmuxd.if">
<summary>USB multiplexing daemon for communicating with Apple iPod Touch and iPhone</summary>
<interface name="usbmuxd_domtrans" lineno="13">
<summary>
Execute a domain transition to run usbmuxd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="usbmuxd_stream_connect" lineno="32">
<summary>
Connect to usbmuxd over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="uucp" filename="policy/modules/services/uucp.if">
<summary>Unix to Unix Copy</summary>
<interface name="uucp_domtrans" lineno="14">
<summary>
Execute the uucico program in the
uucpd_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="uucp_append_log" lineno="33">
<summary>
Allow the specified domain to append
to uucp log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uucp_manage_spool" lineno="53">
<summary>
Create, read, write, and delete uucp spool files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uucp_domtrans_uux" lineno="75">
<summary>
Execute the master uux program in the
uux_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uucp_admin" lineno="95">
<summary>
All of the rules required to administrate
an uucp environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="uuidd" filename="policy/modules/services/uuidd.if">
<summary>policy for uuidd</summary>
<interface name="uuidd_domtrans" lineno="13">
<summary>
Transition to uuidd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="uuidd_initrc_domtrans" lineno="32">
<summary>
Execute uuidd server in the uuidd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_search_lib" lineno="50">
<summary>
Search uuidd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_read_lib_files" lineno="69">
<summary>
Read uuidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_manage_lib_files" lineno="88">
<summary>
Manage uuidd lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_manage_lib_dirs" lineno="107">
<summary>
Manage uuidd lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_read_pid_files" lineno="127">
<summary>
Read uuidd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_stream_connect_manager" lineno="146">
<summary>
Connect to uuidd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="uuidd_admin" lineno="172">
<summary>
All of the rules required to administrate
an uuidd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="uwimap" filename="policy/modules/services/uwimap.if">
<summary>University of Washington IMAP toolkit POP3 and IMAP mail server</summary>
<interface name="uwimap_domtrans" lineno="13">
<summary>
Execute the UW IMAP/POP3 servers with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="varnishd" filename="policy/modules/services/varnishd.if">
<summary>Varnishd http accelerator daemon</summary>
<interface name="varnishd_domtrans" lineno="13">
<summary>
Execute varnishd in the varnishd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="varnishd_exec" lineno="32">
<summary>
Execute varnishd
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="varnishd_read_config" lineno="50">
<summary>
Read varnishd configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_read_lib_files" lineno="69">
<summary>
Read varnish lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_read_log" lineno="88">
<summary>
Read varnish logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_append_log" lineno="107">
<summary>
Append varnish logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_manage_log" lineno="126">
<summary>
Manage varnish logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="varnishd_admin_varnishlog" lineno="152">
<summary>
All of the rules required to administrate
an varnishlog environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the varnishlog domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="varnishd_admin" lineno="192">
<summary>
All of the rules required to administrate
an varnishd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the varnishd domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="varnishd_connect_any" dftval="false">
<desc>
<p>
Allow varnishd to connect to all ports,
not just HTTP.
</p>
</desc>
</tunable>
</module>
<module name="vdagent" filename="policy/modules/services/vdagent.if">
<summary>policy for vdagent</summary>
<interface name="vdagent_getattr_exec" lineno="13">
<summary>
Getattr on vdagent executable.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vdagent_domtrans" lineno="31">
<summary>
Execute a domain transition to run vdagent.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_getattr_log" lineno="49">
<summary>
Get the attributes of vdagent logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_read_pid_files" lineno="68">
<summary>
Read vdagent PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_stream_connect" lineno="88">
<summary>
Connect to vdagent over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vdagent_admin" lineno="108">
<summary>
All of the rules required to administrate
an vdagent environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="vhostmd" filename="policy/modules/services/vhostmd.if">
<summary>Virtual host metrics daemon</summary>
<interface name="vhostmd_domtrans" lineno="13">
<summary>
Execute a domain transition to run vhostmd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="vhostmd_initrc_domtrans" lineno="31">
<summary>
Execute vhostmd server in the vhostmd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="vhostmd_read_tmpfs_files" lineno="49">
<summary>
Allow domain to read, vhostmd tmpfs files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="vhostmd_dontaudit_read_tmpfs_files" lineno="69">
<summary>
Do not audit attempts to read,
vhostmd tmpfs files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="vhostmd_rw_tmpfs_files" lineno="87">
<summary>
Allow domain to read and write vhostmd tmpfs files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="vhostmd_manage_tmpfs_files" lineno="106">
<summary>
Create, read, write, and delete vhostmd tmpfs files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="vhostmd_read_pid_files" lineno="125">
<summary>
Read vhostmd PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_manage_pid_files" lineno="144">
<summary>
Manage vhostmd var_run files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_stream_connect" lineno="163">
<summary>
Connect to vhostmd over an unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_dontaudit_rw_stream_connect" lineno="183">
<summary>
Dontaudit read and write to vhostmd
over an unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="vhostmd_admin" lineno="208">
<summary>
All of the rules required to administrate
an vhostmd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="virt" filename="policy/modules/services/virt.if">
<summary>Libvirt virtualization API</summary>
<template name="virt_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
qemu process domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="virt_image" lineno="78">
<summary>
Make the specified type usable as a virt image
</summary>
<param name="type">
<summary>
Type to be used as a virtual image
</summary>
</param>
</interface>
<interface name="virt_getattr_exec" lineno="100">
<summary>
Getattr on virt executable.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_domtrans" lineno="118">
<summary>
Execute a domain transition to run virt.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_run" lineno="141">
<summary>
Execute a domain transition to run virt.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
<param name="role">
<summary>
Role allowed to access.
</summary>
</param>
</interface>
<interface name="virt_domtrans_bridgehelper" lineno="163">
<summary>
Transition to virt_bridgehelper.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_stream_connect" lineno="181">
<summary>
Connect to virt over an unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_attach_tun_iface" lineno="200">
<summary>
Allow domain to attach to virt TUN devices
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_config" lineno="219">
<summary>
Read virt config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_config" lineno="241">
<summary>
manage virt config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_search_content" lineno="263">
<summary>
Allow domain to search virt image files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="virt_search_images" lineno="283">
<summary>
Allow domain to search virt image direcories
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_content" lineno="302">
<summary>
Allow domain to manage virt image files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="virt_write_content" lineno="337">
<summary>
Allow domain to write virt image files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="virt_read_pid_files" lineno="355">
<summary>
Read virt PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_pid_symlinks" lineno="374">
<summary>
Read virt PID lnk files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_pid_files" lineno="393">
<summary>
Manage virt pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_search_lib" lineno="412">
<summary>
Search virt lib directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_lib_files" lineno="431">
<summary>
Read virt lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_dontaudit_read_lib_files" lineno="451">
<summary>
Dontaudit inherited read virt lib files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="virt_manage_lib_files" lineno="470">
<summary>
Create, read, write, and delete
virt lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_log" lineno="490">
<summary>
Allow the specified domain to read virt's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="virt_append_log" lineno="510">
<summary>
Allow the specified domain to append
virt log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="virt_manage_log" lineno="529">
<summary>
Allow domain to manage virt log files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="virt_read_blk_images" lineno="549">
<summary>
Allow domain to read virt blk image files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_getattr_images" lineno="567">
<summary>
Allow domain to read virt image files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="virt_read_images" lineno="587">
<summary>
Allow domain to read virt image files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="virt_manage_cache" lineno="625">
<summary>
Create, read, write, and delete
svirt cache files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_images" lineno="646">
<summary>
Allow domain to manage virt image files
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="virt_admin" lineno="690">
<summary>
All of the rules required to administrate
an virt environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="virt_transition_svirt" lineno="733">
<summary>
Execute qemu in the svirt domain, and
allow the specified role the svirt domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the svirt domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="virt_dontaudit_write_pipes" lineno="759">
<summary>
Do not audit attempts to write virt daemon unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_kill_svirt" lineno="776">
<summary>
Send a sigkill to virtual machines
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_kill" lineno="794">
<summary>
Send a sigkill to virtd daemon
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_signal_svirt" lineno="812">
<summary>
Send a signal to virtual machines
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_read_tmp_files" lineno="831">
<summary>
allow domain to read
virt tmpf files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="virt_dontaudit_write_tmp_files" lineno="851">
<summary>
dontaudit domain to write
virt tmp files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="virt_write_tmp_sock" lineno="870">
<summary>
Allow domain to write
virt tmp sock files
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="virt_exec_sandbox_files" lineno="888">
<summary>
Execute Sandbox Files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_manage_sandbox_files" lineno="906">
<summary>
Manage Sandbox Files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_relabel_sandbox_filesystem" lineno="928">
<summary>
Relabel Sandbox File systems
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_mounton_sandbox_file" lineno="946">
<summary>
Mounton Sandbox Files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="virt_stream_connect_sandbox" lineno="964">
<summary>
Connect to virt over a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="virt_use_comm" dftval="false">
<desc>
<p>
Allow virt to use serial/parallell communication ports
</p>
</desc>
</tunable>
<tunable name="virt_use_fusefs" dftval="false">
<desc>
<p>
Allow virt to read fuse files
</p>
</desc>
</tunable>
<tunable name="virt_use_nfs" dftval="false">
<desc>
<p>
Allow virt to manage nfs files
</p>
</desc>
</tunable>
<tunable name="virt_use_samba" dftval="false">
<desc>
<p>
Allow virt to manage cifs files
</p>
</desc>
</tunable>
<tunable name="virt_use_sysfs" dftval="false">
<desc>
<p>
Allow virt to manage device configuration, (pci)
</p>
</desc>
</tunable>
<tunable name="virt_use_sanlock" dftval="false">
<desc>
<p>
Allow confined virtual guests to interact with the sanlock
</p>
</desc>
</tunable>
<tunable name="virt_use_xserver" dftval="false">
<desc>
<p>
Allow virtual machine to interact with the xserver
</p>
</desc>
</tunable>
<tunable name="virt_use_usb" dftval="true">
<desc>
<p>
Allow virt to use usb devices
</p>
</desc>
</tunable>
<tunable name="virt_use_execmem" dftval="false">
<desc>
<p>
Allow confined virtual guests to use executable memory and executable stack
</p>
</desc>
</tunable>
</module>
<module name="w3c" filename="policy/modules/services/w3c.if">
<summary>W3C Markup Validator</summary>
</module>
<module name="watchdog" filename="policy/modules/services/watchdog.if">
<summary>Software watchdog</summary>
</module>
<module name="wdmd" filename="policy/modules/services/wdmd.if">
<summary>policy for wdmd</summary>
<interface name="wdmd_domtrans" lineno="14">
<summary>
Execute a domain transition to run wdmd.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wdmd_initrc_domtrans" lineno="33">
<summary>
Execute wdmd server in the wdmd domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="wdmd_admin" lineno="58">
<summary>
All of the rules required to administrate
an wdmd environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="wdmd_stream_connect" lineno="84">
<summary>
Connect to wdmd over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wdmd_rw_tmpfs" lineno="102">
<summary>
Allow the specified domain to read/write wdmd's tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="wdmd_manage_tmpfs" lineno="120">
<summary>
Allow the specified domain to read/write wdmd's tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="xfs" filename="policy/modules/services/xfs.if">
<summary>X Windows Font Server</summary>
<interface name="xfs_read_sockets" lineno="13">
<summary>
Read a X font server named socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xfs_stream_connect" lineno="33">
<summary>
Connect to a X font server over
a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xfs_exec" lineno="53">
<summary>
Allow the specified domain to execute xfs
in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="xprint" filename="policy/modules/services/xprint.if">
<summary>X print server</summary>
</module>
<module name="xserver" filename="policy/modules/services/xserver.if">
<summary>X Windows Server</summary>
<interface name="xserver_restricted_role" lineno="19">
<summary>
Rules required for using the X Windows server
and environment, for restricted users.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_role" lineno="156">
<summary>
Rules required for using the X Windows server
and environment.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_ro_session" lineno="209">
<summary>
Create sessions on the X server, with read-only
access to the X server shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tmpfs_type">
<summary>
The type of the domain SYSV tmpfs files.
</summary>
</param>
</interface>
<interface name="xserver_rw_session" lineno="249">
<summary>
Create sessions on the X server, with read and write
access to the X server shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tmpfs_type">
<summary>
The type of the domain SYSV tmpfs files.
</summary>
</param>
</interface>
<interface name="xserver_non_drawing_client" lineno="269">
<summary>
Create non-drawing client sessions on an X server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_user_client" lineno="306">
<summary>
Create full client sessions
on a user X server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="tmpfs_type">
<summary>
The type of the domain SYSV tmpfs files.
</summary>
</param>
</interface>
<template name="xserver_common_x_domain_template" lineno="367">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain. Provides the minimal set required by a basic
X client application.
</summary>
<param name="prefix">
<summary>
The prefix of the X client domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Client domain allowed access.
</summary>
</param>
</template>
<template name="xserver_object_types_template" lineno="442">
<summary>
Template for creating the set of types used
in an X windows domain.
</summary>
<param name="prefix">
<summary>
The prefix of the X client domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="xserver_user_x_domain_template" lineno="484">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain. Provides the minimal set required by a basic
X client application.
</summary>
<param name="prefix">
<summary>
The prefix of the X client domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Client domain allowed access.
</summary>
</param>
<param name="tmpfs_type">
<summary>
The type of the domain SYSV tmpfs files.
</summary>
</param>
</template>
<interface name="xserver_use_user_fonts" lineno="553">
<summary>
Read user fonts, user font configuration,
and manage the user font cache.
</summary>
<desc>
<p>
Read user fonts, user font configuration,
and manage the user font cache.
</p>
<p>
This is a templated interface, and should only
be called from a per-userdomain template.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_domtrans_xauth" lineno="583">
<summary>
Transition to the Xauthority domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_exec_xauth" lineno="604">
<summary>
Allow exec of Xauthority program..
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_exec_xauth" lineno="622">
<summary>
Dontaudit exec of Xauthority program.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_user_home_dir_filetrans_user_xauth" lineno="640">
<summary>
Create a Xauthority file in the user home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_use_all_users_fonts" lineno="659">
<summary>
Read all users fonts, user font configurations,
and manage all users font caches.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_user_xauth" lineno="674">
<summary>
Read all users .Xauthority.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_setattr_console_pipes" lineno="694">
<summary>
Set the attributes of the X windows console named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_rw_console" lineno="712">
<summary>
Read and write the X windows console named pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_use_xdm_fds" lineno="730">
<summary>
Use file descriptors for xdm.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_use_xdm_fds" lineno="749">
<summary>
Do not audit attempts to inherit
XDM file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_rw_xdm_pipes" lineno="767">
<summary>
Read and write XDM unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_rw_xdm_pipes" lineno="786">
<summary>
Do not audit attempts to read and write
XDM unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_stream_connect_xdm" lineno="806">
<summary>
Connect to XDM over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_rw_config" lineno="827">
<summary>
Read xdm-writable configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_setattr_xdm_tmp_dirs" lineno="846">
<summary>
Set the attributes of XDM temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_create_xdm_tmp_sockets" lineno="865">
<summary>
Create a named socket in a XDM
temporary directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_pid" lineno="885">
<summary>
Read XDM pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_read_xdm_pid" lineno="904">
<summary>
Dontaudit Read XDM pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_lib_files" lineno="923">
<summary>
Read XDM var lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_xsession_entry_type" lineno="941">
<summary>
Make an X session script an entrypoint for the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which the shell is an entrypoint.
</summary>
</param>
</interface>
<interface name="xserver_xsession_spec_domtrans" lineno="978">
<summary>
Execute an X session in the target domain. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<desc>
<p>
Execute an Xsession in the target domain. This
is an explicit transition, requiring the
caller to use setexeccon().
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the shell process.
</summary>
</param>
</interface>
<interface name="xserver_getattr_log" lineno="996">
<summary>
Get the attributes of X server logs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_write_log" lineno="1016">
<summary>
Do not audit attempts to write the X server
log files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_delete_log" lineno="1035">
<summary>
Do not audit attempts to write the X server
log files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_read_xkb_libs" lineno="1056">
<summary>
Read X keyboard extension libraries.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_etc_files" lineno="1077">
<summary>
Read xdm config files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_manage_xdm_etc_files" lineno="1096">
<summary>
Manage xdm config files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_read_xdm_tmp_files" lineno="1115">
<summary>
Read xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_read_xdm_tmp_files" lineno="1134">
<summary>
Do not audit attempts to read xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_rw_xdm_tmp_files" lineno="1153">
<summary>
Read write xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_manage_xdm_tmp_files" lineno="1172">
<summary>
Create, read, write, and delete xdm temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_getattr_xdm_tmp_sockets" lineno="1190">
<summary>
dontaudit getattr xdm temporary named sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_domtrans" lineno="1208">
<summary>
Execute the X server in the X server domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_signal" lineno="1227">
<summary>
Signal X servers
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_kill" lineno="1245">
<summary>
Kill X servers
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_rw_shm" lineno="1264">
<summary>
Read and write X server Sys V Shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_rw_tcp_sockets" lineno="1283">
<summary>
Do not audit attempts to read and write to
X server sockets.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_rw_stream_sockets" lineno="1302">
<summary>
Do not audit attempts to read and write X server
unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_stream_connect" lineno="1321">
<summary>
Connect to the X server over a unix domain
stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_stream_connect" lineno="1341">
<summary>
Dontaudit attempts to connect to xserver
over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xserver_read_tmp_files" lineno="1359">
<summary>
Read X server temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_manage_core_devices" lineno="1380">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain. Gives the domain permission to read the
virtual core keyboard and virtual core pointer devices.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_unconfined" lineno="1414">
<summary>
Interface to provide X object permissions on a given X server to
an X client domain. Gives the domain complete control over the
display.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dontaudit_append_xdm_home_files" lineno="1434">
<summary>
Dontaudit append to .xsession-errors file
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_append_xdm_home_files" lineno="1462">
<summary>
append to .xsession-errors file
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="xserver_xdm_manage_spool" lineno="1490">
<summary>
Manage the xdm_spool files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_dbus_chat_xdm" lineno="1510">
<summary>
Send and receive messages from
xdm over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_read_pid" lineno="1530">
<summary>
Read xserver files created in /var/run
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_exec_pid" lineno="1549">
<summary>
Execute xserver files created in /var/run
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_write_pid" lineno="1568">
<summary>
Write xserver files created in /var/run
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_xdm_append_log" lineno="1588">
<summary>
Allow append the xdm
log files.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<template name="xserver_read_user_iceauth" lineno="1608">
<summary>
Read a user Iceauthority domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<interface name="xserver_rw_inherited_user_fonts" lineno="1627">
<summary>
Read user homedir fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_search_xdm_lib" lineno="1649">
<summary>
Search XDM var lib dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xserver_entry_type" lineno="1668">
<summary>
Make an X executable an entrypoint for the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which the shell is an entrypoint.
</summary>
</param>
</interface>
<interface name="xserver_run" lineno="1693">
<summary>
Execute xsever in the xserver domain, and
allow the specified role the xserver domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the xserver domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="xserver_run_xauth" lineno="1719">
<summary>
Execute xsever in the xserver domain, and
allow the specified role the xserver domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the xserver domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="xserver_manage_home_fonts" lineno="1738">
<summary>
Read user homedir fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_write_xshm" dftval="false">
<desc>
<p>
Allows clients to write to the X server shared
memory segments.
</p>
</desc>
</tunable>
<tunable name="allow_xserver_execmem" dftval="false">
<desc>
<p>
Allows XServer to execute writable memory
</p>
</desc>
</tunable>
<tunable name="xdm_exec_bootloader" dftval="false">
<desc>
<p>
Allows xdm to execute bootloader
</p>
</desc>
</tunable>
<tunable name="xdm_sysadm_login" dftval="false">
<desc>
<p>
Allow xdm logins as sysadm
</p>
</desc>
</tunable>
<tunable name="xserver_object_manager" dftval="false">
<desc>
<p>
Support X userspace object manager
</p>
</desc>
</tunable>
<tunable name="user_direct_dri" dftval="false">
<desc>
<p>
Allow regular users direct dri device access
</p>
</desc>
</tunable>
</module>
<module name="zabbix" filename="policy/modules/services/zabbix.if">
<summary>Distributed infrastructure monitoring</summary>
<interface name="zabbix_domtrans" lineno="13">
<summary>
Execute a domain transition to run zabbix.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zabbix_tcp_connect" lineno="31">
<summary>
Allow connectivity to the zabbix server
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_read_log" lineno="53">
<summary>
Allow the specified domain to read zabbix's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="zabbix_append_log" lineno="73">
<summary>
Allow the specified domain to append
zabbix log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_read_pid_files" lineno="92">
<summary>
Read zabbix PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_read_inherited_tmp_files" lineno="112">
<summary>
Allow the specified domain to read zabbix's log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="zabbix_rw_tcp_socket" lineno="130">
<summary>
Read zabbix PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_agent_tcp_connect" lineno="147">
<summary>
Allow connectivity to a zabbix agent
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zabbix_admin" lineno="175">
<summary>
All of the rules required to administrate
an zabbix environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the zabbix domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="zabbix_can_network" dftval="false">
<desc>
<p>
Determine whether zabbix can
connect to all TCP ports
</p>
</desc>
</tunable>
</module>
<module name="zarafa" filename="policy/modules/services/zarafa.if">
<summary>Zarafa collaboration platform.</summary>
<template name="zarafa_domain_template" lineno="14">
<summary>
Creates types and rules for a basic
zararfa init daemon domain.
</summary>
<param name="prefix">
<summary>
Prefix for the domain.
</summary>
</param>
</template>
<interface name="zarafa_search_config" lineno="58">
<summary>
Allow the specified domain to search
zarafa configuration dirs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zarafa_domtrans_deliver" lineno="77">
<summary>
Execute a domain transition to run zarafa_deliver.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zarafa_read_deliver_exec" lineno="95">
<summary>
Read zarafa_deliver executable.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zarafa_domtrans_server" lineno="112">
<summary>
Execute a domain transition to run zarafa_server.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zarafa_stream_connect_server" lineno="130">
<summary>
Connect to zarafa-server unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zarafa_manage_lib_files" lineno="150">
<summary>
Allow the specified domain to manage
zarafa /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zarafa_read_lib_files" lineno="172">
<summary>
Allow the specified domain to manage
zarafa /var/lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="zebra" filename="policy/modules/services/zebra.if">
<summary>Zebra border gateway protocol network routing service</summary>
<interface name="zebra_read_config" lineno="14">
<summary>
Read the configuration files for zebra.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="zebra_stream_connect" lineno="35">
<summary>
Connect to zebra over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="zebra_admin" lineno="61">
<summary>
All of the rules required to administrate
an zebra environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the zebra domain.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="allow_zebra_write_config" dftval="false">
<desc>
<p>
Allow zebra daemon to write it configuration files
</p>
</desc>
</tunable>
</module>
<module name="zosremote" filename="policy/modules/services/zosremote.if">
<summary>policy for z/OS Remote-services Audit dispatcher plugin</summary>
<interface name="zosremote_domtrans" lineno="13">
<summary>
Execute a domain transition to run audispd-zos-remote.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="zosremote_run" lineno="38">
<summary>
Allow specified type and role to transition and
run in the zos_remote_t domain. Allow specified type
to use zos_remote_t terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the zos_remote domain.
</summary>
</param>
</interface>
</module>
</layer>
<layer name="system">
<summary>
Policy modules for system functions from init to multi-user login.
</summary>
<module name="application" filename="policy/modules/system/application.if">
<summary>Policy for user executable applications.</summary>
<interface name="application_type" lineno="13">
<summary>
Make the specified type usable as an application domain.
</summary>
<param name="type">
<summary>
Type to be used as a domain type.
</summary>
</param>
</interface>
<interface name="application_executable_file" lineno="36">
<summary>
Make the specified type usable for files
that are exectuables, such as binary programs.
This does not include shared libraries.
</summary>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
</interface>
<interface name="application_exec" lineno="56">
<summary>
Execute application executables in the caller domain.
</summary>
<param name="type">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="application_exec_all" lineno="75">
<summary>
Execute all executable files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="application_domain" lineno="110">
<summary>
Create a domain for applications.
</summary>
<desc>
<p>
Create a domain for applications. Typically these are
programs that are run interactively.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
</desc>
<param name="domain">
<summary>
Type to be used as an application domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="application_signull" lineno="126">
<summary>
Send signull to all application domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="application_signal" lineno="144">
<summary>
Send signal to all application domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="application_dontaudit_signull" lineno="162">
<summary>
Dontaudit signull sent to all application domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="application_dontaudit_signal" lineno="180">
<summary>
Dontaudit signal sent to all application domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="application_dontaudit_sigkill" lineno="198">
<summary>
Dontaudit kill signal sent to all application domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
</module>
<module name="authlogin" filename="policy/modules/system/authlogin.if">
<summary>Common policy for authentication and user login.</summary>
<interface name="auth_role" lineno="18">
<summary>
Role access for password authentication.
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_use_pam" lineno="49">
<summary>
Use PAM for authentication.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_login_pgm_domain" lineno="105">
<summary>
Make the specified domain used for a login program.
</summary>
<param name="domain">
<summary>
Domain type used for a login program domain.
</summary>
</param>
</interface>
<interface name="auth_login_entry_type" lineno="235">
<summary>
Use the login program as an entry point program.
</summary>
<param name="domain">
<summary>
The type of process using the login program as entry point.
</summary>
</param>
</interface>
<interface name="auth_domtrans_login_program" lineno="258">
<summary>
Execute a login_program in the target domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the login_program process.
</summary>
</param>
</interface>
<interface name="auth_ranged_domtrans_login_program" lineno="288">
<summary>
Execute a login_program in the target domain,
with a range transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
The type of the login_program process.
</summary>
</param>
<param name="range">
<summary>
Range of the login program.
</summary>
</param>
</interface>
<interface name="auth_search_cache" lineno="314">
<summary>
Search authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_cache" lineno="332">
<summary>
Read authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_cache" lineno="350">
<summary>
Read/Write authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_cache" lineno="368">
<summary>
Manage authentication cache
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_var_filetrans_cache" lineno="387">
<summary>
Automatic transition from cache_t to cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_chk_passwd" lineno="405">
<summary>
Run unix_chkpwd to check a password.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_chkpwd" lineno="463">
<summary>
Run unix_chkpwd to check a password.
Stripped down version to be called within boolean
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_run_chk_passwd" lineno="489">
<summary>
Execute chkpwd programs in the chkpwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the chkpwd domain.
</summary>
</param>
</interface>
<interface name="auth_domtrans_upd_passwd" lineno="509">
<summary>
Execute a domain transition to run unix_update.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="auth_run_upd_passwd" lineno="534">
<summary>
Execute updpwd programs in the updpwd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the updpwd domain.
</summary>
</param>
</interface>
<interface name="auth_getattr_shadow" lineno="553">
<summary>
Get the attributes of the shadow passwords file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_getattr_shadow" lineno="573">
<summary>
Do not audit attempts to get the attributes
of the shadow passwords file.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_read_shadow" lineno="595">
<summary>
Read the shadow passwords file (/etc/shadow)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_can_read_shadow_passwords" lineno="619">
<summary>
Pass shadow assertion for reading.
</summary>
<desc>
<p>
Pass shadow assertion for reading.
This should only be used with
auth_tunable_read_shadow(), and
only exists because typeattribute
does not work in conditionals.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_can_write_shadow_passwords" lineno="646">
<summary>
Pass shadow assertion for reading.
</summary>
<desc>
<p>
Pass shadow assertion for reading.
This should only be used with
auth_tunable_read_shadow(), and
only exists because typeattribute
does not work in conditionals.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_tunable_read_shadow" lineno="672">
<summary>
Read the shadow password file.
</summary>
<desc>
<p>
Read the shadow password file. This
should only be used in a conditional;
it does not pass the reading shadow
assertion.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_read_shadow" lineno="692">
<summary>
Do not audit attempts to read the shadow
password file (/etc/shadow).
</summary>
<param name="domain">
<summary>
The type of the domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_rw_shadow" lineno="710">
<summary>
Read and write the shadow password file (/etc/shadow).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_tunable_manage_shadow" lineno="731">
<summary>
Create, read, write, and delete the shadow
password file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_shadow" lineno="750">
<summary>
Create, read, write, and delete the shadow
password file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_etc_filetrans_shadow" lineno="770">
<summary>
Automatic transition from etc to shadow.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabelto_shadow" lineno="789">
<summary>
Relabel to the shadow
password file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_relabel_shadow" lineno="811">
<summary>
Relabel from and to the shadow
password file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_append_faillog" lineno="832">
<summary>
Append to the login failure log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_faillog" lineno="851">
<summary>
Read and write the login failure log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_faillog" lineno="870">
<summary>
Manage the login failure log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_lastlog" lineno="892">
<summary>
Read the last logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_append_lastlog" lineno="911">
<summary>
Append only to the last logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_lastlog" lineno="930">
<summary>
Read and write to the last logins log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_pam" lineno="949">
<summary>
Execute pam programs in the pam domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_signal_pam" lineno="967">
<summary>
Send generic signals to pam processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_run_pam" lineno="990">
<summary>
Execute pam programs in the PAM domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the PAM domain.
</summary>
</param>
</interface>
<interface name="auth_exec_pam" lineno="1009">
<summary>
Execute the pam program.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_var_auth" lineno="1028">
<summary>
Manage var auth files. Used by various other applications
and pam applets etc.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_pam_pid" lineno="1049">
<summary>
Read PAM PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_read_pam_pid" lineno="1069">
<summary>
Do not audit attemps to read PAM PID files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_delete_pam_pid" lineno="1087">
<summary>
Delete pam PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_pam_pid" lineno="1107">
<summary>
Manage pam PID files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_domtrans_pam_console" lineno="1127">
<summary>
Execute pam_console with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_search_pam_console_data" lineno="1146">
<summary>
Search the contents of the
pam_console data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_list_pam_console_data" lineno="1166">
<summary>
List the contents of the pam_console
data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_pam_console_data" lineno="1185">
<summary>
Read pam_console data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_pam_console_data" lineno="1206">
<summary>
Create, read, write, and delete
pam_console data files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_delete_pam_console_data" lineno="1226">
<summary>
Delete pam_console data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_all_dirs_except_shadow" lineno="1253">
<summary>
Read all directories on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_read_all_files_except_shadow" lineno="1279">
<summary>
Read all files on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_read_all_symlinks_except_shadow" lineno="1304">
<summary>
Read all symbolic links on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_relabel_all_files_except_shadow" lineno="1330">
<summary>
Relabel all files on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_rw_all_files_except_shadow" lineno="1356">
<summary>
Read and write all files on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_manage_all_files_except_shadow" lineno="1382">
<summary>
Manage all files on the filesystem, except
the shadow passwords and listed exceptions.
</summary>
<param name="domain">
<summary>
The type of the domain perfoming this action.
</summary>
</param>
<param name="exception_types" optional="true">
<summary>
The types to be excluded. Each type or attribute
must be negated by the caller.
</summary>
</param>
</interface>
<interface name="auth_domtrans_utempter" lineno="1400">
<summary>
Execute utempter programs in the utempter domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_run_utempter" lineno="1423">
<summary>
Execute utempter programs in the utempter domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the utempter domain.
</summary>
</param>
</interface>
<interface name="auth_dontaudit_exec_utempter" lineno="1442">
<summary>
Do not audit attemps to execute utempter executable.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_setattr_login_records" lineno="1460">
<summary>
Set the attributes of login record files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_read_login_records" lineno="1480">
<summary>
Read login records files (/var/log/wtmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_dontaudit_read_login_records" lineno="1501">
<summary>
Do not audit attempts to read login records
files (/var/log/wtmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="auth_dontaudit_write_login_records" lineno="1520">
<summary>
Do not audit attempts to write to
login records files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="auth_append_login_records" lineno="1538">
<summary>
Append to login records (wtmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_write_login_records" lineno="1557">
<summary>
Write to login records (wtmp).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_rw_login_records" lineno="1575">
<summary>
Read and write login records.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_log_filetrans_login_records" lineno="1595">
<summary>
Create a login records in the log directory
using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_manage_login_records" lineno="1614">
<summary>
Create, read, write, and delete login
records files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_use_nsswitch" lineno="1643">
<summary>
Use nsswitch to look up user, password, group, or
host information.
</summary>
<desc>
<p>
Allow the specified domain to look up user, password,
group, or host information using the name service.
The most common use of this interface is for services
that do host name resolution (usually DNS resolution).
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="auth_unconfined" lineno="1722">
<summary>
Unconfined access to the authlogin module.
</summary>
<desc>
<p>
Unconfined access to the authlogin module.
</p>
<p>
Currently, this only allows assertions for
the shadow passwords file (/etc/shadow) to
be passed. No access is granted yet.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="auth_signal_chk_passwd" lineno="1744">
<summary>
Send generic signals to chkpwd processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="authlogin_radius" dftval="false">
<desc>
<p>
Allow users to login using a radius server
</p>
</desc>
</tunable>
<tunable name="authlogin_shadow" dftval="false">
<desc>
<p>
Allow users login programs to access /etc/shadow.
</p>
</desc>
</tunable>
</module>
<module name="clock" filename="policy/modules/system/clock.if">
<summary>Policy for reading and setting the hardware clock.</summary>
<interface name="clock_domtrans" lineno="13">
<summary>
Execute hwclock in the clock domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="clock_run" lineno="38">
<summary>
Execute hwclock in the clock domain, and
allow the specified role the hwclock domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the clock domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="clock_exec" lineno="57">
<summary>
Execute hwclock in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="clock_dontaudit_write_adjtime" lineno="75">
<summary>
Do not audit attempts to write clock drift adjustments.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="clock_rw_adjtime" lineno="93">
<summary>
Read and write clock drift adjustments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="daemontools" filename="policy/modules/system/daemontools.if">
<summary>Collection of tools for managing UNIX services</summary>
<desc>
<p>
Policy for DJB's daemontools
</p>
</desc>
<interface name="daemontools_ipc_domain" lineno="18">
<summary>
An ipc channel between the supervised domain and svc_start_t
</summary>
<param name="domain">
<summary>
Domain allowed access to svc_start_t.
</summary>
</param>
</interface>
<interface name="daemontools_service_domain" lineno="44">
<summary>
Define a specified domain as a supervised service.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="entrypoint">
<summary>
The type associated with the process program.
</summary>
</param>
</interface>
<interface name="daemontools_domtrans_start" lineno="66">
<summary>
Execute in the svc_start_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="daemonstools_run_start" lineno="91">
<summary>
Execute svc_start in the svc_start domain, and
allow the specified role the svc_start domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the svc_start domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="daemontools_domtrans_run" lineno="110">
<summary>
Execute in the svc_run_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="daemontools_domtrans_multilog" lineno="128">
<summary>
Execute in the svc_multilog_t domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="daemontools_read_svc" lineno="147">
<summary>
Allow a domain to read svc_svc_t files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="daemontools_search_svc_dir" lineno="166">
<summary>
Search svc_svc_t directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="daemontools_manage_svc" lineno="185">
<summary>
Allow a domain to create svc_svc_t files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="daemontools_sigchld_run" lineno="206">
<summary>
Send a SIGCHLD signal to svc_run domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="fstools" filename="policy/modules/system/fstools.if">
<summary>Tools for filesystem management, such as mkfs and fsck.</summary>
<interface name="fstools_domtrans" lineno="13">
<summary>
Execute fs tools in the fstools domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="fstools_run" lineno="39">
<summary>
Execute fs tools in the fstools domain, and
allow the specified role the fs tools domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the fs tools domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="fstools_exec" lineno="58">
<summary>
Execute fsadm in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="fstools_signal" lineno="76">
<summary>
Send signal to fsadm process
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_read_pipes" lineno="94">
<summary>
Read fstools unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="fstools_relabelto_entry_files" lineno="113">
<summary>
Relabel a file to the type used by the
filesystem tools programs.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="fstools_manage_entry_files" lineno="132">
<summary>
Create, read, write, and delete a file used by the
filesystem tools programs.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="fstools_getattr_swap_files" lineno="150">
<summary>
Getattr swapfile
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="getty" filename="policy/modules/system/getty.if">
<summary>Policy for getty.</summary>
<interface name="getty_domtrans" lineno="13">
<summary>
Execute gettys in the getty domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="getty_use_fds" lineno="32">
<summary>
Inherit and use getty file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="getty_read_log" lineno="51">
<summary>
Allow process to read getty log file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="getty_read_config" lineno="71">
<summary>
Allow process to read getty config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="getty_rw_config" lineno="91">
<summary>
Allow process to edit getty config file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="hostname" filename="policy/modules/system/hostname.if">
<summary>Policy for changing the system host name.</summary>
<interface name="hostname_domtrans" lineno="13">
<summary>
Execute hostname in the hostname domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hostname_run" lineno="38">
<summary>
Execute hostname in the hostname domain, and
allow the specified role the hostname domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the hostname domain.
</summary>
</param>
</interface>
<interface name="hostname_exec" lineno="58">
<summary>
Execute hostname in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="hotplug" filename="policy/modules/system/hotplug.if">
<summary>
Policy for hotplug system, for supporting the
connection and disconnection of devices at runtime.
</summary>
<interface name="hotplug_domtrans" lineno="16">
<summary>
Execute hotplug with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hotplug_exec" lineno="35">
<summary>
Execute hotplug in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hotplug_use_fds" lineno="54">
<summary>
Inherit and use hotplug file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hotplug_dontaudit_use_fds" lineno="73">
<summary>
Do not audit attempts to inherit
hotplug file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="hotplug_dontaudit_search_config" lineno="92">
<summary>
Do not audit attempts to search the
hotplug configuration directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="hotplug_getattr_config_dirs" lineno="110">
<summary>
Get the attributes of the hotplug configuration directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hotplug_search_config" lineno="128">
<summary>
Search the hotplug configuration directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="hotplug_read_config" lineno="147">
<summary>
Read the configuration files for hotplug.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<rolecap/>
</interface>
<interface name="hotplug_search_pids" lineno="168">
<summary>
Search the hotplug PIDs.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="init" filename="policy/modules/system/init.if">
<summary>System initialization programs (init and init scripts).</summary>
<interface name="init_script_file" lineno="32">
<summary>
Create a file type used for init scripts.
</summary>
<desc>
<p>
Create a file type used for init scripts. It can not be
used in conjunction with init_script_domain(). These
script files are typically stored in the /etc/init.d directory.
</p>
<p>
Typically this is used to constrain what services an
admin can start/stop. For example, a policy writer may want
to constrain a web administrator to only being able to
restart the web server, not other services. This special type
will help address that goal.
</p>
<p>
This also makes the type usable for files; thus an
explicit call to files_type() is redundant.
</p>
</desc>
<param name="script_file">
<summary>
Type to be used for a script file.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="init_script_domain" lineno="67">
<summary>
Create a domain used for init scripts.
</summary>
<desc>
<p>
Create a domain used for init scripts.
Can not be used in conjunction with
init_script_file().
</p>
</desc>
<param name="domain">
<summary>
Type to be used as an init script domain.
</summary>
</param>
<param name="script_file">
<summary>
Type of the script file used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="init_domain" lineno="97">
<summary>
Create a domain which can be started by init.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="init_ranged_domain" lineno="140">
<summary>
Create a domain which can be started by init,
with a range transition.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
</interface>
<interface name="init_daemon_domain" lineno="192">
<summary>
Create a domain for long running processes
(daemons/services) which are started by init scripts.
</summary>
<desc>
<p>
Create a domain for long running processes (daemons/services)
which are started by init scripts. Short running processes
should use the init_system_domain() interface instead.
Typically all long running processes started by an init
script (usually in /etc/init.d) will need to use this
interface.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the process must also run in a specific MLS/MCS level,
the init_ranged_daemon_domain() should be used instead.
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a daemon domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_initrc_domain" lineno="265">
<summary>
Create initrc domain.
</summary>
<param name="domain">
<summary>
Type to be used as a initrc daemon domain.
</summary>
</param>
</interface>
<interface name="init_initrc_domtrans_to" lineno="288">
<summary>
Create initrc domain.
</summary>
<param name="domain">
<summary>
Type to be used as a initrc daemon domain.
</summary>
</param>
<param name="type">
<summary>
Executable type.
</summary>
</param>
</interface>
<interface name="init_ranged_daemon_domain" lineno="339">
<summary>
Create a domain for long running processes
(daemons/services) which are started by init scripts,
running at a specified MLS/MCS range.
</summary>
<desc>
<p>
Create a domain for long running processes (daemons/services)
which are started by init scripts, running at a specified
MLS/MCS range. Short running processes
should use the init_ranged_system_domain() interface instead.
Typically all long running processes started by an init
script (usually in /etc/init.d) will need to use this
interface if they need to run in a specific MLS/MCS range.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the policy build option TYPE is standard (MLS and MCS disabled),
this interface has the same behavior as init_daemon_domain().
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a daemon domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="range">
<summary>
MLS/MCS range for the domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_system_domain" lineno="393">
<summary>
Create a domain for short running processes
which are started by init scripts.
</summary>
<desc>
<p>
Create a domain for long running processes (daemons/services)
which are started by init scripts. These are generally applications that
are used to initialize the system during boot.
Long running processes
should use the init_daemon_domain() interface instead.
Typically all short running processes started by an init
script (usually in /etc/init.d) will need to use this
interface.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the process must also run in a specific MLS/MCS level,
the init_ranged_system_domain() should be used instead.
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a system domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_ranged_system_domain" lineno="504">
<summary>
Create a domain for short running processes
which are started by init scripts.
</summary>
<desc>
<p>
Create a domain for long running processes (daemons/services)
which are started by init scripts.
These are generally applications that
are used to initialize the system during boot.
Long running processes
should use the init_ranged_system_domain() interface instead.
Typically all short running processes started by an init
script (usually in /etc/init.d) will need to use this
interface if they need to run in a specific MLS/MCS range.
</p>
<p>
The types will be made usable as a domain and file, making
calls to domain_type() and files_type() redundant.
</p>
<p>
If the policy build option TYPE is standard (MLS and MCS disabled),
this interface has the same behavior as init_system_domain().
</p>
</desc>
<param name="domain">
<summary>
Type to be used as a system domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
<param name="range">
<summary>
Range for the domain.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="init_domtrans" lineno="530">
<summary>
Execute init (/sbin/init) with a domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_exec" lineno="549">
<summary>
Execute the init program in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_getpgid" lineno="568">
<summary>
Get the process group of init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signull" lineno="586">
<summary>
Send init a null signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_sigchld" lineno="604">
<summary>
Send init a SIGCHLD signal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_use_fds" lineno="662">
<summary>
Inherit and use file descriptors from init.
</summary>
<desc>
<p>
Allow the specified domain to inherit file
descriptors from the init program (process ID 1).
Typically the only file descriptors to be
inherited from init are for the console.
This does not allow the domain any access to
the object to which the file descriptors references.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>init_dontaudit_use_fds()</li>
<li>term_dontaudit_use_console()</li>
<li>term_use_console()</li>
</ul>
<p>
Example usage:
</p>
<p>
init_use_fds(mydomain_t)
term_use_console(mydomain_t)
</p>
<p>
Normally, processes that can inherit these file
descriptors (usually services) write messages to the
system log instead of writing to the console.
Therefore, in many cases, this access should
dontaudited instead.
</p>
<p>
Example dontaudit usage:
</p>
<p>
init_dontaudit_use_fds(mydomain_t)
term_dontaudit_use_console(mydomain_t)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="1"/>
</interface>
<interface name="init_dontaudit_use_fds" lineno="681">
<summary>
Do not audit attempts to inherit file
descriptors from init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_udp_send" lineno="699">
<summary>
Send UDP network traffic to init. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_initctl" lineno="713">
<summary>
Get the attributes of initctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_getattr_initctl" lineno="732">
<summary>
Do not audit attempts to get the
attributes of initctl.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_write_initctl" lineno="750">
<summary>
Write to initctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_telinit" lineno="770">
<summary>
Use telinit (Read and write initctl).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_rw_initctl" lineno="805">
<summary>
Read and write initctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_rw_initctl" lineno="825">
<summary>
Do not audit attempts to read and
write initctl.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_script_file_entry_type" lineno="844">
<summary>
Make init scripts an entry point for
the specified domain.
</summary>
<param name="domain">
<summary>
The domain for which init scripts are an entrypoint.
</summary>
</param>
</interface>
<interface name="init_spec_domtrans_script" lineno="862">
<summary>
Execute init scripts with a specified domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_domtrans_script" lineno="890">
<summary>
Execute init scripts with an automatic domain transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_bin_domtrans_spec" lineno="921">
<summary>
Execute a file in a bin directory
in the initrc_t domain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_script_file_domtrans" lineno="954">
<summary>
Execute a init script in a specified domain.
</summary>
<desc>
<p>
Execute a init script in a specified domain.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain to transition from.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="init_labeled_script_domtrans" lineno="979">
<summary>
Transition to the init script domain
on a specified labeled init script.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="init_script_file">
<summary>
Labeled init script file.
</summary>
</param>
</interface>
<interface name="init_all_labeled_script_domtrans" lineno="1001">
<summary>
Transition to the init script domain
for all labeled init script types
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
</interface>
<interface name="init_run_daemon" lineno="1031">
<summary>
Start and stop daemon programs directly.
</summary>
<desc>
<p>
Start and stop daemon programs directly
in the traditional "/etc/init.d/daemon start"
style, and do not require run_init.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be performing this action.
</summary>
</param>
</interface>
<interface name="init_read_state" lineno="1051">
<summary>
Read the process state (/proc/pid) of init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_ptrace" lineno="1072">
<summary>
Ptrace init
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="init_write_script_pipes" lineno="1090">
<summary>
Write an init script unnamed pipe.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_script_files" lineno="1108">
<summary>
Get the attribute of init script entrypoint files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_script_files" lineno="1127">
<summary>
Read init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_exec_script_files" lineno="1146">
<summary>
Execute init scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getattr_all_script_files" lineno="1165">
<summary>
Get the attribute of all init script entrypoint files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_all_script_files" lineno="1184">
<summary>
Read all init script files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_read_all_script_files" lineno="1203">
<summary>
Dontaudit read all init script files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_exec_all_script_files" lineno="1221">
<summary>
Execute all init scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_script_state" lineno="1240">
<summary>
Read the process state (/proc/pid) of the init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_use_script_fds" lineno="1264">
<summary>
Inherit and use init script file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_use_script_fds" lineno="1283">
<summary>
Do not audit attempts to inherit
init script file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_getpgid_script" lineno="1301">
<summary>
Get the process group ID of init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_sigchld_script" lineno="1319">
<summary>
Send SIGCHLD signals to init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stream_connect" lineno="1337">
<summary>
Connect to init with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signal_script" lineno="1355">
<summary>
Send generic signals to init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signull_script" lineno="1373">
<summary>
Send null signals to init scripts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_script_pipes" lineno="1391">
<summary>
Read and write init script unnamed pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_udp_send_script" lineno="1409">
<summary>
Send UDP network traffic to init scripts. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_stream_connect_script" lineno="1424">
<summary>
Allow the specified domain to connect to
init scripts with a unix socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_script_stream_sockets" lineno="1443">
<summary>
Allow the specified domain to read/write to
init scripts with a unix domain stream sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_stream_connect_script" lineno="1462">
<summary>
Dont audit the specified domain connecting to
init scripts with a unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dbus_send_script" lineno="1479">
<summary>
Send messages to init scripts over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dbus_chat" lineno="1499">
<summary>
Send and receive messages from
init over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dbus_chat_script" lineno="1520">
<summary>
Send and receive messages from
init scripts over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_use_script_ptys" lineno="1549">
<summary>
Read and write the init script pty.
</summary>
<desc>
<p>
Read and write the init script pty. This
pty is generally opened by the open_init_pty
portion of the run_init program so that the
daemon does not require direct access to
the administrator terminal.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_use_script_ptys" lineno="1569">
<summary>
Do not audit attempts to read and
write the init script pty.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_getattr_script_status_files" lineno="1588">
<summary>
Get the attributes of init script
status files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_read_script_status_files" lineno="1607">
<summary>
Do not audit attempts to read init script
status files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_script_tmp_files" lineno="1626">
<summary>
Read init script temporary data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_script_tmp_files" lineno="1645">
<summary>
Read and write init script temporary data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_inherited_script_tmp_files" lineno="1664">
<summary>
Read and write init script inherited temporary data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_script_tmp_filetrans" lineno="1693">
<summary>
Create files in a init script
temporary data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
</interface>
<interface name="init_getattr_utmp" lineno="1712">
<summary>
Get the attributes of init script process id files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_read_utmp" lineno="1730">
<summary>
Read utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_read_utmp" lineno="1749">
<summary>
Do not audit attempts to read utmp.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_dontaudit_write_utmp" lineno="1767">
<summary>
Do not audit attempts to write utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_write_utmp" lineno="1785">
<summary>
Write to utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_lock_utmp" lineno="1805">
<summary>
Do not audit attempts to lock
init script pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_rw_utmp" lineno="1823">
<summary>
Read and write utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_dontaudit_rw_utmp" lineno="1842">
<summary>
Do not audit attempts to read and write utmp.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_manage_utmp" lineno="1860">
<summary>
Create, read, write, and delete utmp.
</summary>
<param name="domain">
<summary>
Domain access allowed.
</summary>
</param>
</interface>
<interface name="init_pid_filetrans_utmp" lineno="1880">
<summary>
Create files in /var/run with the
utmp file type.
</summary>
<param name="domain">
<summary>
Domain access allowed.
</summary>
</param>
</interface>
<interface name="init_tcp_recvfrom_all_daemons" lineno="1898">
<summary>
Allow the specified domain to connect to daemon with a tcp socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_udp_recvfrom_all_daemons" lineno="1916">
<summary>
Allow the specified domain to connect to daemon with a udp socket
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_script_role_transition" lineno="1943">
<summary>
Transition to system_r when execute an init script
</summary>
<desc>
<p>
Execute a init script in a specified role
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_role">
<summary>
Role to transition from.
</summary>
</param>
</interface>
<interface name="init_dontaudit_script_leaks" lineno="1961">
<summary>
dontaudit read and write an leaked init scrip file descriptors
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="init_dontaudit_leaks" lineno="1985">
<summary>
dontaudit read and write an leaked file descriptors
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="init_manage_script_status_files" lineno="2004">
<summary>
Manage init script
status files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="init_signal" lineno="2022">
<summary>
Send generic signals to init.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="init_upstart" dftval="false">
<desc>
<p>
Enable support for upstart as the init program.
</p>
</desc>
</tunable>
<tunable name="allow_daemons_use_tcp_wrapper" dftval="false">
<desc>
<p>
Allow all daemons to use tcp wrappers.
</p>
</desc>
</tunable>
<tunable name="allow_daemons_use_tty" dftval="false">
<desc>
<p>
Allow all daemons the ability to read/write terminals
</p>
</desc>
</tunable>
<tunable name="allow_daemons_dump_core" dftval="false">
<desc>
<p>
Allow all daemons to write corefiles to /
</p>
</desc>
</tunable>
<tunable name="daemons_enable_cluster_mode" dftval="true">
<desc>
<p>
Enable cluster mode for daemons.
</p>
</desc>
</tunable>
</module>
<module name="ipsec" filename="policy/modules/system/ipsec.if">
<summary>TCP/IP encryption</summary>
<interface name="ipsec_domtrans" lineno="13">
<summary>
Execute ipsec in the ipsec domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ipsec_domtrans_mgmt" lineno="31">
<summary>
Execute ipsec in the ipsec_mgmt domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ipsec_stream_connect" lineno="49">
<summary>
Connect to IPSEC using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ipsec_stream_connect_racoon" lineno="68">
<summary>
Connect to racoon using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ipsec_getattr_key_sockets" lineno="87">
<summary>
Get the attributes of an IPSEC key socket.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ipsec_exec_mgmt" lineno="105">
<summary>
Execute the IPSEC management program in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ipsec_read_config" lineno="124">
<summary>
Read the IPSEC configuration
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ipsec_match_default_spd" lineno="143">
<summary>
Match the default SPD entry.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_setcontext_default_spd" lineno="164">
<summary>
Set the context of a SPD entry to
the default context.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_write_pid" lineno="182">
<summary>
write the ipsec_var_run_t files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_manage_pid" lineno="201">
<summary>
Create, read, write, and delete the IPSEC pid files.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ipsec_domtrans_racoon" lineno="220">
<summary>
Execute racoon in the racoon domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ipsec_run_racoon" lineno="244">
<summary>
Execute racoon and allow the specified role the domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ipsec_domtrans_setkey" lineno="263">
<summary>
Execute setkey in the setkey domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="ipsec_run_setkey" lineno="287">
<summary>
Execute setkey and allow the specified role the domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the racoon and setkey domains.
</summary>
</param>
<rolecap/>
</interface>
<interface name="ipsec_mgmt_kill" lineno="306">
<summary>
Send the kill signal to ipsec-mgmt
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_mgmt_signal" lineno="324">
<summary>
Send a generic signal to ipsec-mgmt
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_mgmt_signull" lineno="342">
<summary>
Send a generic signull to ipsec-mgmt.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="ipsec_mgmt_dbus_chat" lineno="361">
<summary>
Send and receive messages from
ipsec-mgmt over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="racoon_read_shadow" dftval="false">
<desc>
<p>
Allow racoon to read shadow
</p>
</desc>
</tunable>
</module>
<module name="iptables" filename="policy/modules/system/iptables.if">
<summary>Policy for iptables.</summary>
<interface name="iptables_domtrans" lineno="13">
<summary>
Execute iptables in the iptables domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_run" lineno="43">
<summary>
Execute iptables in the iptables domain, and
allow the specified role the iptables domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the iptables domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="iptables_exec" lineno="68">
<summary>
Execute iptables in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_initrc_domtrans" lineno="87">
<summary>
Execute iptables in the iptables domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="iptables_setattr_config" lineno="105">
<summary>
Set the attributes of iptables config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_read_config" lineno="124">
<summary>
Read iptables config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iptables_etc_filetrans_config" lineno="145">
<summary>
Create files in /etc with the type used for
the iptables config files.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="iptables_manage_config" lineno="163">
<summary>
Manage iptables config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="iscsi" filename="policy/modules/system/iscsi.if">
<summary>Establish connections to iSCSI devices</summary>
<interface name="iscsid_domtrans" lineno="13">
<summary>
Execute a domain transition to run iscsid.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="iscsi_stream_connect" lineno="31">
<summary>
Connect to ISCSI using a unix domain stream socket.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="iscsi_read_lib_files" lineno="50">
<summary>
Read iscsi lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="iscsi_manage_semaphores" lineno="70">
<summary>
Manage iscsid sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="kdump" filename="policy/modules/system/kdump.if">
<summary>Kernel crash dumping mechanism</summary>
<interface name="kdump_domtrans" lineno="13">
<summary>
Execute kdump in the kdump domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="kdump_initrc_domtrans" lineno="32">
<summary>
Execute kdump in the kdump domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="kdump_read_config" lineno="50">
<summary>
Read kdump configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_manage_config" lineno="69">
<summary>
Manage kdump configuration file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="kdump_admin" lineno="95">
<summary>
All of the rules required to administrate
an kdump environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed to manage the kdump domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="libraries" filename="policy/modules/system/libraries.if">
<summary>Policy for system libraries.</summary>
<interface name="libs_domtrans_ldconfig" lineno="13">
<summary>
Execute ldconfig in the ldconfig domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_exec_ldconfig" lineno="33">
<summary>
Execute ldconfig in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="libs_run_ldconfig" lineno="58">
<summary>
Execute ldconfig in the ldconfig domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to allow the ldconfig domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="libs_use_ld_so" lineno="78">
<summary>
Use the dynamic link/loader for automatic loading
of shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_legacy_use_ld_so" lineno="103">
<summary>
Use the dynamic link/loader for automatic loading
of shared libraries with legacy support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_exec_ld_so" lineno="123">
<summary>
Execute the dynamic link/loader in the caller's domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_manage_ld_so" lineno="145">
<summary>
Create, read, write, and delete the
dynamic link/loader.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabel_ld_so" lineno="165">
<summary>
Relabel to and from the type used for
the dynamic link/loader.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_rw_ld_so_cache" lineno="184">
<summary>
Modify the dynamic link/loader's cached listing
of shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_search_lib" lineno="203">
<summary>
Search library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_dontaudit_write_lib_dirs" lineno="228">
<summary>
Do not audit attempts to write to library directories.
</summary>
<desc>
<p>
Do not audit attempts to write to library directories.
Typically this is used to quiet attempts to recompile
python byte code.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_manage_lib_dirs" lineno="246">
<summary>
Create, read, write, and delete library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_read_lib_files" lineno="265">
<summary>
Read files in the library directories, such
as static libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_exec_lib_files" lineno="286">
<summary>
Execute library scripts in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_use_lib_files" lineno="308">
<summary>
Load and execute functions from generic
lib files as shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_manage_lib_files" lineno="325">
<summary>
Create, read, write, and delete generic
files in library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabelto_lib_files" lineno="343">
<summary>
Relabel files to the type used in library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_dontaudit_relabel_lib_files" lineno="363">
<summary>
Relabel to and from the type used
for generic lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabel_lib_files" lineno="383">
<summary>
Relabel to and from the type used
for generic lib files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_delete_lib_symlinks" lineno="402">
<summary>
Delete generic symlinks in library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_delete_lib_files" lineno="421">
<summary>
Delete generic symlinks in library directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_manage_shared_libs" lineno="440">
<summary>
Create, read, write, and delete shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_use_shared_libs" lineno="458">
<summary>
Load and execute functions from shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_legacy_use_shared_libs" lineno="481">
<summary>
Load and execute functions from shared libraries,
with legacy support.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="libs_relabel_shared_libs" lineno="502">
<summary>
Relabel to and from the type used for
shared libraries.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lib_filetrans_shared_lib" lineno="526">
<summary>
Create an object in lib directories, with
the shared libraries type using a type transition.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
<interface name="files_lib_filetrans_shared_lib" lineno="555">
<summary>
Create an object in lib directories, with
the shared libraries type using a type transition. (Deprecated)
</summary>
<desc>
<p>
Create an object in lib directories, with
the shared libraries type using a type transition. (Deprecated)
</p>
<p>
lib_filetrans_shared_lib() should be used instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
</interface>
</module>
<module name="locallogin" filename="policy/modules/system/locallogin.if">
<summary>Policy for local logins.</summary>
<interface name="locallogin_domtrans" lineno="13">
<summary>
Execute local logins in the local login domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="locallogin_use_fds" lineno="35">
<summary>
Allow processes to inherit local login file descriptors.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="locallogin_dontaudit_use_fds" lineno="53">
<summary>
Do not audit attempts to inherit local login file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="locallogin_signull" lineno="71">
<summary>
Send a null signal to local login processes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_search_keys" lineno="89">
<summary>
Search for key.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_link_keys" lineno="107">
<summary>
Allow link to the local_login key ring.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_domtrans_sulogin" lineno="125">
<summary>
Execute local logins in the local login domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="locallogin_getattr_home_content" lineno="143">
<summary>
Allow domain to gettatr local login home content
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="logging" filename="policy/modules/system/logging.if">
<summary>Policy for the kernel message logger and system logging daemon.</summary>
<interface name="logging_log_file" lineno="41">
<summary>
Make the specified type usable for log files
in a filesystem.
</summary>
<desc>
<p>
Make the specified type usable for log files in a filesystem.
This will also make the type usable for files, making
calls to files_type() redundant. Failure to use this interface
for a log file type may result in problems with log
rotation, log analysis, and log monitoring programs.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>logging_log_filetrans()</li>
</ul>
<p>
Example usage with a domain that can create
and append to a private log file stored in the
general directories (e.g., /var/log):
</p>
<p>
type mylogfile_t;
logging_log_file(mylogfile_t)
allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
logging_log_filetrans(mydomain_t, mylogfile_t, file)
</p>
</desc>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="logging_send_audit_msgs" lineno="62">
<summary>
Send audit messages.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_send_audit_msgs" lineno="77">
<summary>
dontaudit attempts to send audit messages.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_set_loginuid" lineno="92">
<summary>
Set login uid
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_set_tty_audit" lineno="107">
<summary>
Set tty auditing
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_set_audit_parameters" lineno="121">
<summary>
Set up audit
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_read_audit_log" lineno="137">
<summary>
Read the audit log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_domtrans_auditctl" lineno="157">
<summary>
Execute auditctl in the auditctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_run_auditctl" lineno="182">
<summary>
Execute auditctl in the auditctl domain, and
allow the specified role the auditctl domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the auditctl domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_domtrans_auditd" lineno="201">
<summary>
Execute auditd in the auditd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_run_auditd" lineno="225">
<summary>
Execute auditd in the auditd domain, and
allow the specified role the auditd domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the auditd domain.
</summary>
</param>
</interface>
<interface name="logging_stream_connect_auditd" lineno="244">
<summary>
Connect to auditdstored over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_domtrans_dispatcher" lineno="259">
<summary>
Execute a domain transition to run the audit dispatcher.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_signal_dispatcher" lineno="277">
<summary>
Signal the audit dispatcher.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="logging_dispatcher_domain" lineno="301">
<summary>
Create a domain for processes
which can be started by the system audit dispatcher
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
<interface name="logging_stream_connect_dispatcher" lineno="329">
<summary>
Connect to the audit dispatcher over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_audit_config" lineno="349">
<summary>
Manage the auditd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_manage_audit_log" lineno="369">
<summary>
Manage the audit log.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_domtrans_klog" lineno="389">
<summary>
Execute klogd in the klog domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_check_exec_syslog" lineno="408">
<summary>
Check if syslogd is executable.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_domtrans_syslog" lineno="428">
<summary>
Execute syslogd in the syslog domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_log_filetrans" lineno="485">
<summary>
Create an object in the log directory, with a private type.
</summary>
<desc>
<p>
Allow the specified domain to create an object
in the general system log directories (e.g., /var/log)
with a private type. Typically this is used for creating
private log files in /var/log with the private type instead
of the general system log type. To accomplish this goal,
either the program must be SELinux-aware, or use this interface.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>logging_log_file()</li>
</ul>
<p>
Example usage with a domain that can create
and append to a private log file stored in the
general directories (e.g., /var/log):
</p>
<p>
type mylogfile_t;
logging_log_file(mylogfile_t)
allow mydomain_t mylogfile_t:file { create_file_perms append_file_perms };
logging_log_filetrans(mydomain_t, mylogfile_t, file)
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private type">
<summary>
The type of the object to be created.
</summary>
</param>
<param name="object">
<summary>
The object class of the object being created.
</summary>
</param>
<infoflow type="write" weight="10"/>
</interface>
<interface name="logging_send_syslog_msg" lineno="526">
<summary>
Send system log messages.
</summary>
<desc>
<p>
Allow the specified domain to connect to the
system log service (syslog), to send messages be added to
the system logs. Typically this is used by services
that do not have their own log file in /var/log.
</p>
<p>
This does not allow messages to be sent to
the auditing system.
</p>
<p>
Programs which use the libc function syslog() will
require this access.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>logging_send_audit_msgs()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_stream_connect_syslog" lineno="556">
<summary>
Connect to the syslog control unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_read_audit_config" lineno="576">
<summary>
Read the auditd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_dontaudit_search_audit_config" lineno="597">
<summary>
dontaudit search of auditd configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_read_syslog_config" lineno="616">
<summary>
Read syslog configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_search_logs" lineno="636">
<summary>
Allows the domain to open a file in the
log directory, but does not allow the listing
of the contents of the log directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_search_logs" lineno="655">
<summary>
Do not audit attempts to search the var log directory.
</summary>
<param name="domain">
<summary>
Domain not to audit.
</summary>
</param>
</interface>
<interface name="logging_list_logs" lineno="673">
<summary>
List the contents of the generic log directory (/var/log).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_rw_generic_log_dirs" lineno="692">
<summary>
Read and write the generic log directory (/var/log).
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_getattr_all_logs" lineno="712">
<summary>
Do not audit attempts to get the atttributes
of any log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_append_all_logs" lineno="730">
<summary>
Append to all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_inherit_append_all_logs" lineno="750">
<summary>
Append to all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_read_all_logs" lineno="769">
<summary>
Read all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_dontaudit_read_all_logs" lineno="790">
<summary>
dontaudit Read all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_dontaudit_rw_inherited_all_logs" lineno="809">
<summary>
dontaudit Read all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_exec_all_logs" lineno="829">
<summary>
Execute all log files in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_rw_all_logs" lineno="849">
<summary>
read/write to all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_all_logs" lineno="869">
<summary>
Create, read, write, and delete all log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_read_generic_logs" lineno="890">
<summary>
Read generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_write_generic_logs" lineno="910">
<summary>
Write generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_rw_inherited_generic_logs" lineno="930">
<summary>
Dontaudit read/Write inherited generic log files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="logging_dontaudit_write_generic_logs" lineno="948">
<summary>
Dontaudit Write generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_rw_generic_logs" lineno="966">
<summary>
Read and write generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="logging_manage_generic_logs" lineno="988">
<summary>
Create, read, write, and delete
generic log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_admin_audit" lineno="1014">
<summary>
All of the rules required to administrate
the audit environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
User role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_admin_syslog" lineno="1058">
<summary>
All of the rules required to administrate
the syslog environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
User role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="logging_admin" lineno="1118">
<summary>
All of the rules required to administrate
the logging environment
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
User role allowed access.
</summary>
</param>
<rolecap/>
</interface>
<tunable name="logging_syslogd_can_sendmail" dftval="false">
<desc>
<p>
Allow syslogd daemon to send mail
</p>
</desc>
</tunable>
<tunable name="logging_syslog_can_read_tmp" dftval="false">
<desc>
<p>
Allow syslogd daemon to read user tmp content
</p>
</desc>
</tunable>
<tunable name="logging_syslogd_use_tty" dftval="true">
<desc>
<p>
Allow syslogd the ability to read/write terminals
</p>
</desc>
</tunable>
</module>
<module name="lvm" filename="policy/modules/system/lvm.if">
<summary>Policy for logical volume management programs.</summary>
<interface name="lvm_domtrans" lineno="13">
<summary>
Execute lvm programs in the lvm domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="lvm_exec" lineno="32">
<summary>
Execute lvm programs in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="lvm_run" lineno="57">
<summary>
Execute lvm programs in the lvm domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to allow the LVM domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_read_config" lineno="77">
<summary>
Read LVM configuration files.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_manage_config" lineno="98">
<summary>
Manage LVM configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="lvm_domtrans_clvmd" lineno="118">
<summary>
Execute a domain transition to run clvmd.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="lvm_rw_clvmd_tmpfs_files" lineno="137">
<summary>
Read and write to clvmd temporary file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_delete_clvmd_tmpfs_files" lineno="156">
<summary>
Delete lvm temporary file system.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="lvm_dgram_send" lineno="175">
<summary>
Send a message to lvm over the
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="miscfiles" filename="policy/modules/system/miscfiles.if">
<summary>Miscelaneous files.</summary>
<interface name="miscfiles_cert_type" lineno="38">
<summary>
Make the specified type usable as a cert file.
</summary>
<desc>
<p>
Make the specified type usable for cert files.
This will also make the type usable for files, making
calls to files_type() redundant. Failure to use this interface
for a temporary file may result in problems with
cert management tools.
</p>
<p>
Related interfaces:
</p>
<ul>
<li>files_type()</li>
</ul>
<p>
Example:
</p>
<p>
type mycertfile_t;
cert_type(mycertfile_t)
allow mydomain_t mycertfile_t:file read_file_perms;
files_search_etc(mydomain_t)
</p>
</desc>
<param name="type">
<summary>
Type to be used for files.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="miscfiles_read_certs" lineno="58">
<summary>
Read system SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_dontaudit_rw_certs" lineno="79">
<summary>
Dontaudit read/writei certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_cert_dirs" lineno="98">
<summary>
manange system SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_cert_files" lineno="117">
<summary>
manange system SSL certificates.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_read_fonts" lineno="137">
<summary>
Read fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_setattr_fonts_dirs" lineno="166">
<summary>
Set the attributes on a fonts directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_dontaudit_setattr_fonts_dirs" lineno="186">
<summary>
Do not audit attempts to set the attributes
on a fonts directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_dontaudit_write_fonts" lineno="205">
<summary>
Do not audit attempts to write fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_fonts" lineno="225">
<summary>
Create, read, write, and delete fonts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_setattr_fonts_cache_dirs" lineno="249">
<summary>
Set the attributes on a fonts cache directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_dontaudit_setattr_fonts_cache_dirs" lineno="268">
<summary>
Do not audit attempts to set the attributes
on a fonts cache directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_fonts_cache" lineno="287">
<summary>
Create, read, write, and delete fonts cache.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_read_hwdata" lineno="309">
<summary>
Read hardware identification data.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_setattr_localization" lineno="329">
<summary>
Allow process to setattr localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_localization" lineno="361">
<summary>
Allow process to read localization information.
</summary>
<desc>
<p>
Allow the specified domain to read the localization files.
This is typically for time zone configuration files, such as
/etc/localtime and files in /usr/share/zoneinfo.
Typically, any domain which needs to know the GMT/UTC
offset of the current timezone will need access
to these files. Generally, it should be safe for any
domain to read these files.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="miscfiles_rw_localization" lineno="383">
<summary>
Allow process to write localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_relabel_localization" lineno="403">
<summary>
Allow process to relabel localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_legacy_read_localization" lineno="422">
<summary>
Allow process to read legacy time localization info
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_search_man_pages" lineno="441">
<summary>
Search man pages.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="miscfiles_dontaudit_search_man_pages" lineno="460">
<summary>
Do not audit attempts to search man pages.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="miscfiles_read_man_pages" lineno="479">
<summary>
Read man pages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_delete_man_pages" lineno="501">
<summary>
Delete man pages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_man_pages" lineno="526">
<summary>
Create, read, write, and delete man pages
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_read_public_files" lineno="549">
<summary>
Read public files used for file
transfer services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_manage_public_files" lineno="571">
<summary>
Create, read, write, and delete public files
and directories used for file transfer services.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="miscfiles_read_tetex_data" lineno="591">
<summary>
Read TeX data
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_exec_tetex_data" lineno="615">
<summary>
Execute TeX data programs in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_domain_entry_test_files" lineno="640">
<summary>
Let test files be an entry point for
a specified domain.
</summary>
<param name="domain">
<summary>
Domain to be entered.
</summary>
</param>
</interface>
<interface name="miscfiles_read_test_files" lineno="658">
<summary>
Read test files and directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_exec_test_files" lineno="677">
<summary>
Execute test files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_etc_filetrans_localization" lineno="696">
<summary>
Execute test files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="miscfiles_manage_localization" lineno="716">
<summary>
Create, read, write, and delete localization
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="modutils" filename="policy/modules/system/modutils.if">
<summary>Policy for kernel module utilities</summary>
<interface name="modutils_getattr_module_deps" lineno="13">
<summary>
Getattr the dependencies of kernel modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_read_module_deps" lineno="32">
<summary>
Read the dependencies of kernel modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_list_module_config" lineno="53">
<summary>
list the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_read_module_config" lineno="73">
<summary>
Read the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_rename_module_config" lineno="98">
<summary>
Rename a file with the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_delete_module_config" lineno="117">
<summary>
Unlink a file with the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_manage_module_config" lineno="136">
<summary>
Manage files with the configuration options used when
loading modules.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_domtrans_insmod_uncond" lineno="156">
<summary>
Unconditionally execute insmod in the insmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_domtrans_insmod" lineno="175">
<summary>
Execute insmod in the insmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_run_insmod" lineno="204">
<summary>
Execute insmod in the insmod domain, and
allow the specified role the insmod domain,
and use the caller's terminal. Has a sigchld
backchannel.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the insmod domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_exec_insmod" lineno="223">
<summary>
Execute insmod in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_domtrans_depmod" lineno="242">
<summary>
Execute depmod in the depmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_run_depmod" lineno="267">
<summary>
Execute depmod in the depmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the depmod domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_exec_depmod" lineno="286">
<summary>
Execute depmod in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_domtrans_update_mods" lineno="305">
<summary>
Execute depmod in the depmod domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="modutils_run_update_mods" lineno="330">
<summary>
Execute update_modules in the update_modules domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the update_modules domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="modutils_exec_update_mods" lineno="351">
<summary>
Execute update_modules in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="mount" filename="policy/modules/system/mount.if">
<summary>Policy for mount.</summary>
<interface name="mount_domtrans" lineno="13">
<summary>
Execute mount in the mount domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="mount_run" lineno="47">
<summary>
Execute mount in the mount domain, and
allow the specified role the mount domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the mount domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mount_run_fusermount" lineno="95">
<summary>
Execute fusermount in the mount domain, and
allow the specified role the mount domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the mount domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mount_exec" lineno="116">
<summary>
Execute mount in the caller domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="mount_signal" lineno="138">
<summary>
Send a generic signal to mount.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_use_fds" lineno="158">
<summary>
Use file descriptors for mount.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="mount_send_nfs_client_request" lineno="188">
<summary>
Allow the mount domain to send nfs requests for mounting
network drives
</summary>
<desc>
<p>
Allow the mount domain to send nfs requests for mounting
network drives
</p>
<p>
This interface has been deprecated as these rules were
a side effect of leaked mount file descriptors. This
interface has no effect.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_domtrans_unconfined" lineno="202">
<summary>
Execute mount in the unconfined mount domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="mount_run_unconfined" lineno="228">
<summary>
Execute mount in the unconfined mount domain, and
allow the specified role the unconfined mount domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the unconfined mount domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="mount_domtrans_fusermount" lineno="255">
<summary>
Execute fusermount in the mount domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="mount_exec_fusermount" lineno="273">
<summary>
Execute fusermount.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="mount_dontaudit_exec_fusermount" lineno="291">
<summary>
dontaudit Execute fusermount.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="mount_domtrans_showmount" lineno="309">
<summary>
Execute a domain transition to run showmount.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="mount_run_showmount" lineno="333">
<summary>
Execute showmount in the showmount domain, and
allow the specified role the showmount domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the showmount domain.
</summary>
</param>
</interface>
<tunable name="allow_mount_anyfile" dftval="false">
<desc>
<p>
Allow the mount command to mount any directory or file.
</p>
</desc>
</tunable>
</module>
<module name="netlabel" filename="policy/modules/system/netlabel.if">
<summary>NetLabel/CIPSO labeled networking management</summary>
<interface name="netlabel_domtrans_mgmt" lineno="13">
<summary>
Execute netlabel_mgmt in the netlabel_mgmt domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="netlabel_run_mgmt" lineno="39">
<summary>
Execute netlabel_mgmt in the netlabel_mgmt domain, and
allow the specified role the netlabel_mgmt domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the netlabel_mgmt domain.
</summary>
</param>
<rolecap/>
</interface>
</module>
<module name="pcmcia" filename="policy/modules/system/pcmcia.if">
<summary>PCMCIA card management services</summary>
<interface name="pcmcia_stub" lineno="13">
<summary>
PCMCIA stub interface. No access allowed.
</summary>
<param name="domain" unused="true">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcmcia_domtrans_cardmgr" lineno="29">
<summary>
Execute cardmgr in the cardmgr domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="pcmcia_use_cardmgr_fds" lineno="47">
<summary>
Inherit and use file descriptors from cardmgr.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcmcia_domtrans_cardctl" lineno="65">
<summary>
Execute cardctl in the cardmgr domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="pcmcia_run_cardctl" lineno="90">
<summary>
Execute cardmgr in the cardctl domain, and
allow the specified role the cardmgr domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the cardmgr domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="pcmcia_read_pid" lineno="109">
<summary>
Read cardmgr pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcmcia_manage_pid" lineno="129">
<summary>
Create, read, write, and delete
cardmgr pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="pcmcia_manage_pid_chr_files" lineno="149">
<summary>
Create, read, write, and delete
cardmgr runtime character nodes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="raid" filename="policy/modules/system/raid.if">
<summary>RAID array management tools</summary>
<interface name="raid_domtrans_mdadm" lineno="13">
<summary>
Execute software raid tools in the mdadm domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="raid_manage_mdadm_pid" lineno="40">
<summary>
Create, read, write, and delete the mdadm pid files.
</summary>
<desc>
<p>
Create, read, write, and delete the mdadm pid files.
</p>
<p>
Added for use in the init module.
</p>
</desc>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="raid_read_mdadm_map" lineno="61">
<summary>
Read mdadm map file.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
</module>
<module name="selinuxutil" filename="policy/modules/system/selinuxutil.if">
<summary>Policy for SELinux policy and userland applications.</summary>
<interface name="seutil_domtrans_checkpolicy" lineno="13">
<summary>
Execute checkpolicy in the checkpolicy domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_run_checkpolicy" lineno="41">
<summary>
Execute checkpolicy in the checkpolicy domain, and
allow the specified role the checkpolicy domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the checkpolicy domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_checkpolicy" lineno="61">
<summary>
Execute checkpolicy in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_domtrans_loadpolicy" lineno="81">
<summary>
Execute load_policy in the load_policy domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_run_loadpolicy" lineno="108">
<summary>
Execute load_policy in the load_policy domain, and
allow the specified role the load_policy domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the load_policy domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_loadpolicy" lineno="127">
<summary>
Execute load_policy in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_loadpolicy" lineno="146">
<summary>
Read the load_policy program file.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_domtrans_newrole" lineno="165">
<summary>
Execute newrole in the newole domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_run_newrole" lineno="193">
<summary>
Execute newrole in the newrole domain, and
allow the specified role the newrole domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the newrole domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_newrole" lineno="218">
<summary>
Execute newrole in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_signal_newrole" lineno="239">
<summary>
Do not audit the caller attempts to send
a signal to newrole.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_sigchld_newrole" lineno="267">
<summary>
Send a SIGCHLD signal to newrole.
</summary>
<desc>
<p>
Allow the specified domain to send a SIGCHLD
signal to newrole. This signal is automatically
sent from a process that is terminating to
its parent. This may be needed by domains
that are executed from newrole.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="write" weight="1"/>
</interface>
<interface name="seutil_use_newrole_fds" lineno="285">
<summary>
Inherit and use newrole file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_use_newrole_fds" lineno="304">
<summary>
Do not audit attempts to inherit and use
newrole file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_domtrans_restorecon" lineno="322">
<summary>
Execute restorecon in the restorecon domain. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_run_restorecon" lineno="345">
<summary>
Execute restorecon in the restorecon domain, and
allow the specified role the restorecon domain,
and use the caller's terminal. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the restorecon domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_restorecon" lineno="361">
<summary>
Execute restorecon in the caller domain. (Deprecated)
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_restorecond" lineno="377">
<summary>
Execute restorecond in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_domtrans_runinit" lineno="397">
<summary>
Execute run_init in the run_init domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_init_script_domtrans_runinit" lineno="423">
<summary>
Execute init scripts in the run_init domain.
</summary>
<desc>
<p>
Execute init scripts in the run_init domain.
This is used for the Gentoo integrated run_init.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_run_runinit" lineno="453">
<summary>
Execute run_init in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the run_init domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_init_script_run_runinit" lineno="493">
<summary>
Execute init scripts in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</summary>
<desc>
<p>
Execute init scripts in the run_init domain, and
allow the specified role the run_init domain,
and use the caller's terminal.
</p>
<p>
This is used for the Gentoo integrated run_init.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the run_init domain.
</summary>
</param>
</interface>
<interface name="seutil_use_runinit_fds" lineno="516">
<summary>
Inherit and use run_init file descriptors.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_domtrans_setfiles" lineno="534">
<summary>
Execute setfiles in the setfiles domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_run_setfiles" lineno="566">
<summary>
Execute setfiles in the setfiles domain, and
allow the specified role the setfiles domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the setfiles domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_domtrans_setfiles_mac" lineno="585">
<summary>
Execute setfiles in the setfiles domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_run_setfiles_mac" lineno="613">
<summary>
Execute setfiles in the setfiles_mac domain, and
allow the specified role the setfiles_mac domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the setfiles_mac domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_exec_setfiles" lineno="632">
<summary>
Execute setfiles in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_search_config" lineno="653">
<summary>
Do not audit attempts to search the SELinux
configuration directory (/etc/selinux).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_read_config" lineno="672">
<summary>
Do not audit attempts to read the SELinux
userland configuration (/etc/selinux).
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_read_config" lineno="692">
<summary>
Read the general SELinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_rw_config" lineno="714">
<summary>
Read and write the general SELinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_manage_selinux_config" lineno="746">
<summary>
Create, read, write, and delete
the general selinux configuration files. (Deprecated)
</summary>
<desc>
<p>
Create, read, write, and delete
the general selinux configuration files.
</p>
<p>
This interface has been deprecated, please
use the seutil_manage_config() interface instead.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_manage_config" lineno="763">
<summary>
Create, read, write, and delete
the general selinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_manage_config_dirs" lineno="786">
<summary>
Create, read, write, and delete
the general selinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_dontaudit_search_login_config" lineno="806">
<summary>
Do not audit attempts to search the SELinux
login configuration directory.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_read_login_config" lineno="825">
<summary>
Do not audit attempts to read the SELinux
login configuration.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="seutil_read_login_config" lineno="843">
<summary>
Read the SELinux login configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_rw_login_config" lineno="866">
<summary>
Read and write the SELinux login configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_rw_login_config_dirs" lineno="889">
<summary>
Create, read, write, and delete
the general selinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_login_config" lineno="911">
<summary>
Create, read, write, and delete
the general selinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_login_config_files" lineno="934">
<summary>
manage the login selinux configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_search_default_contexts" lineno="956">
<summary>
Search the policy directory with default_context files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_default_contexts" lineno="976">
<summary>
Read the default_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_manage_default_contexts" lineno="997">
<summary>
Create, read, write, and delete the default_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_file_contexts" lineno="1018">
<summary>
Read the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_dontaudit_read_file_contexts" lineno="1039">
<summary>
Do not audit attempts to read the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_rw_file_contexts" lineno="1058">
<summary>
Read and write the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_file_contexts" lineno="1079">
<summary>
Create, read, write, and delete the file_contexts files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_read_bin_policy" lineno="1099">
<summary>
Read the SELinux binary policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_create_bin_policy" lineno="1119">
<summary>
Create the SELinux binary policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_relabelto_bin_policy" lineno="1142">
<summary>
Allow the caller to relabel a file to the binary policy type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_bin_policy" lineno="1163">
<summary>
Create, read, write, and delete the SELinux
binary policy.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_read_src_policy" lineno="1185">
<summary>
Read SELinux policy source files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_src_policy" lineno="1207">
<summary>
Create, read, write, and delete SELinux
policy source files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_domtrans_semanage" lineno="1228">
<summary>
Execute a domain transition to run semanage.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_domtrans_setsebool" lineno="1248">
<summary>
Execute a domain transition to run setsebool.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="seutil_run_semanage" lineno="1276">
<summary>
Execute semanage in the semanage domain, and
allow the specified role the semanage domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the semanage domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_run_setsebool" lineno="1305">
<summary>
Execute setsebool in the semanage domain, and
allow the specified role the semanage domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the setsebool domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="seutil_read_module_store" lineno="1325">
<summary>
Full management of the semanage
module store.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_manage_module_store" lineno="1346">
<summary>
Full management of the semanage
module store.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_get_semanage_read_lock" lineno="1367">
<summary>
Get read lock on module store
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_get_semanage_trans_lock" lineno="1386">
<summary>
Get trans lock on module store
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_libselinux_linked" lineno="1414">
<summary>
SELinux-enabled program access for
libselinux-linked programs.
</summary>
<desc>
<p>
SELinux-enabled programs are typically
linked to the libselinux library. This
interface will allow access required for
the libselinux constructor to function.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_dontaudit_libselinux_linked" lineno="1444">
<summary>
Do not audit SELinux-enabled program access for
libselinux-linked programs.
</summary>
<desc>
<p>
SELinux-enabled programs are typically
linked to the libselinux library. This
interface will dontaudit access required for
the libselinux constructor to function.
</p>
<p>
Generally this should not be used on anything
but simple SELinux-enabled programs that do not
rely on data initialized by the libselinux
constructor.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_semanage_policy" lineno="1459">
<summary>
All rules necessary to run semanage command
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="seutil_setfiles" lineno="1537">
<summary>
All rules necessary to run setfiles command
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="setrans" filename="policy/modules/system/setrans.if">
<summary>SELinux MLS/MCS label translation service.</summary>
<interface name="setrans_initrc_domtrans" lineno="14">
<summary>
Execute setrans server in the setrans domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="setrans_translate_context" lineno="32">
<summary>
Allow a domain to translate contexts.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sosreport" filename="policy/modules/system/sosreport.if">
<summary>policy for sosreport</summary>
<interface name="sosreport_domtrans" lineno="13">
<summary>
Execute a domain transition to run sosreport.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="sosreport_run" lineno="38">
<summary>
Execute sosreport in the sosreport domain, and
allow the specified role the sosreport domain.
</summary>
<param name="domain">
<summary>
Domain allowed access
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the sosreport domain.
</summary>
</param>
</interface>
<interface name="sosreport_role" lineno="62">
<summary>
Role access for sosreport
</summary>
<param name="role">
<summary>
Role allowed access
</summary>
</param>
<param name="domain">
<summary>
User domain for the role
</summary>
</param>
</interface>
<interface name="sosreport_read_tmp_files" lineno="86">
<summary>
Allow the specified domain to read
sosreport tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sosreport_delete_tmp_files" lineno="105">
<summary>
Delete sosreport tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sosreport_append_tmp_files" lineno="124">
<summary>
Append sosreport tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
</module>
<module name="sysnetwork" filename="policy/modules/system/sysnetwork.if">
<summary>Policy for network configuration: ifconfig and dhcp client.</summary>
<interface name="sysnet_domtrans_dhcpc" lineno="13">
<summary>
Execute dhcp client in dhcpc domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="sysnet_run_dhcpc" lineno="39">
<summary>
Execute DHCP clients in the dhcpc domain, and
allow the specified role the dhcpc domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the clock domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_sigchld_dhcpc" lineno="93">
<summary>
Send a SIGCHLD signal to the dhcp client.
</summary>
<param name="domain">
<summary>
The domain sending the SIGCHLD.
</summary>
</param>
</interface>
<interface name="sysnet_kill_dhcpc" lineno="112">
<summary>
Send a kill signal to the dhcp client.
</summary>
<param name="domain">
<summary>
The domain sending the SIGKILL.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_sigstop_dhcpc" lineno="130">
<summary>
Send a SIGSTOP signal to the dhcp client.
</summary>
<param name="domain">
<summary>
The domain sending the SIGSTOP.
</summary>
</param>
</interface>
<interface name="sysnet_signull_dhcpc" lineno="148">
<summary>
Send a null signal to the dhcp client.
</summary>
<param name="domain">
<summary>
The domain sending the null signal.
</summary>
</param>
</interface>
<interface name="sysnet_signal_dhcpc" lineno="167">
<summary>
Send a generic signal to the dhcp client.
</summary>
<param name="domain">
<summary>
The domain sending the signal.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_dbus_chat_dhcpc" lineno="186">
<summary>
Send and receive messages from
dhcpc over dbus.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_rw_dhcp_config" lineno="206">
<summary>
Read and write dhcp configuration files.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_read_dhcpc_state" lineno="225">
<summary>
Read dhcp client state files.
</summary>
<param name="domain">
<summary>
The domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_delete_dhcpc_state" lineno="243">
<summary>
Delete the dhcp client state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_relabelfrom_dhcpc_state" lineno="261">
<summary>
Allow caller to relabel dhcpc_state files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_manage_dhcpc_state" lineno="280">
<summary>
Manage the dhcp client state files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_setattr_config" lineno="298">
<summary>
Set the attributes of network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_relabelfrom_net_conf" lineno="317">
<summary>
Allow caller to relabel net_conf files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_relabelto_net_conf" lineno="336">
<summary>
Allow caller to relabel net_conf files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_read_config" lineno="376">
<summary>
Read network config files.
</summary>
<desc>
<p>
Allow the specified domain to read the
general network configuration files. A
common example of this is the
/etc/resolv.conf file, which has domain
name system (DNS) server IP addresses.
Typically, most networking processes will
require the access provided by this interface.
</p>
<p>
Higher-level interfaces which involve
networking will generally call this interface,
for example:
</p>
<ul>
<li>sysnet_dns_name_resolve()</li>
<li>sysnet_use_ldap()</li>
<li>sysnet_use_portmap()</li>
</ul>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_dontaudit_read_config" lineno="400">
<summary>
Do not audit attempts to read network config files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="sysnet_write_config" lineno="418">
<summary>
Write network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_create_config" lineno="437">
<summary>
Create network config files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_etc_filetrans_config" lineno="457">
<summary>
Create files in /etc with the type used for
the network config files.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="sysnet_manage_config" lineno="475">
<summary>
Create, read, write, and delete network config files.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="sysnet_read_dhcpc_pid" lineno="494">
<summary>
Read the dhcp client pid file.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="sysnet_delete_dhcpc_pid" lineno="513">
<summary>
Delete the dhcp client pid file.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="sysnet_domtrans_ifconfig" lineno="532">
<summary>
Execute ifconfig in the ifconfig domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="sysnet_run_ifconfig" lineno="563">
<summary>
Execute ifconfig in the ifconfig domain, and
allow the specified role the ifconfig domain,
and use the caller's terminal.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the ifconfig domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_exec_ifconfig" lineno="583">
<summary>
Execute ifconfig in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_signal_ifconfig" lineno="603">
<summary>
Send a generic signal to ifconfig.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_read_dhcp_config" lineno="621">
<summary>
Read the DHCP configuration files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_search_dhcp_state" lineno="641">
<summary>
Search the DHCP state data directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_dhcp_state_filetrans" lineno="680">
<summary>
Create DHCP state data.
</summary>
<desc>
<p>
Create DHCP state data.
</p>
<p>
This is added for DHCP server, as
the server and client put their state
files in the same directory.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="file_type">
<summary>
The type of the object to be created
</summary>
</param>
<param name="object_class">
<summary>
The object class.
</summary>
</param>
</interface>
<interface name="sysnet_dns_name_resolve" lineno="700">
<summary>
Perform a DNS name resolution.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="sysnet_use_ldap" lineno="743">
<summary>
Connect and use a LDAP server.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_use_portmap" lineno="774">
<summary>
Connect and use remote port mappers.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="sysnet_dontaudit_dhcpc_use_fds" lineno="808">
<summary>
Do not audit attempts to use
the dhcp file descriptors.
</summary>
<param name="domain">
<summary>
The domain sending the SIGCHLD.
</summary>
</param>
</interface>
<interface name="sysnet_role_transition_dhcpc" lineno="835">
<summary>
Transition to system_r when execute an dhclient script
</summary>
<desc>
<p>
Execute dhclient script in a specified role
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_role">
<summary>
Role to transition from.
</summary>
</param>
</interface>
<tunable name="dhcpc_exec_iptables" dftval="false">
<desc>
<p>
Allow dhcpc client applications to execute iptables commands
</p>
</desc>
</tunable>
</module>
<module name="udev" filename="policy/modules/system/udev.if">
<summary>Policy for udev.</summary>
<interface name="udev_run" lineno="20">
<summary>
Execute udev in the udev domain, and
allow the specified role the udev domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role to be allowed the iptables domain.
</summary>
</param>
<rolecap/>
</interface>
<interface name="udev_signal" lineno="39">
<summary>
Send generic signals to udev.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_domtrans" lineno="57">
<summary>
Execute udev in the udev domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="udev_exec" lineno="75">
<summary>
Execute udev in the caller domain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_helper_domtrans" lineno="93">
<summary>
Execute a udev helper in the udev domain.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="udev_read_state" lineno="111">
<summary>
Allow process to read udev process state.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_dontaudit_use_fds" lineno="131">
<summary>
Do not audit attempts to inherit a
udev file descriptor.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="udev_dontaudit_rw_dgram_sockets" lineno="150">
<summary>
Do not audit attempts to read or write
to a udev unix datagram socket.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="udev_dontaudit_search_db" lineno="168">
<summary>
Do not audit search of udev database directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="udev_read_db" lineno="192">
<summary>
Read the udev device table.
</summary>
<desc>
<p>
Allow the specified domain to read the udev device table.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="read" weight="10"/>
</interface>
<interface name="udev_rw_db" lineno="213">
<summary>
Allow process to modify list of devices.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="udev_delete_db" lineno="232">
<summary>
Allow process to delete list of devices.
</summary>
<param name="domain">
<summary>
The type of the process performing this action.
</summary>
</param>
</interface>
<interface name="udev_read_pid_files" lineno="252">
<summary>
Create, read, write, and delete
udev pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_manage_pid_files" lineno="275">
<summary>
Create, read, write, and delete
udev pid files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="udev_system_domain" lineno="300">
<summary>
Create a domain for processes
which can be started by udev.
</summary>
<param name="domain">
<summary>
Type to be used as a domain.
</summary>
</param>
<param name="entry_point">
<summary>
Type of the program to be used as an entry point to this domain.
</summary>
</param>
</interface>
</module>
<module name="unconfined" filename="policy/modules/system/unconfined.if">
<summary>The unconfined domain.</summary>
<interface name="unconfined_domain_noaudit" lineno="13">
<summary>
Make the specified domain unconfined.
</summary>
<param name="domain">
<summary>
Domain to make unconfined.
</summary>
</param>
</interface>
<interface name="unconfined_domain" lineno="136">
<summary>
Make the specified domain unconfined and
audit executable heap usage.
</summary>
<desc>
<p>
Make the specified domain unconfined and
audit executable heap usage. With exception
of memory protections, usage of this interface
will result in the level of access the domain has
is like SELinux was not being used.
</p>
<p>
Only completely trusted domains should use this interface.
</p>
</desc>
<param name="domain">
<summary>
Domain to make unconfined.
</summary>
</param>
</interface>
<interface name="unconfined_alias_domain" lineno="168">
<summary>
Add an alias type to the unconfined domain. (Deprecated)
</summary>
<desc>
<p>
Add an alias type to the unconfined domain. (Deprecated)
</p>
<p>
This is added to support targeted policy. Its
use should be limited. It has no effect
on the strict policy.
</p>
</desc>
<param name="domain">
<summary>
New alias of the unconfined domain.
</summary>
</param>
</interface>
<interface name="unconfined_execmem_alias_program" lineno="194">
<summary>
Add an alias type to the unconfined execmem
program file type. (Deprecated)
</summary>
<desc>
<p>
Add an alias type to the unconfined execmem
program file type. (Deprecated)
</p>
<p>
This is added to support targeted policy. Its
use should be limited. It has no effect
on the strict policy.
</p>
</desc>
<param name="domain">
<summary>
New alias of the unconfined execmem program type.
</summary>
</param>
</interface>
</module>
<module name="userdomain" filename="policy/modules/system/userdomain.if">
<summary>Policy for user domains</summary>
<template name="userdom_base_user_template" lineno="24">
<summary>
The template containing the most basic rules common to all users.
</summary>
<desc>
<p>
The template containing the most basic rules common to all users.
</p>
<p>
This template creates a user domain, types, and
rules for the user's tty and pty.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolebase/>
</template>
<interface name="userdom_ro_home_role" lineno="187">
<summary>
Allow a home directory for which the
role has read-only access.
</summary>
<desc>
<p>
Allow a home directory for which the
role has read-only access.
</p>
<p>
This does not allow execute access.
</p>
</desc>
<param name="role">
<summary>
The user role
</summary>
</param>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_home_role" lineno="241">
<summary>
Allow a home directory for which the
role has full access.
</summary>
<desc>
<p>
Allow a home directory for which the
role has full access.
</p>
<p>
This does not allow execute access.
</p>
</desc>
<param name="role">
<summary>
The user role
</summary>
</param>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_tmp_role" lineno="315">
<summary>
Manage user temporary files
</summary>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_exec_user_bin_files" lineno="343">
<summary>
Execute user bin files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_exec_user_tmp_files" lineno="364">
<summary>
The execute access user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_manage_tmpfs_role" lineno="400">
<summary>
Role access for the user tmpfs type
that the user has full access.
</summary>
<desc>
<p>
Role access for the user tmpfs type
that the user has full access.
</p>
<p>
This does not allow execute access.
</p>
</desc>
<param name="role">
<summary>
Role allowed access.
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_basic_networking" lineno="427">
<summary>
The interface allowing the user basic
network permissions
</summary>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
<rolebase/>
</interface>
<template name="userdom_xwindows_client_template" lineno="466">
<summary>
The template for creating a user xwindows client. (Deprecated)
</summary>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolebase/>
</template>
<template name="userdom_change_password_template" lineno="508">
<summary>
The template for allowing the user to change passwords.
</summary>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<rolebase/>
</template>
<template name="userdom_common_user_template" lineno="538">
<summary>
The template containing rules common to unprivileged
users and administrative users.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_login_user_template" lineno="812">
<summary>
The template for creating a login user.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_restricted_user_template" lineno="954">
<summary>
The template for creating a unprivileged login user.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_restricted_xwindows_user_template" lineno="1024">
<summary>
The template for creating a unprivileged xwindows login user.
</summary>
<desc>
<p>
The template for creating a unprivileged xwindows login user.
</p>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_unpriv_user_template" lineno="1138">
<summary>
The template for creating a unprivileged user roughly
equivalent to a regular linux user.
</summary>
<desc>
<p>
The template for creating a unprivileged user roughly
equivalent to a regular linux user.
</p>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
</template>
<template name="userdom_admin_user_template" lineno="1265">
<summary>
The template for creating an administrative user.
</summary>
<desc>
<p>
This template creates a user domain, types, and
rules for the user's tty, pty, home directories,
tmp, and tmpfs files.
</p>
<p>
The privileges given to administrative users are:
<ul>
<li>Raw disk access</li>
<li>Set all sysctls</li>
<li>All kernel ring buffer controls</li>
<li>Create, read, write, and delete all files but shadow</li>
<li>Manage source and binary format SELinux policy</li>
<li>Run insmod</li>
</ul>
</p>
</desc>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., sysadm
is the prefix for sysadm_t).
</summary>
</param>
</template>
<template name="userdom_security_admin_template" lineno="1448">
<summary>
Allow user to run as a secadm
</summary>
<desc>
<p>
Create objects in a user home directory
with an automatic type transition to
a specified private type.
</p>
<p>
This is a templated interface, and should only
be called from a per-userdomain template.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="role">
<summary>
The role of the object to create.
</summary>
</param>
</template>
<interface name="userdom_user_application_domain" lineno="1535">
<summary>
Make the specified type usable as
a user application domain.
</summary>
<param name="type">
<summary>
Type to be used as a user application domain.
</summary>
</param>
<param name="type">
<summary>
Type to be used as the domain entry point.
</summary>
</param>
</interface>
<interface name="userdom_user_home_content" lineno="1552">
<summary>
Make the specified type usable in a
user home directory.
</summary>
<param name="type">
<summary>
Type to be used as a file in the
user home directory.
</summary>
</param>
</interface>
<interface name="userdom_user_tmp_content" lineno="1578">
<summary>
Make the specified type usable in a
generic temporary directory.
</summary>
<param name="type">
<summary>
Type to be used as a file in the
generic temporary directory.
</summary>
</param>
</interface>
<interface name="userdom_user_tmpfs_content" lineno="1601">
<summary>
Make the specified type usable in a
generic tmpfs_t directory.
</summary>
<param name="type">
<summary>
Type to be used as a file in the
generic temporary directory.
</summary>
</param>
</interface>
<interface name="userdom_attach_admin_tun_iface" lineno="1622">
<summary>
Allow domain to attach to TUN devices created by administrative users.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_setattr_user_ptys" lineno="1641">
<summary>
Set the attributes of a user pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_create_user_pty" lineno="1659">
<summary>
Create a user pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_getattr_user_home_dirs" lineno="1677">
<summary>
Get the attributes of user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_getattr_user_home_dirs" lineno="1696">
<summary>
Do not audit attempts to get the attributes of user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_search_user_home_dirs" lineno="1714">
<summary>
Search user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_search_user_home_dirs" lineno="1742">
<summary>
Do not audit attempts to search user home directories.
</summary>
<desc>
<p>
Do not audit attempts to search user home directories.
This will supress SELinux denial messages when the specified
domain is denied the permission to search these directories.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="userdom_list_user_home_dirs" lineno="1760">
<summary>
List user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_list_user_home_dirs" lineno="1787">
<summary>
Do not audit attempts to list user home subdirectories.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="userdom_create_user_home_dirs" lineno="1807">
<summary>
Create user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_dirs" lineno="1825">
<summary>
Create user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabelto_user_home_dirs" lineno="1843">
<summary>
Relabel to user home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabelto_user_home_files" lineno="1862">
<summary>
Relabel to user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_relabel_user_home_files" lineno="1879">
<summary>
Relabel user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_home_filetrans_user_home_dir" lineno="1898">
<summary>
Create directories in the home dir root with
the user home directory type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_user_home_domtrans" lineno="1935">
<summary>
Do a domain transition to the specified
domain when executing a program in the
user home directory.
</summary>
<desc>
<p>
Do a domain transition to the specified
domain when executing a program in the
user home directory.
</p>
<p>
No interprocess communication (signals, pipes,
etc.) is provided by this interface since
the domains are not owned by this module.
</p>
</desc>
<param name="source_domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="target_domain">
<summary>
Domain to transition to.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_search_user_home_content" lineno="1955">
<summary>
Do not audit attempts to search user home content directories.
</summary>
<param name="domain">
<summary>
Domain to not audit
</summary>
</param>
</interface>
<interface name="userdom_list_user_home_content" lineno="1975">
<summary>
List contents of users home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_dirs" lineno="1996">
<summary>
Create, read, write, and delete directories
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_home_content_dirs" lineno="2015">
<summary>
Delete directories in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_setattr_user_home_content_files" lineno="2033">
<summary>
Set the attributes of user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_setattr_user_home_content_files" lineno="2052">
<summary>
Do not audit attempts to set the
attributes of user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_mmap_user_home_content_files" lineno="2070">
<summary>
Mmap user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_user_home_content_files" lineno="2089">
<summary>
Read user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_getattr_user_home_content" lineno="2109">
<summary>
Do not audit attempts to getattr user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_user_home_content_files" lineno="2128">
<summary>
Do not audit attempts to read user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_append_user_home_content_files" lineno="2150">
<summary>
Do not audit attempts to append user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_write_user_home_content_files" lineno="2168">
<summary>
Do not audit attempts to write user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_home_content_files" lineno="2186">
<summary>
Delete files in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_relabel_user_home_content_files" lineno="2204">
<summary>
Do not audit attempts to write user home files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_user_home_content_symlinks" lineno="2222">
<summary>
Read user home subdirectory symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_exec_user_home_content_files" lineno="2240">
<summary>
Execute user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_exec_user_home_content_files" lineno="2261">
<summary>
Do not audit attempts to execute user home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_files" lineno="2280">
<summary>
Create, read, write, and delete files
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_user_home_content_dirs" lineno="2302">
<summary>
Do not audit attempts to create, read, write, and delete directories
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_symlinks" lineno="2321">
<summary>
Create, read, write, and delete symbolic links
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_home_content_symlinks" lineno="2341">
<summary>
Delete symbolic links in a user home directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_pipes" lineno="2360">
<summary>
Create, read, write, and delete named pipes
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content_sockets" lineno="2381">
<summary>
Create, read, write, and delete named sockets
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_user_home_dir_filetrans" lineno="2413">
<summary>
Create objects in a user home directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="userdom_user_home_content_filetrans" lineno="2444">
<summary>
Create objects in a user home directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="userdom_user_home_dir_filetrans_user_home_content" lineno="2471">
<summary>
Create objects in a user home directory
with an automatic type transition to
the user home file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="userdom_write_user_tmp_sockets" lineno="2490">
<summary>
Write to user temporary named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_list_user_tmp" lineno="2509">
<summary>
List user temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_search_user_tmp" lineno="2529">
<summary>
Do not audit attempts to search user
temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_list_user_tmp" lineno="2548">
<summary>
Do not audit attempts to list user
temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_user_tmp_dirs" lineno="2567">
<summary>
Do not audit attempts to manage users
temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_user_tmp_files" lineno="2585">
<summary>
Read user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_user_tmp_files" lineno="2606">
<summary>
Do not audit attempts to read users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_append_user_tmp_files" lineno="2625">
<summary>
Do not audit attempts to append users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_rw_user_tmp_files" lineno="2643">
<summary>
Read and write user temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_write_user_tmp_files" lineno="2664">
<summary>
Do not audit attempts to write users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_rw_user_tmp_pipes" lineno="2683">
<summary>
Do not audit attempts to read/write users
temporary fifo files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_use_user_ttys" lineno="2701">
<summary>
Do not audit attempts to use user ttys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_manage_user_tmp_files" lineno="2720">
<summary>
Do not audit attempts to manage users
temporary files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_user_tmp_symlinks" lineno="2738">
<summary>
Read user temporary symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_dirs" lineno="2759">
<summary>
Create, read, write, and delete user
temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_files" lineno="2779">
<summary>
Create, read, write, and delete user
temporary files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_symlinks" lineno="2799">
<summary>
Create, read, write, and delete user
temporary symbolic links.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_pipes" lineno="2819">
<summary>
Create, read, write, and delete user
temporary named pipes.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_sockets" lineno="2839">
<summary>
Create, read, write, and delete user
temporary named sockets.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_user_tmp_filetrans" lineno="2870">
<summary>
Create objects in a user temporary directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="userdom_tmp_filetrans_user_tmp" lineno="2896">
<summary>
Create objects in the temporary directory
with an automatic type transition to
the user temporary type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="userdom_read_user_tmpfs_files" lineno="2914">
<summary>
Read user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_user_tmpfs_files" lineno="2935">
<summary>
Read/Write user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_inherited_user_tmpfs_files" lineno="2956">
<summary>
Read/Write inherited user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_execute_user_tmpfs_files" lineno="2974">
<summary>
Execute user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_tmpfs_files" lineno="2992">
<summary>
Delete user tmpfs files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_getattr_user_ttys" lineno="3010">
<summary>
Get the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_getattr_user_ttys" lineno="3028">
<summary>
Do not audit attempts to get the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_setattr_user_ttys" lineno="3046">
<summary>
Set the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_setattr_user_ttys" lineno="3064">
<summary>
Do not audit attempts to set the attributes of a user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_user_ttys" lineno="3082">
<summary>
Read and write a user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_inherited_user_ttys" lineno="3100">
<summary>
Read and write inherited user domain tty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_user_ptys" lineno="3118">
<summary>
Read and write a user domain pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_inherited_user_ptys" lineno="3136">
<summary>
Read and write inherited user domain pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_inherited_user_terminals" lineno="3155">
<summary>
Read and write inherited user domain pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_user_terminals" lineno="3190">
<summary>
Read and write a user TTYs and PTYs.
</summary>
<desc>
<p>
Allow the specified domain to read and write user
TTYs and PTYs. This will allow the domain to
interact with the user via the terminal. Typically
all interactive applications will require this
access.
</p>
<p>
However, this also allows the applications to spy
on user sessions or inject information into the
user session. Thus, this access should likely
not be allowed for non-interactive domains.
</p>
</desc>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<infoflow type="both" weight="10"/>
</interface>
<interface name="userdom_dontaudit_use_user_terminals" lineno="3211">
<summary>
Do not audit attempts to read and write
a user domain tty and pty.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_spec_domtrans_all_users" lineno="3232">
<summary>
Execute a shell in all user domains. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_xsession_spec_domtrans_all_users" lineno="3255">
<summary>
Execute an Xserver session in all unprivileged user domains. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_spec_domtrans_unpriv_users" lineno="3278">
<summary>
Execute a shell in all unprivileged user domains. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dyntransition_unpriv_users" lineno="3299">
<summary>
Allow domain dyntrans to unpriv userdomain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dyntransition_admin_users" lineno="3317">
<summary>
Allow domain dyntrans to admin userdomain.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_xsession_spec_domtrans_unpriv_users" lineno="3337">
<summary>
Execute an Xserver session in all unprivileged user domains. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_unpriv_user_semaphores" lineno="3358">
<summary>
Manage unpriviledged user SysV sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_unpriv_user_shared_mem" lineno="3377">
<summary>
Manage unpriviledged user SysV shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_unpriv_user_shared_mem" lineno="3396">
<summary>
Read/Write unpriviledged user SysV shared
memory segments.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_bin_spec_domtrans_unpriv_users" lineno="3416">
<summary>
Execute bin_t in the unprivileged user domains. This
is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_entry_spec_domtrans_unpriv_users" lineno="3439">
<summary>
Execute all entrypoint files in unprivileged user
domains. This is an explicit transition, requiring the
caller to use setexeccon().
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_search_user_home_content" lineno="3460">
<summary>
Search users home directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_signal_unpriv_users" lineno="3481">
<summary>
Send general signals to unprivileged user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_unpriv_users_fds" lineno="3499">
<summary>
Inherit the file descriptors from unprivileged user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_use_unpriv_user_fds" lineno="3527">
<summary>
Do not audit attempts to inherit the file descriptors
from unprivileged user domains.
</summary>
<desc>
<p>
Do not audit attempts to inherit the file descriptors
from unprivileged user domains. This will supress
SELinux denial messages when the specified domain is denied
the permission to inherit these file descriptors.
</p>
</desc>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
<infoflow type="none"/>
</interface>
<interface name="userdom_dontaudit_use_user_ptys" lineno="3545">
<summary>
Do not audit attempts to use user ptys.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_relabelto_user_ptys" lineno="3563">
<summary>
Relabel files to unprivileged user pty types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_relabelfrom_user_ptys" lineno="3582">
<summary>
Do not audit attempts to relabel files from
user pty types.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_write_user_tmp_files" lineno="3600">
<summary>
Write all users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_all_users_state" lineno="3618">
<summary>
Read the process state of all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_getattr_all_users" lineno="3638">
<summary>
Get the attributes of all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_use_all_users_fds" lineno="3656">
<summary>
Inherit the file descriptors from all user domains
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_use_all_users_fds" lineno="3675">
<summary>
Do not audit attempts to inherit the file
descriptors from any user domains.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_signal_all_users" lineno="3693">
<summary>
Send general signals to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_sigchld_all_users" lineno="3711">
<summary>
Send a SIGCHLD signal to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_create_all_users_keys" lineno="3729">
<summary>
Create keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dbus_send_all_users" lineno="3747">
<summary>
Send a dbus message to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_set_rlimitnh" lineno="3766">
<summary>
Allow apps to set rlimits on userdomain
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<template name="userdom_unpriv_usertype" lineno="3790">
<summary>
Define this type as a Allow apps to set rlimits on userdomain
</summary>
<param name="userdomain_prefix">
<summary>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</summary>
</param>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</template>
<interface name="userdom_stream_connect" lineno="3812">
<summary>
Connect to users over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_stream_connectto" lineno="3831">
<summary>
Dontaudit connectto to users over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_ptrace_all_users" lineno="3849">
<summary>
Ptrace user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_search_admin_dir" lineno="3867">
<summary>
dontaudit Search /root
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_list_admin_dir" lineno="3885">
<summary>
dontaudit list /root
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_write_admin_dir" lineno="3903">
<summary>
dontaudit write /root
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_list_admin_dir" lineno="3921">
<summary>
Allow domain to list /root
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_search_admin_dir" lineno="3939">
<summary>
Allow Search /root
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_semaphores" lineno="3957">
<summary>
RW unpriviledged user SysV sempaphores.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dgram_send" lineno="3976">
<summary>
Send a message to unpriv users over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_users_dgram_send" lineno="3995">
<summary>
Send a message to users over a unix domain
datagram socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_execmod_user_home_files" lineno="4014">
<summary>
Allow execmod on files in homedirectory
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_read_admin_home_files" lineno="4033">
<summary>
Read admin home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_dontaudit_read_admin_home_files" lineno="4052">
<summary>
Read admin home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_exec_admin_home_files" lineno="4072">
<summary>
Execute admin home files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_inherit_append_admin_home_files" lineno="4091">
<summary>
Append files inherited
in the /root directory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_home_content" lineno="4111">
<summary>
Manage all files/directories in the homedir
</summary>
<param name="userdomain">
<summary>
The user domain
</summary>
</param>
<rolebase/>
</interface>
<interface name="userdom_user_home_dir_filetrans_pattern" lineno="4145">
<summary>
Create objects in a user home directory
with an automatic type transition to
the user home file type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="userdom_admin_home_dir_filetrans" lineno="4175">
<summary>
Create objects in the /root directory
with an automatic type transition to
a specified private type.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<param name="private_type">
<summary>
The type of the object to create.
</summary>
</param>
<param name="object_class">
<summary>
The class of the object to be created.
</summary>
</param>
</interface>
<interface name="userdom_signull_unpriv_users" lineno="4193">
<summary>
Send signull to unprivileged user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_write_user_tmp_dirs" lineno="4211">
<summary>
Write all users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_all_users_keys" lineno="4229">
<summary>
Manage keys for all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_rw_stream" lineno="4249">
<summary>
Do not audit attempts to read and write
unserdomain stream.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_append_user_home_content_files" lineno="4268">
<summary>
Append files
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_inherited_user_home_content_files" lineno="4289">
<summary>
Read files inherited
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_inherit_append_user_home_content_files" lineno="4308">
<summary>
Append files inherited
in a user home subdirectory.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_inherit_append_user_tmp_files" lineno="4327">
<summary>
Append files inherited
in a user tmp files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_read_home_certs" lineno="4346">
<summary>
Read system SSL certificates in the users homedir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_manage_home_certs" lineno="4368">
<summary>
Manage system SSL certificates in the users homedir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_write_home_certs" lineno="4389">
<summary>
Dontaudit Write system SSL certificates in the users homedir.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_home_audio_files" lineno="4408">
<summary>
Read audio files in the users homedir.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
<rolecap/>
</interface>
<interface name="userdom_dontaudit_write_all_user_home_content_files" lineno="4429">
<summary>
Do not audit attempts to write all user home content files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_write_all_user_tmp_content_files" lineno="4447">
<summary>
Do not audit attempts to write all user tmp content files.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_manage_all_user_tmp_content" lineno="4465">
<summary>
Manage all user temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_list_all_user_tmp_content" lineno="4488">
<summary>
List all user temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_all_user_tmpfs_content" lineno="4512">
<summary>
Manage all user tmpfs content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_all_user_tmp_content" lineno="4535">
<summary>
Delete all user temporary content.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_getattr_admin_home_files" lineno="4560">
<summary>
dontaudit Search getatrr /root files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_read_admin_home_lnk_files" lineno="4578">
<summary>
dontaudit read /root lnk files
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_chr_files" lineno="4597">
<summary>
Create, read, write, and delete user
temporary chr files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_manage_user_tmp_blk_files" lineno="4617">
<summary>
Create, read, write, and delete user
temporary blk files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaudit_setattr_user_tmp" lineno="4636">
<summary>
Dontaudit attempt to set attributes on user temporary directories.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="userdom_read_inherited_user_tmp_files" lineno="4654">
<summary>
Read all inherited users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_dontaduit_search_user_tmp" lineno="4672">
<summary>
Dontaudit search user temporary directories.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_write_inherited_user_tmp_files" lineno="4690">
<summary>
Write all inherited users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_delete_user_tmp_files" lineno="4708">
<summary>
Delete all users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_kill_all_users" lineno="4726">
<summary>
Send kill signals to all user domains.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_inherited_user_tmp_files" lineno="4744">
<summary>
Read/write all inherited users files in /tmp
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="userdom_rw_stream" lineno="4762">
<summary>
Read and write userdomain stream.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="allow_user_mysql_connect" dftval="false">
<desc>
<p>
Allow users to connect to mysql
</p>
</desc>
</tunable>
<tunable name="allow_user_postgresql_connect" dftval="false">
<desc>
<p>
Allow users to connect to PostgreSQL
</p>
</desc>
</tunable>
<tunable name="user_direct_mouse" dftval="false">
<desc>
<p>
Allow regular users direct mouse access
</p>
</desc>
</tunable>
<tunable name="user_rw_noexattrfile" dftval="false">
<desc>
<p>
Allow user to r/w files on filesystems
that do not have extended attributes (FAT, CDROM, FLOPPY)
</p>
</desc>
</tunable>
<tunable name="user_setrlimit" dftval="false">
<desc>
<p>
Allow user processes to change their priority
</p>
</desc>
</tunable>
<tunable name="user_ttyfile_stat" dftval="false">
<desc>
<p>
Allow w to display everyone
</p>
</desc>
</tunable>
</module>
<module name="xen" filename="policy/modules/system/xen.if">
<summary>Xen hypervisor</summary>
<interface name="xen_domtrans" lineno="13">
<summary>
Execute a domain transition to run xend.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xen_use_fds" lineno="31">
<summary>
Inherit and use xen file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xen_dontaudit_use_fds" lineno="50">
<summary>
Do not audit attempts to inherit
xen file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xen_read_image_files" lineno="68">
<summary>
Read xend image files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_rw_image_files" lineno="90">
<summary>
Allow the specified domain to read/write
xend image files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xen_append_log" lineno="111">
<summary>
Allow the specified domain to append
xend log files.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xen_manage_log" lineno="132">
<summary>
Create, read, write, and delete the
xend log files.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_dontaudit_rw_unix_stream_sockets" lineno="154">
<summary>
Do not audit attempts to read and write
Xen unix domain stream sockets. These
are leaked file descriptors.
</summary>
<param name="domain">
<summary>
Domain to not audit.
</summary>
</param>
</interface>
<interface name="xen_stream_connect_xenstore" lineno="172">
<summary>
Connect to xenstored over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_stream_connect" lineno="191">
<summary>
Connect to xend over an unix domain stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<interface name="xen_domtrans_xm" lineno="213">
<summary>
Execute a domain transition to run xm.
</summary>
<param name="domain">
<summary>
Domain allowed to transition.
</summary>
</param>
</interface>
<interface name="xen_stream_connect_xm" lineno="232">
<summary>
Connect to xm over an unix stream socket.
</summary>
<param name="domain">
<summary>
Domain allowed access.
</summary>
</param>
</interface>
<tunable name="xen_use_nfs" dftval="false">
<desc>
<p>
Allow xen to manage nfs files
</p>
</desc>
</tunable>
</module>
</layer>
<tunable name="allow_execheap" dftval="false">
<desc>
<p>
Allow unconfined executables to make their heap memory executable. Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
</p>
</desc>
</tunable>
<tunable name="allow_execmem" dftval="false">
<desc>
<p>
Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla)
</p>
</desc>
</tunable>
<tunable name="allow_execmod" dftval="false">
<desc>
<p>
Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t)
</p>
</desc>
</tunable>
<tunable name="allow_execstack" dftval="false">
<desc>
<p>
Allow unconfined executables to make their stack executable. This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla)
</p>
</desc>
</tunable>
<tunable name="allow_polyinstantiation" dftval="false">
<desc>
<p>
Enable polyinstantiated directory support.
</p>
</desc>
</tunable>
<tunable name="allow_ypbind" dftval="false">
<desc>
<p>
Allow system to run with NIS
</p>
</desc>
</tunable>
<tunable name="global_ssp" dftval="false">
<desc>
<p>
Enable reading of urandom for all domains.
</p>
<p>
This should be enabled when all programs
are compiled with ProPolice/SSP
stack smashing protection. All domains will
be allowed to read from /dev/urandom.
</p>
</desc>
</tunable>
<tunable name="use_nfs_home_dirs" dftval="false">
<desc>
<p>
Support NFS home directories
</p>
</desc>
</tunable>
<tunable name="use_fusefs_home_dirs" dftval="false">
<desc>
<p>
Support fusefs home directories
</p>
</desc>
</tunable>
<tunable name="use_samba_home_dirs" dftval="false">
<desc>
<p>
Support SAMBA home directories
</p>
</desc>
</tunable>
<tunable name="user_tcp_server" dftval="false">
<desc>
<p>
Allow users to run TCP servers (bind to ports and accept connection from
the same domain and outside users) disabling this forces FTP passive mode
and may change other protocols.
</p>
</desc>
</tunable>
<tunable name="allow_console_login" dftval="false">
<desc>
<p>
Allow direct login to the console device. Required for System 390
</p>
</desc>
</tunable>
<tunable name="mmap_low_allowed" dftval="false">
<desc>
<p>
Allow certain domains to map low memory in the kernel
</p>
</desc>
</tunable>
<bool name="secure_mode" dftval="false">
<desc>
<p>
Enabling secure mode disallows programs, such as
newrole, from transitioning to administrative
user domains.
</p>
</desc>
</bool>
<bool name="secure_mode_insmod" dftval="false">
<desc>
<p>
Disable transitions to insmod.
</p>
</desc>
</bool>
<bool name="secure_mode_policyload" dftval="false">
<desc>
<p>
boolean to determine whether the system permits loading policy, setting
enforcing mode, and changing boolean values. Set this to true and you
have to reboot to set it back
</p>
</desc>
</bool>
</policy>
y~or�5J�={Ee�u磝Qk���ᯘG{?+]ן?�wM3X�^歌>{7پK>on\jy�R�g/=fOr�oNVv~Y+�NGuÝHWyw[eQʨSb>�>}Gmx[o[<�{Ϯ_qF�vM����IENDB`