From: "Kenton Groombridge" <concord@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: doc/
Date: Fri, 31 Mar 2023 23:07:12 +0000 (UTC) [thread overview]
Message-ID: <1680286082.062f39e5dcb952b95a2f1272960b2379f5a41069.concord@gentoo> (raw)
commit: 062f39e5dcb952b95a2f1272960b2379f5a41069
Author: Kenton Groombridge <concord <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 31 18:07:26 2023 +0000
Commit: Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Fri Mar 31 18:08:02 2023 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=062f39e5
Update generated policy and doc files
Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>
doc/policy.xml | 1750 ++++++++++++++++++++++++++++++--------------------------
1 file changed, 944 insertions(+), 806 deletions(-)
diff --git a/doc/policy.xml b/doc/policy.xml
index ed1c8ef5d..ec78d3383 100644
--- a/doc/policy.xml
+++ b/doc/policy.xml
@@ -2455,7 +2455,17 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="portage_dontaudit_search_tmp" lineno="338">
+<interface name="portage_dontaudit_use_inherited_ptys" lineno="337">
+<summary>
+Do not audit attempts to read and write inherited portage ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="portage_dontaudit_search_tmp" lineno="356">
<summary>
Do not audit attempts to search the
portage temporary directories.
@@ -2466,7 +2476,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="portage_dontaudit_rw_tmp_files" lineno="357">
+<interface name="portage_dontaudit_rw_tmp_files" lineno="375">
<summary>
Do not audit attempts to read and write
the portage temporary files.
@@ -2477,7 +2487,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="portage_eselect_module" lineno="382">
+<interface name="portage_eselect_module" lineno="400">
<summary>
Allow the domain to run within an eselect module script.
</summary>
@@ -2487,7 +2497,7 @@ Domain to allow within an eselect module
</summary>
</param>
</interface>
-<interface name="portage_ro_role" lineno="405">
+<interface name="portage_ro_role" lineno="423">
<summary>
Read all portage files
</summary>
@@ -2502,7 +2512,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="portage_read_db" lineno="425">
+<interface name="portage_read_db" lineno="443">
<summary>
Read portage db files
</summary>
@@ -2512,7 +2522,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="portage_read_cache" lineno="445">
+<interface name="portage_read_cache" lineno="463">
<summary>
Read portage cache files
</summary>
@@ -2522,7 +2532,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="portage_read_config" lineno="466">
+<interface name="portage_read_config" lineno="484">
<summary>
Read portage configuration files
</summary>
@@ -2532,7 +2542,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="portage_read_ebuild" lineno="488">
+<interface name="portage_read_ebuild" lineno="506">
<summary>
Read portage ebuild files
</summary>
@@ -2542,7 +2552,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="portage_read_log" lineno="510">
+<interface name="portage_read_log" lineno="528">
<summary>
Read portage log files
</summary>
@@ -2552,7 +2562,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="portage_read_srcrepo" lineno="529">
+<interface name="portage_read_srcrepo" lineno="547">
<summary>
Read portage src repository files
</summary>
@@ -2562,7 +2572,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="portage_dontaudit_write_cache" lineno="551">
+<interface name="portage_dontaudit_write_cache" lineno="569">
<summary>
Do not audit writing portage cache files
</summary>
@@ -61051,7 +61061,18 @@ Domain not to audit.
</param>
</interface>
-<interface name="files_mounton_all_mountpoints" lineno="1726">
+<interface name="files_relabel_config_symlinks" lineno="1727">
+<summary>
+Relabel configuration symlinks.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="files_mounton_all_mountpoints" lineno="1745">
<summary>
Mount a filesystem on all mount points.
</summary>
@@ -61061,7 +61082,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_getattr_all_mountpoints" lineno="1747">
+<interface name="files_getattr_all_mountpoints" lineno="1766">
<summary>
Get the attributes of all mount points.
</summary>
@@ -61071,7 +61092,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_setattr_all_mountpoints" lineno="1765">
+<interface name="files_setattr_all_mountpoints" lineno="1784">
<summary>
Set the attributes of all mount points.
</summary>
@@ -61081,7 +61102,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_setattr_all_mountpoints" lineno="1783">
+<interface name="files_dontaudit_setattr_all_mountpoints" lineno="1802">
<summary>
Do not audit attempts to set the attributes on all mount points.
</summary>
@@ -61091,7 +61112,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_search_all_mountpoints" lineno="1801">
+<interface name="files_search_all_mountpoints" lineno="1820">
<summary>
Search all mount points.
</summary>
@@ -61101,7 +61122,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_search_all_mountpoints" lineno="1819">
+<interface name="files_dontaudit_search_all_mountpoints" lineno="1838">
<summary>
Do not audit searching of all mount points.
</summary>
@@ -61111,7 +61132,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_list_all_mountpoints" lineno="1837">
+<interface name="files_list_all_mountpoints" lineno="1856">
<summary>
List all mount points.
</summary>
@@ -61121,7 +61142,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_list_all_mountpoints" lineno="1855">
+<interface name="files_dontaudit_list_all_mountpoints" lineno="1874">
<summary>
Do not audit listing of all mount points.
</summary>
@@ -61131,7 +61152,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_watch_all_mountpoints" lineno="1873">
+<interface name="files_watch_all_mountpoints" lineno="1892">
<summary>
Watch all mountpoints.
</summary>
@@ -61141,7 +61162,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_watch_all_mount_perm" lineno="1891">
+<interface name="files_watch_all_mount_perm" lineno="1910">
<summary>
Watch all mountpoints.
</summary>
@@ -61151,7 +61172,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_write_all_mountpoints" lineno="1909">
+<interface name="files_write_all_mountpoints" lineno="1928">
<summary>
Check if all mountpoints are writable.
</summary>
@@ -61161,7 +61182,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_write_all_mountpoints" lineno="1927">
+<interface name="files_dontaudit_write_all_mountpoints" lineno="1946">
<summary>
Do not audit attempts to write to mount points.
</summary>
@@ -61171,7 +61192,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_list_root" lineno="1945">
+<interface name="files_list_root" lineno="1964">
<summary>
List the contents of the root directory.
</summary>
@@ -61181,7 +61202,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_root_symlinks" lineno="1965">
+<interface name="files_delete_root_symlinks" lineno="1984">
<summary>
Delete symbolic links in the
root directory.
@@ -61192,7 +61213,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_write_root_dirs" lineno="1983">
+<interface name="files_dontaudit_write_root_dirs" lineno="2002">
<summary>
Do not audit attempts to write to / dirs.
</summary>
@@ -61202,7 +61223,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_rw_root_dir" lineno="2002">
+<interface name="files_dontaudit_rw_root_dir" lineno="2021">
<summary>
Do not audit attempts to write
files in the root directory.
@@ -61213,7 +61234,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_watch_root_dirs" lineno="2020">
+<interface name="files_watch_root_dirs" lineno="2039">
<summary>
Watch the root directory.
</summary>
@@ -61223,7 +61244,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_root_filetrans" lineno="2054">
+<interface name="files_root_filetrans" lineno="2073">
<summary>
Create an object in the root directory, with a private
type using a type transition.
@@ -61249,7 +61270,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_read_root_files" lineno="2073">
+<interface name="files_dontaudit_read_root_files" lineno="2092">
<summary>
Do not audit attempts to read files in
the root directory.
@@ -61260,7 +61281,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_rw_root_files" lineno="2092">
+<interface name="files_dontaudit_rw_root_files" lineno="2111">
<summary>
Do not audit attempts to read or write
files in the root directory.
@@ -61271,7 +61292,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_rw_root_chr_files" lineno="2111">
+<interface name="files_dontaudit_rw_root_chr_files" lineno="2130">
<summary>
Do not audit attempts to read or write
character device nodes in the root directory.
@@ -61282,7 +61303,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_delete_root_chr_files" lineno="2130">
+<interface name="files_delete_root_chr_files" lineno="2149">
<summary>
Delete character device nodes in
the root directory.
@@ -61293,7 +61314,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_root_files" lineno="2148">
+<interface name="files_delete_root_files" lineno="2167">
<summary>
Delete files in the root directory.
</summary>
@@ -61303,7 +61324,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_exec_root_files" lineno="2166">
+<interface name="files_exec_root_files" lineno="2185">
<summary>
Execute files in the root directory.
</summary>
@@ -61313,7 +61334,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_root_dir_entry" lineno="2184">
+<interface name="files_delete_root_dir_entry" lineno="2203">
<summary>
Remove entries from the root directory.
</summary>
@@ -61323,7 +61344,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_root_dir" lineno="2202">
+<interface name="files_manage_root_dir" lineno="2221">
<summary>
Manage the root directory.
</summary>
@@ -61333,7 +61354,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_getattr_rootfs" lineno="2221">
+<interface name="files_getattr_rootfs" lineno="2240">
<summary>
Get the attributes of a rootfs
file system.
@@ -61344,7 +61365,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_associate_rootfs" lineno="2239">
+<interface name="files_associate_rootfs" lineno="2258">
<summary>
Associate to root file system.
</summary>
@@ -61354,7 +61375,7 @@ Type of the file to associate.
</summary>
</param>
</interface>
-<interface name="files_relabel_rootfs" lineno="2257">
+<interface name="files_relabel_rootfs" lineno="2276">
<summary>
Relabel to and from rootfs file system.
</summary>
@@ -61364,7 +61385,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_unmount_rootfs" lineno="2275">
+<interface name="files_unmount_rootfs" lineno="2294">
<summary>
Unmount a rootfs filesystem.
</summary>
@@ -61374,7 +61395,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_mounton_root" lineno="2293">
+<interface name="files_mounton_root" lineno="2312">
<summary>
Mount on the root directory (/)
</summary>
@@ -61384,7 +61405,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_getattr_boot_fs" lineno="2312">
+<interface name="files_getattr_boot_fs" lineno="2331">
<summary>
Get the attributes of a filesystem
mounted on /boot.
@@ -61395,7 +61416,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_remount_boot" lineno="2330">
+<interface name="files_remount_boot" lineno="2349">
<summary>
Remount a filesystem mounted on /boot.
</summary>
@@ -61405,7 +61426,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_getattr_boot_dirs" lineno="2348">
+<interface name="files_getattr_boot_dirs" lineno="2367">
<summary>
Get attributes of the /boot directory.
</summary>
@@ -61415,7 +61436,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_getattr_boot_dirs" lineno="2367">
+<interface name="files_dontaudit_getattr_boot_dirs" lineno="2386">
<summary>
Do not audit attempts to get attributes
of the /boot directory.
@@ -61426,7 +61447,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_search_boot" lineno="2385">
+<interface name="files_search_boot" lineno="2404">
<summary>
Search the /boot directory.
</summary>
@@ -61436,7 +61457,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_search_boot" lineno="2403">
+<interface name="files_dontaudit_search_boot" lineno="2422">
<summary>
Do not audit attempts to search the /boot directory.
</summary>
@@ -61446,7 +61467,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_list_boot" lineno="2421">
+<interface name="files_list_boot" lineno="2440">
<summary>
List the /boot directory.
</summary>
@@ -61456,7 +61477,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_list_boot" lineno="2439">
+<interface name="files_dontaudit_list_boot" lineno="2458">
<summary>
Do not audit attempts to list the /boot directory.
</summary>
@@ -61466,7 +61487,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_create_boot_dirs" lineno="2457">
+<interface name="files_create_boot_dirs" lineno="2476">
<summary>
Create directories in /boot
</summary>
@@ -61476,7 +61497,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_boot_dirs" lineno="2476">
+<interface name="files_manage_boot_dirs" lineno="2495">
<summary>
Create, read, write, and delete
directories in /boot.
@@ -61487,7 +61508,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_boot_filetrans" lineno="2510">
+<interface name="files_boot_filetrans" lineno="2529">
<summary>
Create a private type object in boot
with an automatic type transition
@@ -61513,7 +61534,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_read_boot_files" lineno="2529">
+<interface name="files_read_boot_files" lineno="2548">
<summary>
read files in the /boot directory.
</summary>
@@ -61524,7 +61545,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_manage_boot_files" lineno="2549">
+<interface name="files_manage_boot_files" lineno="2568">
<summary>
Create, read, write, and delete files
in the /boot directory.
@@ -61536,7 +61557,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_relabelfrom_boot_files" lineno="2567">
+<interface name="files_relabelfrom_boot_files" lineno="2586">
<summary>
Relabel from files in the /boot directory.
</summary>
@@ -61546,7 +61567,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_boot_symlinks" lineno="2585">
+<interface name="files_read_boot_symlinks" lineno="2604">
<summary>
Read symbolic links in the /boot directory.
</summary>
@@ -61556,7 +61577,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_rw_boot_symlinks" lineno="2604">
+<interface name="files_rw_boot_symlinks" lineno="2623">
<summary>
Read and write symbolic links
in the /boot directory.
@@ -61567,7 +61588,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_boot_symlinks" lineno="2624">
+<interface name="files_manage_boot_symlinks" lineno="2643">
<summary>
Create, read, write, and delete symbolic links
in the /boot directory.
@@ -61578,7 +61599,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_kernel_img" lineno="2642">
+<interface name="files_read_kernel_img" lineno="2661">
<summary>
Read kernel files in the /boot directory.
</summary>
@@ -61588,7 +61609,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_create_kernel_img" lineno="2663">
+<interface name="files_create_kernel_img" lineno="2682">
<summary>
Install a kernel into the /boot directory.
</summary>
@@ -61599,7 +61620,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_delete_kernel" lineno="2683">
+<interface name="files_delete_kernel" lineno="2702">
<summary>
Delete a kernel from /boot.
</summary>
@@ -61610,7 +61631,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_getattr_default_dirs" lineno="2701">
+<interface name="files_getattr_default_dirs" lineno="2720">
<summary>
Getattr of directories with the default file type.
</summary>
@@ -61620,7 +61641,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_getattr_default_dirs" lineno="2720">
+<interface name="files_dontaudit_getattr_default_dirs" lineno="2739">
<summary>
Do not audit attempts to get the attributes of
directories with the default file type.
@@ -61631,7 +61652,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_search_default" lineno="2738">
+<interface name="files_search_default" lineno="2757">
<summary>
Search the contents of directories with the default file type.
</summary>
@@ -61641,7 +61662,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_list_default" lineno="2756">
+<interface name="files_list_default" lineno="2775">
<summary>
List contents of directories with the default file type.
</summary>
@@ -61651,7 +61672,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_list_default" lineno="2775">
+<interface name="files_dontaudit_list_default" lineno="2794">
<summary>
Do not audit attempts to list contents of
directories with the default file type.
@@ -61662,7 +61683,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_manage_default_dirs" lineno="2794">
+<interface name="files_manage_default_dirs" lineno="2813">
<summary>
Create, read, write, and delete directories with
the default file type.
@@ -61673,7 +61694,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_mounton_default" lineno="2812">
+<interface name="files_mounton_default" lineno="2831">
<summary>
Mount a filesystem on a directory with the default file type.
</summary>
@@ -61683,7 +61704,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_getattr_default_files" lineno="2831">
+<interface name="files_dontaudit_getattr_default_files" lineno="2850">
<summary>
Do not audit attempts to get the attributes of
files with the default file type.
@@ -61694,7 +61715,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_read_default_files" lineno="2849">
+<interface name="files_read_default_files" lineno="2868">
<summary>
Read files with the default file type.
</summary>
@@ -61704,7 +61725,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_read_default_files" lineno="2868">
+<interface name="files_dontaudit_read_default_files" lineno="2887">
<summary>
Do not audit attempts to read files
with the default file type.
@@ -61715,7 +61736,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_manage_default_files" lineno="2887">
+<interface name="files_manage_default_files" lineno="2906">
<summary>
Create, read, write, and delete files with
the default file type.
@@ -61726,7 +61747,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_default_symlinks" lineno="2905">
+<interface name="files_read_default_symlinks" lineno="2924">
<summary>
Read symbolic links with the default file type.
</summary>
@@ -61736,7 +61757,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_default_sockets" lineno="2923">
+<interface name="files_read_default_sockets" lineno="2942">
<summary>
Read sockets with the default file type.
</summary>
@@ -61746,7 +61767,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_default_pipes" lineno="2941">
+<interface name="files_read_default_pipes" lineno="2960">
<summary>
Read named pipes with the default file type.
</summary>
@@ -61756,7 +61777,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_search_etc" lineno="2959">
+<interface name="files_search_etc" lineno="2978">
<summary>
Search the contents of /etc directories.
</summary>
@@ -61766,7 +61787,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_setattr_etc_dirs" lineno="2977">
+<interface name="files_setattr_etc_dirs" lineno="2996">
<summary>
Set the attributes of the /etc directories.
</summary>
@@ -61776,7 +61797,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_list_etc" lineno="2995">
+<interface name="files_list_etc" lineno="3014">
<summary>
List the contents of /etc directories.
</summary>
@@ -61786,7 +61807,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_write_etc_dirs" lineno="3013">
+<interface name="files_dontaudit_write_etc_dirs" lineno="3032">
<summary>
Do not audit attempts to write to /etc dirs.
</summary>
@@ -61796,7 +61817,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_rw_etc_dirs" lineno="3031">
+<interface name="files_rw_etc_dirs" lineno="3050">
<summary>
Add and remove entries from /etc directories.
</summary>
@@ -61806,7 +61827,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_etc_dirs" lineno="3050">
+<interface name="files_manage_etc_dirs" lineno="3069">
<summary>
Manage generic directories in /etc
</summary>
@@ -61817,7 +61838,7 @@ Domain allowed access
</param>
</interface>
-<interface name="files_relabelto_etc_dirs" lineno="3068">
+<interface name="files_relabelto_etc_dirs" lineno="3087">
<summary>
Relabel directories to etc_t.
</summary>
@@ -61827,7 +61848,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_mounton_etc_dirs" lineno="3087">
+<interface name="files_mounton_etc_dirs" lineno="3106">
<summary>
Mount a filesystem on the
etc directories.
@@ -61838,7 +61859,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_remount_etc" lineno="3105">
+<interface name="files_remount_etc" lineno="3124">
<summary>
Remount etc filesystems.
</summary>
@@ -61848,7 +61869,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_watch_etc_dirs" lineno="3123">
+<interface name="files_watch_etc_dirs" lineno="3142">
<summary>
Watch /etc directories
</summary>
@@ -61858,7 +61879,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_etc_files" lineno="3175">
+<interface name="files_read_etc_files" lineno="3194">
<summary>
Read generic files in /etc.
</summary>
@@ -61902,7 +61923,7 @@ Domain allowed access.
</param>
<infoflow type="read" weight="10"/>
</interface>
-<interface name="files_map_etc_files" lineno="3207">
+<interface name="files_map_etc_files" lineno="3226">
<summary>
Map generic files in /etc.
</summary>
@@ -61924,7 +61945,7 @@ Domain allowed access.
</param>
<infoflow type="read" weight="10"/>
</interface>
-<interface name="files_dontaudit_write_etc_files" lineno="3225">
+<interface name="files_dontaudit_write_etc_files" lineno="3244">
<summary>
Do not audit attempts to write generic files in /etc.
</summary>
@@ -61934,7 +61955,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_rw_etc_files" lineno="3244">
+<interface name="files_rw_etc_files" lineno="3263">
<summary>
Read and write generic files in /etc.
</summary>
@@ -61945,7 +61966,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_manage_etc_files" lineno="3266">
+<interface name="files_manage_etc_files" lineno="3285">
<summary>
Create, read, write, and delete generic
files in /etc.
@@ -61957,7 +61978,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_dontaudit_manage_etc_files" lineno="3287">
+<interface name="files_dontaudit_manage_etc_files" lineno="3306">
<summary>
Do not audit attempts to create, read, write,
and delete generic files in /etc.
@@ -61969,7 +61990,7 @@ Domain to not audit.
</param>
<rolecap/>
</interface>
-<interface name="files_delete_etc_files" lineno="3305">
+<interface name="files_delete_etc_files" lineno="3324">
<summary>
Delete system configuration files in /etc.
</summary>
@@ -61979,7 +62000,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_exec_etc_files" lineno="3323">
+<interface name="files_exec_etc_files" lineno="3342">
<summary>
Execute generic files in /etc.
</summary>
@@ -61989,7 +62010,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_watch_etc_files" lineno="3343">
+<interface name="files_watch_etc_files" lineno="3362">
<summary>
Watch /etc files.
</summary>
@@ -61999,7 +62020,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_get_etc_unit_status" lineno="3361">
+<interface name="files_get_etc_unit_status" lineno="3380">
<summary>
Get etc_t service status.
</summary>
@@ -62009,7 +62030,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_start_etc_service" lineno="3380">
+<interface name="files_start_etc_service" lineno="3399">
<summary>
start etc_t service
</summary>
@@ -62019,7 +62040,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_stop_etc_service" lineno="3399">
+<interface name="files_stop_etc_service" lineno="3418">
<summary>
stop etc_t service
</summary>
@@ -62029,7 +62050,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabel_etc_files" lineno="3418">
+<interface name="files_relabel_etc_files" lineno="3437">
<summary>
Relabel from and to generic files in /etc.
</summary>
@@ -62039,7 +62060,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_etc_symlinks" lineno="3437">
+<interface name="files_read_etc_symlinks" lineno="3456">
<summary>
Read symbolic links in /etc.
</summary>
@@ -62049,7 +62070,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_watch_etc_symlinks" lineno="3455">
+<interface name="files_watch_etc_symlinks" lineno="3474">
<summary>
Watch /etc symlinks
</summary>
@@ -62059,7 +62080,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_etc_symlinks" lineno="3473">
+<interface name="files_manage_etc_symlinks" lineno="3492">
<summary>
Create, read, write, and delete symbolic links in /etc.
</summary>
@@ -62069,7 +62090,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_etc_filetrans" lineno="3507">
+<interface name="files_etc_filetrans" lineno="3526">
<summary>
Create objects in /etc with a private
type using a type_transition.
@@ -62095,7 +62116,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_create_boot_flag" lineno="3537">
+<interface name="files_create_boot_flag" lineno="3556">
<summary>
Create a boot flag.
</summary>
@@ -62117,7 +62138,7 @@ The name of the object being created.
</param>
<rolecap/>
</interface>
-<interface name="files_delete_boot_flag" lineno="3563">
+<interface name="files_delete_boot_flag" lineno="3582">
<summary>
Delete a boot flag.
</summary>
@@ -62134,7 +62155,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_getattr_etc_runtime_dirs" lineno="3582">
+<interface name="files_getattr_etc_runtime_dirs" lineno="3601">
<summary>
Get the attributes of the
etc_runtime directories.
@@ -62145,7 +62166,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_mounton_etc_runtime_dirs" lineno="3601">
+<interface name="files_mounton_etc_runtime_dirs" lineno="3620">
<summary>
Mount a filesystem on the
etc_runtime directories.
@@ -62156,7 +62177,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabelto_etc_runtime_dirs" lineno="3619">
+<interface name="files_relabelto_etc_runtime_dirs" lineno="3638">
<summary>
Relabel to etc_runtime_t dirs.
</summary>
@@ -62166,7 +62187,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="3637">
+<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="3656">
<summary>
Do not audit attempts to set the attributes of the etc_runtime files
</summary>
@@ -62176,7 +62197,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_read_etc_runtime_files" lineno="3675">
+<interface name="files_read_etc_runtime_files" lineno="3694">
<summary>
Read files in /etc that are dynamically
created on boot, such as mtab.
@@ -62206,7 +62227,7 @@ Domain allowed access.
<infoflow type="read" weight="10" />
<rolecap/>
</interface>
-<interface name="files_dontaudit_read_etc_runtime_files" lineno="3697">
+<interface name="files_dontaudit_read_etc_runtime_files" lineno="3716">
<summary>
Do not audit attempts to read files
in /etc that are dynamically
@@ -62218,7 +62239,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_read_etc_files" lineno="3716">
+<interface name="files_dontaudit_read_etc_files" lineno="3735">
<summary>
Do not audit attempts to read files
in /etc
@@ -62229,7 +62250,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_write_etc_runtime_files" lineno="3735">
+<interface name="files_dontaudit_write_etc_runtime_files" lineno="3754">
<summary>
Do not audit attempts to write
etc runtime files.
@@ -62240,7 +62261,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_rw_etc_runtime_files" lineno="3755">
+<interface name="files_rw_etc_runtime_files" lineno="3774">
<summary>
Read and write files in /etc that are dynamically
created on boot, such as mtab.
@@ -62252,7 +62273,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_manage_etc_runtime_files" lineno="3777">
+<interface name="files_manage_etc_runtime_files" lineno="3796">
<summary>
Create, read, write, and delete files in
/etc that are dynamically created on boot,
@@ -62265,7 +62286,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_relabelto_etc_runtime_files" lineno="3795">
+<interface name="files_relabelto_etc_runtime_files" lineno="3814">
<summary>
Relabel to etc_runtime_t files.
</summary>
@@ -62275,7 +62296,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_etc_filetrans_etc_runtime" lineno="3824">
+<interface name="files_etc_filetrans_etc_runtime" lineno="3843">
<summary>
Create, etc runtime objects with an automatic
type transition.
@@ -62296,7 +62317,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_getattr_home_dir" lineno="3843">
+<interface name="files_getattr_home_dir" lineno="3862">
<summary>
Get the attributes of the home directories root
(/home).
@@ -62307,7 +62328,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_getattr_home_dir" lineno="3864">
+<interface name="files_dontaudit_getattr_home_dir" lineno="3883">
<summary>
Do not audit attempts to get the
attributes of the home directories root
@@ -62319,7 +62340,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_search_home" lineno="3883">
+<interface name="files_search_home" lineno="3902">
<summary>
Search home directories root (/home).
</summary>
@@ -62329,7 +62350,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_search_home" lineno="3903">
+<interface name="files_dontaudit_search_home" lineno="3922">
<summary>
Do not audit attempts to search
home directories root (/home).
@@ -62340,7 +62361,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_list_home" lineno="3923">
+<interface name="files_dontaudit_list_home" lineno="3942">
<summary>
Do not audit attempts to list
home directories root (/home).
@@ -62351,7 +62372,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_list_home" lineno="3942">
+<interface name="files_list_home" lineno="3961">
<summary>
Get listing of home directories.
</summary>
@@ -62361,7 +62382,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabelto_home" lineno="3961">
+<interface name="files_relabelto_home" lineno="3980">
<summary>
Relabel to user home root (/home).
</summary>
@@ -62371,7 +62392,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabelfrom_home" lineno="3979">
+<interface name="files_relabelfrom_home" lineno="3998">
<summary>
Relabel from user home root (/home).
</summary>
@@ -62381,7 +62402,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_watch_home" lineno="3997">
+<interface name="files_watch_home" lineno="4016">
<summary>
Watch the user home root (/home).
</summary>
@@ -62391,7 +62412,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_home_filetrans" lineno="4030">
+<interface name="files_home_filetrans" lineno="4049">
<summary>
Create objects in /home.
</summary>
@@ -62416,7 +62437,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_getattr_lost_found_dirs" lineno="4048">
+<interface name="files_getattr_lost_found_dirs" lineno="4067">
<summary>
Get the attributes of lost+found directories.
</summary>
@@ -62426,7 +62447,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="4067">
+<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="4086">
<summary>
Do not audit attempts to get the attributes of
lost+found directories.
@@ -62437,7 +62458,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_list_lost_found" lineno="4085">
+<interface name="files_list_lost_found" lineno="4104">
<summary>
List the contents of lost+found directories.
</summary>
@@ -62447,7 +62468,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_lost_found" lineno="4105">
+<interface name="files_manage_lost_found" lineno="4124">
<summary>
Create, read, write, and delete objects in
lost+found directories.
@@ -62459,7 +62480,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_search_mnt" lineno="4127">
+<interface name="files_search_mnt" lineno="4146">
<summary>
Search the contents of /mnt.
</summary>
@@ -62469,7 +62490,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_search_mnt" lineno="4145">
+<interface name="files_dontaudit_search_mnt" lineno="4164">
<summary>
Do not audit attempts to search /mnt.
</summary>
@@ -62479,7 +62500,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_list_mnt" lineno="4163">
+<interface name="files_list_mnt" lineno="4182">
<summary>
List the contents of /mnt.
</summary>
@@ -62489,7 +62510,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_list_mnt" lineno="4181">
+<interface name="files_dontaudit_list_mnt" lineno="4200">
<summary>
Do not audit attempts to list the contents of /mnt.
</summary>
@@ -62499,7 +62520,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_mounton_mnt" lineno="4199">
+<interface name="files_mounton_mnt" lineno="4218">
<summary>
Mount a filesystem on /mnt.
</summary>
@@ -62509,7 +62530,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_mnt_dirs" lineno="4218">
+<interface name="files_manage_mnt_dirs" lineno="4237">
<summary>
Create, read, write, and delete directories in /mnt.
</summary>
@@ -62520,7 +62541,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_manage_mnt_files" lineno="4236">
+<interface name="files_manage_mnt_files" lineno="4255">
<summary>
Create, read, write, and delete files in /mnt.
</summary>
@@ -62530,7 +62551,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_mnt_files" lineno="4254">
+<interface name="files_read_mnt_files" lineno="4273">
<summary>
read files in /mnt.
</summary>
@@ -62540,7 +62561,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_mnt_symlinks" lineno="4272">
+<interface name="files_read_mnt_symlinks" lineno="4291">
<summary>
Read symbolic links in /mnt.
</summary>
@@ -62550,7 +62571,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_mnt_symlinks" lineno="4290">
+<interface name="files_manage_mnt_symlinks" lineno="4309">
<summary>
Create, read, write, and delete symbolic links in /mnt.
</summary>
@@ -62560,7 +62581,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_search_kernel_modules" lineno="4308">
+<interface name="files_search_kernel_modules" lineno="4327">
<summary>
Search the contents of the kernel module directories.
</summary>
@@ -62570,7 +62591,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_list_kernel_modules" lineno="4327">
+<interface name="files_list_kernel_modules" lineno="4346">
<summary>
List the contents of the kernel module directories.
</summary>
@@ -62580,7 +62601,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_getattr_kernel_modules" lineno="4346">
+<interface name="files_getattr_kernel_modules" lineno="4365">
<summary>
Get the attributes of kernel module files.
</summary>
@@ -62590,7 +62611,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_kernel_modules" lineno="4364">
+<interface name="files_read_kernel_modules" lineno="4383">
<summary>
Read kernel module files.
</summary>
@@ -62600,7 +62621,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_mmap_read_kernel_modules" lineno="4384">
+<interface name="files_mmap_read_kernel_modules" lineno="4403">
<summary>
Read and mmap kernel module files.
</summary>
@@ -62610,7 +62631,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_write_kernel_modules" lineno="4405">
+<interface name="files_write_kernel_modules" lineno="4424">
<summary>
Write kernel module files.
</summary>
@@ -62620,7 +62641,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_kernel_modules" lineno="4424">
+<interface name="files_delete_kernel_modules" lineno="4443">
<summary>
Delete kernel module files.
</summary>
@@ -62630,7 +62651,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_kernel_modules" lineno="4444">
+<interface name="files_manage_kernel_modules" lineno="4463">
<summary>
Create, read, write, and delete
kernel module files.
@@ -62642,7 +62663,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_relabel_kernel_modules" lineno="4464">
+<interface name="files_relabel_kernel_modules" lineno="4483">
<summary>
Relabel from and to kernel module files.
</summary>
@@ -62652,7 +62673,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_mounton_kernel_modules_dirs" lineno="4483">
+<interface name="files_mounton_kernel_modules_dirs" lineno="4502">
<summary>
Mount on kernel module directories.
</summary>
@@ -62662,7 +62683,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_kernel_modules_filetrans" lineno="4517">
+<interface name="files_kernel_modules_filetrans" lineno="4536">
<summary>
Create objects in the kernel module directories
with a private type via an automatic type transition.
@@ -62688,7 +62709,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_load_kernel_modules" lineno="4535">
+<interface name="files_load_kernel_modules" lineno="4554">
<summary>
Load kernel module files.
</summary>
@@ -62698,7 +62719,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_load_kernel_modules" lineno="4554">
+<interface name="files_dontaudit_load_kernel_modules" lineno="4573">
<summary>
Load kernel module files.
</summary>
@@ -62708,7 +62729,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_list_world_readable" lineno="4574">
+<interface name="files_list_world_readable" lineno="4593">
<summary>
List world-readable directories.
</summary>
@@ -62719,7 +62740,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_read_world_readable_files" lineno="4593">
+<interface name="files_read_world_readable_files" lineno="4612">
<summary>
Read world-readable files.
</summary>
@@ -62730,7 +62751,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_read_world_readable_symlinks" lineno="4612">
+<interface name="files_read_world_readable_symlinks" lineno="4631">
<summary>
Read world-readable symbolic links.
</summary>
@@ -62741,7 +62762,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_read_world_readable_pipes" lineno="4630">
+<interface name="files_read_world_readable_pipes" lineno="4649">
<summary>
Read world-readable named pipes.
</summary>
@@ -62751,7 +62772,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_world_readable_sockets" lineno="4648">
+<interface name="files_read_world_readable_sockets" lineno="4667">
<summary>
Read world-readable sockets.
</summary>
@@ -62761,7 +62782,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_associate_tmp" lineno="4668">
+<interface name="files_associate_tmp" lineno="4687">
<summary>
Allow the specified type to associate
to a filesystem with the type of the
@@ -62773,7 +62794,7 @@ Type of the file to associate.
</summary>
</param>
</interface>
-<interface name="files_getattr_tmp_dirs" lineno="4686">
+<interface name="files_getattr_tmp_dirs" lineno="4705">
<summary>
Get the attributes of the tmp directory (/tmp).
</summary>
@@ -62783,7 +62804,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_getattr_tmp_dirs" lineno="4705">
+<interface name="files_dontaudit_getattr_tmp_dirs" lineno="4724">
<summary>
Do not audit attempts to get the
attributes of the tmp directory (/tmp).
@@ -62794,7 +62815,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_search_tmp" lineno="4723">
+<interface name="files_search_tmp" lineno="4742">
<summary>
Search the tmp directory (/tmp).
</summary>
@@ -62804,7 +62825,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_search_tmp" lineno="4741">
+<interface name="files_dontaudit_search_tmp" lineno="4760">
<summary>
Do not audit attempts to search the tmp directory (/tmp).
</summary>
@@ -62814,7 +62835,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_list_tmp" lineno="4759">
+<interface name="files_list_tmp" lineno="4778">
<summary>
Read the tmp directory (/tmp).
</summary>
@@ -62824,7 +62845,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_list_tmp" lineno="4777">
+<interface name="files_dontaudit_list_tmp" lineno="4796">
<summary>
Do not audit listing of the tmp directory (/tmp).
</summary>
@@ -62834,7 +62855,7 @@ Domain not to audit.
</summary>
</param>
</interface>
-<interface name="files_delete_tmp_dir_entry" lineno="4795">
+<interface name="files_delete_tmp_dir_entry" lineno="4814">
<summary>
Remove entries from the tmp directory.
</summary>
@@ -62844,7 +62865,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_generic_tmp_files" lineno="4813">
+<interface name="files_read_generic_tmp_files" lineno="4832">
<summary>
Read files in the tmp directory (/tmp).
</summary>
@@ -62854,7 +62875,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_generic_tmp_dirs" lineno="4831">
+<interface name="files_manage_generic_tmp_dirs" lineno="4850">
<summary>
Manage temporary directories in /tmp.
</summary>
@@ -62864,7 +62885,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabel_generic_tmp_dirs" lineno="4849">
+<interface name="files_relabel_generic_tmp_dirs" lineno="4868">
<summary>
Relabel temporary directories in /tmp.
</summary>
@@ -62874,7 +62895,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_generic_tmp_files" lineno="4867">
+<interface name="files_manage_generic_tmp_files" lineno="4886">
<summary>
Manage temporary files and directories in /tmp.
</summary>
@@ -62884,7 +62905,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_generic_tmp_symlinks" lineno="4885">
+<interface name="files_read_generic_tmp_symlinks" lineno="4904">
<summary>
Read symbolic links in the tmp directory (/tmp).
</summary>
@@ -62894,7 +62915,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_rw_generic_tmp_sockets" lineno="4903">
+<interface name="files_rw_generic_tmp_sockets" lineno="4922">
<summary>
Read and write generic named sockets in the tmp directory (/tmp).
</summary>
@@ -62904,7 +62925,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_mounton_tmp" lineno="4921">
+<interface name="files_mounton_tmp" lineno="4940">
<summary>
Mount filesystems in the tmp directory (/tmp)
</summary>
@@ -62914,7 +62935,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_setattr_all_tmp_dirs" lineno="4939">
+<interface name="files_setattr_all_tmp_dirs" lineno="4958">
<summary>
Set the attributes of all tmp directories.
</summary>
@@ -62924,7 +62945,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_list_all_tmp" lineno="4957">
+<interface name="files_list_all_tmp" lineno="4976">
<summary>
List all tmp directories.
</summary>
@@ -62934,7 +62955,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabel_all_tmp_dirs" lineno="4977">
+<interface name="files_relabel_all_tmp_dirs" lineno="4996">
<summary>
Relabel to and from all temporary
directory types.
@@ -62946,7 +62967,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_dontaudit_getattr_all_tmp_files" lineno="4998">
+<interface name="files_dontaudit_getattr_all_tmp_files" lineno="5017">
<summary>
Do not audit attempts to get the attributes
of all tmp files.
@@ -62957,7 +62978,7 @@ Domain not to audit.
</summary>
</param>
</interface>
-<interface name="files_getattr_all_tmp_files" lineno="5017">
+<interface name="files_getattr_all_tmp_files" lineno="5036">
<summary>
Allow attempts to get the attributes
of all tmp files.
@@ -62968,7 +62989,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabel_all_tmp_files" lineno="5037">
+<interface name="files_relabel_all_tmp_files" lineno="5056">
<summary>
Relabel to and from all temporary
file types.
@@ -62980,7 +63001,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="5058">
+<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="5077">
<summary>
Do not audit attempts to get the attributes
of all tmp sock_file.
@@ -62991,7 +63012,7 @@ Domain not to audit.
</summary>
</param>
</interface>
-<interface name="files_read_all_tmp_files" lineno="5076">
+<interface name="files_read_all_tmp_files" lineno="5095">
<summary>
Read all tmp files.
</summary>
@@ -63001,7 +63022,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_tmp_filetrans" lineno="5110">
+<interface name="files_tmp_filetrans" lineno="5129">
<summary>
Create an object in the tmp directories, with a private
type using a type transition.
@@ -63027,7 +63048,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_purge_tmp" lineno="5128">
+<interface name="files_purge_tmp" lineno="5147">
<summary>
Delete the contents of /tmp.
</summary>
@@ -63037,7 +63058,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_getattr_all_tmpfs_files" lineno="5151">
+<interface name="files_getattr_all_tmpfs_files" lineno="5170">
<summary>
Get the attributes of all tmpfs files.
</summary>
@@ -63047,7 +63068,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_setattr_usr_dirs" lineno="5170">
+<interface name="files_setattr_usr_dirs" lineno="5189">
<summary>
Set the attributes of the /usr directory.
</summary>
@@ -63057,7 +63078,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_search_usr" lineno="5188">
+<interface name="files_search_usr" lineno="5207">
<summary>
Search the content of /usr.
</summary>
@@ -63067,7 +63088,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_list_usr" lineno="5207">
+<interface name="files_list_usr" lineno="5226">
<summary>
List the contents of generic
directories in /usr.
@@ -63078,7 +63099,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_write_usr_dirs" lineno="5225">
+<interface name="files_dontaudit_write_usr_dirs" lineno="5244">
<summary>
Do not audit write of /usr dirs
</summary>
@@ -63088,7 +63109,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_rw_usr_dirs" lineno="5243">
+<interface name="files_rw_usr_dirs" lineno="5262">
<summary>
Add and remove entries from /usr directories.
</summary>
@@ -63098,7 +63119,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_rw_usr_dirs" lineno="5262">
+<interface name="files_dontaudit_rw_usr_dirs" lineno="5281">
<summary>
Do not audit attempts to add and remove
entries from /usr directories.
@@ -63109,7 +63130,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_delete_usr_dirs" lineno="5280">
+<interface name="files_delete_usr_dirs" lineno="5299">
<summary>
Delete generic directories in /usr in the caller domain.
</summary>
@@ -63119,7 +63140,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_watch_usr_dirs" lineno="5298">
+<interface name="files_watch_usr_dirs" lineno="5317">
<summary>
Watch generic directories in /usr.
</summary>
@@ -63129,7 +63150,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_usr_files" lineno="5316">
+<interface name="files_delete_usr_files" lineno="5335">
<summary>
Delete generic files in /usr in the caller domain.
</summary>
@@ -63139,7 +63160,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_getattr_usr_files" lineno="5334">
+<interface name="files_getattr_usr_files" lineno="5353">
<summary>
Get the attributes of files in /usr.
</summary>
@@ -63149,7 +63170,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_map_usr_files" lineno="5353">
+<interface name="files_map_usr_files" lineno="5372">
<summary>
Map generic files in /usr.
</summary>
@@ -63160,7 +63181,7 @@ Domain allowed access.
</param>
<infoflow type="read" weight="10"/>
</interface>
-<interface name="files_read_usr_files" lineno="5389">
+<interface name="files_read_usr_files" lineno="5408">
<summary>
Read generic files in /usr.
</summary>
@@ -63188,7 +63209,7 @@ Domain allowed access.
</param>
<infoflow type="read" weight="10"/>
</interface>
-<interface name="files_exec_usr_files" lineno="5409">
+<interface name="files_exec_usr_files" lineno="5428">
<summary>
Execute generic programs in /usr in the caller domain.
</summary>
@@ -63198,7 +63219,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_write_usr_files" lineno="5429">
+<interface name="files_dontaudit_write_usr_files" lineno="5448">
<summary>
dontaudit write of /usr files
</summary>
@@ -63208,7 +63229,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_manage_usr_files" lineno="5447">
+<interface name="files_manage_usr_files" lineno="5466">
<summary>
Create, read, write, and delete files in the /usr directory.
</summary>
@@ -63218,7 +63239,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabelto_usr_files" lineno="5465">
+<interface name="files_relabelto_usr_files" lineno="5484">
<summary>
Relabel a file to the type used in /usr.
</summary>
@@ -63228,7 +63249,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabelfrom_usr_files" lineno="5483">
+<interface name="files_relabelfrom_usr_files" lineno="5502">
<summary>
Relabel a file from the type used in /usr.
</summary>
@@ -63238,7 +63259,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_usr_symlinks" lineno="5501">
+<interface name="files_read_usr_symlinks" lineno="5520">
<summary>
Read symbolic links in /usr.
</summary>
@@ -63248,7 +63269,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_usr_filetrans" lineno="5534">
+<interface name="files_usr_filetrans" lineno="5553">
<summary>
Create objects in the /usr directory
</summary>
@@ -63273,7 +63294,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_search_src" lineno="5552">
+<interface name="files_search_src" lineno="5571">
<summary>
Search directories in /usr/src.
</summary>
@@ -63283,7 +63304,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_search_src" lineno="5570">
+<interface name="files_dontaudit_search_src" lineno="5589">
<summary>
Do not audit attempts to search /usr/src.
</summary>
@@ -63293,7 +63314,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_getattr_usr_src_files" lineno="5588">
+<interface name="files_getattr_usr_src_files" lineno="5607">
<summary>
Get the attributes of files in /usr/src.
</summary>
@@ -63303,7 +63324,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_usr_src_files" lineno="5609">
+<interface name="files_read_usr_src_files" lineno="5628">
<summary>
Read files in /usr/src.
</summary>
@@ -63313,7 +63334,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_exec_usr_src_files" lineno="5630">
+<interface name="files_exec_usr_src_files" lineno="5649">
<summary>
Execute programs in /usr/src in the caller domain.
</summary>
@@ -63323,7 +63344,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_create_kernel_symbol_table" lineno="5650">
+<interface name="files_create_kernel_symbol_table" lineno="5669">
<summary>
Install a system.map into the /boot directory.
</summary>
@@ -63333,7 +63354,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_kernel_symbol_table" lineno="5669">
+<interface name="files_read_kernel_symbol_table" lineno="5688">
<summary>
Read system.map in the /boot directory.
</summary>
@@ -63343,7 +63364,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_kernel_symbol_table" lineno="5688">
+<interface name="files_delete_kernel_symbol_table" lineno="5707">
<summary>
Delete a system.map in the /boot directory.
</summary>
@@ -63353,7 +63374,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_search_var" lineno="5707">
+<interface name="files_search_var" lineno="5726">
<summary>
Search the contents of /var.
</summary>
@@ -63363,7 +63384,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_write_var_dirs" lineno="5725">
+<interface name="files_dontaudit_write_var_dirs" lineno="5744">
<summary>
Do not audit attempts to write to /var.
</summary>
@@ -63373,7 +63394,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_write_var_dirs" lineno="5743">
+<interface name="files_write_var_dirs" lineno="5762">
<summary>
Allow attempts to write to /var.dirs
</summary>
@@ -63383,7 +63404,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_search_var" lineno="5762">
+<interface name="files_dontaudit_search_var" lineno="5781">
<summary>
Do not audit attempts to search
the contents of /var.
@@ -63394,7 +63415,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_list_var" lineno="5780">
+<interface name="files_list_var" lineno="5799">
<summary>
List the contents of /var.
</summary>
@@ -63404,7 +63425,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_list_var" lineno="5799">
+<interface name="files_dontaudit_list_var" lineno="5818">
<summary>
Do not audit attempts to list
the contents of /var.
@@ -63415,7 +63436,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_manage_var_dirs" lineno="5818">
+<interface name="files_manage_var_dirs" lineno="5837">
<summary>
Create, read, write, and delete directories
in the /var directory.
@@ -63426,7 +63447,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabel_var_dirs" lineno="5836">
+<interface name="files_relabel_var_dirs" lineno="5855">
<summary>
relabelto/from var directories
</summary>
@@ -63436,7 +63457,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_var_files" lineno="5854">
+<interface name="files_read_var_files" lineno="5873">
<summary>
Read files in the /var directory.
</summary>
@@ -63446,7 +63467,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_append_var_files" lineno="5872">
+<interface name="files_append_var_files" lineno="5891">
<summary>
Append files in the /var directory.
</summary>
@@ -63456,7 +63477,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_rw_var_files" lineno="5890">
+<interface name="files_rw_var_files" lineno="5909">
<summary>
Read and write files in the /var directory.
</summary>
@@ -63466,7 +63487,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_rw_var_files" lineno="5909">
+<interface name="files_dontaudit_rw_var_files" lineno="5928">
<summary>
Do not audit attempts to read and write
files in the /var directory.
@@ -63477,7 +63498,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_manage_var_files" lineno="5927">
+<interface name="files_manage_var_files" lineno="5946">
<summary>
Create, read, write, and delete files in the /var directory.
</summary>
@@ -63487,7 +63508,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_var_symlinks" lineno="5945">
+<interface name="files_read_var_symlinks" lineno="5964">
<summary>
Read symbolic links in the /var directory.
</summary>
@@ -63497,7 +63518,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_var_symlinks" lineno="5964">
+<interface name="files_manage_var_symlinks" lineno="5983">
<summary>
Create, read, write, and delete symbolic
links in the /var directory.
@@ -63508,7 +63529,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_var_filetrans" lineno="5997">
+<interface name="files_var_filetrans" lineno="6016">
<summary>
Create objects in the /var directory
</summary>
@@ -63533,7 +63554,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_getattr_var_lib_dirs" lineno="6015">
+<interface name="files_getattr_var_lib_dirs" lineno="6034">
<summary>
Get the attributes of the /var/lib directory.
</summary>
@@ -63543,7 +63564,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_search_var_lib" lineno="6047">
+<interface name="files_search_var_lib" lineno="6066">
<summary>
Search the /var/lib directory.
</summary>
@@ -63567,7 +63588,7 @@ Domain allowed access.
</param>
<infoflow type="read" weight="5"/>
</interface>
-<interface name="files_dontaudit_search_var_lib" lineno="6067">
+<interface name="files_dontaudit_search_var_lib" lineno="6086">
<summary>
Do not audit attempts to search the
contents of /var/lib.
@@ -63579,7 +63600,7 @@ Domain to not audit.
</param>
<infoflow type="read" weight="5"/>
</interface>
-<interface name="files_list_var_lib" lineno="6085">
+<interface name="files_list_var_lib" lineno="6104">
<summary>
List the contents of the /var/lib directory.
</summary>
@@ -63589,7 +63610,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_rw_var_lib_dirs" lineno="6103">
+<interface name="files_rw_var_lib_dirs" lineno="6122">
<summary>
Read-write /var/lib directories
</summary>
@@ -63599,7 +63620,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_var_lib_dirs" lineno="6121">
+<interface name="files_manage_var_lib_dirs" lineno="6140">
<summary>
manage var_lib_t dirs
</summary>
@@ -63609,7 +63630,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabel_var_lib_dirs" lineno="6140">
+<interface name="files_relabel_var_lib_dirs" lineno="6159">
<summary>
relabel var_lib_t dirs
</summary>
@@ -63619,7 +63640,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_var_lib_filetrans" lineno="6174">
+<interface name="files_var_lib_filetrans" lineno="6193">
<summary>
Create objects in the /var/lib directory
</summary>
@@ -63644,7 +63665,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_read_var_lib_files" lineno="6193">
+<interface name="files_read_var_lib_files" lineno="6212">
<summary>
Read generic files in /var/lib.
</summary>
@@ -63654,7 +63675,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_var_lib_symlinks" lineno="6212">
+<interface name="files_read_var_lib_symlinks" lineno="6231">
<summary>
Read generic symbolic links in /var/lib
</summary>
@@ -63664,7 +63685,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_urandom_seed" lineno="6234">
+<interface name="files_manage_urandom_seed" lineno="6253">
<summary>
Create, read, write, and delete the
pseudorandom number generator seed.
@@ -63675,7 +63696,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_mounttab" lineno="6254">
+<interface name="files_manage_mounttab" lineno="6273">
<summary>
Allow domain to manage mount tables
necessary for rpcd, nfsd, etc.
@@ -63686,7 +63707,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_setattr_lock_dirs" lineno="6273">
+<interface name="files_setattr_lock_dirs" lineno="6292">
<summary>
Set the attributes of the generic lock directories.
</summary>
@@ -63696,7 +63717,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_search_locks" lineno="6291">
+<interface name="files_search_locks" lineno="6310">
<summary>
Search the locks directory (/var/lock).
</summary>
@@ -63706,7 +63727,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_search_locks" lineno="6311">
+<interface name="files_dontaudit_search_locks" lineno="6330">
<summary>
Do not audit attempts to search the
locks directory (/var/lock).
@@ -63717,7 +63738,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_list_locks" lineno="6330">
+<interface name="files_list_locks" lineno="6349">
<summary>
List generic lock directories.
</summary>
@@ -63727,7 +63748,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_check_write_lock_dirs" lineno="6349">
+<interface name="files_check_write_lock_dirs" lineno="6368">
<summary>
Test write access on lock directories.
</summary>
@@ -63737,7 +63758,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_add_entry_lock_dirs" lineno="6368">
+<interface name="files_add_entry_lock_dirs" lineno="6387">
<summary>
Add entries in the /var/lock directories.
</summary>
@@ -63747,7 +63768,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_rw_lock_dirs" lineno="6388">
+<interface name="files_rw_lock_dirs" lineno="6407">
<summary>
Add and remove entries in the /var/lock
directories.
@@ -63758,7 +63779,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_create_lock_dirs" lineno="6407">
+<interface name="files_create_lock_dirs" lineno="6426">
<summary>
Create lock directories
</summary>
@@ -63768,7 +63789,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="files_relabel_all_lock_dirs" lineno="6428">
+<interface name="files_relabel_all_lock_dirs" lineno="6447">
<summary>
Relabel to and from all lock directory types.
</summary>
@@ -63779,7 +63800,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_getattr_generic_locks" lineno="6449">
+<interface name="files_getattr_generic_locks" lineno="6468">
<summary>
Get the attributes of generic lock files.
</summary>
@@ -63789,7 +63810,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_generic_locks" lineno="6470">
+<interface name="files_delete_generic_locks" lineno="6489">
<summary>
Delete generic lock files.
</summary>
@@ -63799,7 +63820,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_generic_locks" lineno="6491">
+<interface name="files_manage_generic_locks" lineno="6510">
<summary>
Create, read, write, and delete generic
lock files.
@@ -63810,7 +63831,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_all_locks" lineno="6513">
+<interface name="files_delete_all_locks" lineno="6532">
<summary>
Delete all lock files.
</summary>
@@ -63821,7 +63842,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_read_all_locks" lineno="6534">
+<interface name="files_read_all_locks" lineno="6553">
<summary>
Read all lock files.
</summary>
@@ -63831,7 +63852,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_all_locks" lineno="6557">
+<interface name="files_manage_all_locks" lineno="6576">
<summary>
manage all lock files.
</summary>
@@ -63841,7 +63862,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabel_all_locks" lineno="6580">
+<interface name="files_relabel_all_locks" lineno="6599">
<summary>
Relabel from/to all lock files.
</summary>
@@ -63851,7 +63872,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_lock_filetrans" lineno="6619">
+<interface name="files_lock_filetrans" lineno="6638">
<summary>
Create an object in the locks directory, with a private
type using a type transition.
@@ -63877,7 +63898,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_getattr_runtime_dirs" lineno="6640">
+<interface name="files_dontaudit_getattr_runtime_dirs" lineno="6659">
<summary>
Do not audit attempts to get the attributes
of the /var/run directory.
@@ -63888,7 +63909,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_mounton_runtime_dirs" lineno="6659">
+<interface name="files_mounton_runtime_dirs" lineno="6678">
<summary>
mounton a /var/run directory.
</summary>
@@ -63898,7 +63919,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_setattr_runtime_dirs" lineno="6677">
+<interface name="files_setattr_runtime_dirs" lineno="6696">
<summary>
Set the attributes of the /var/run directory.
</summary>
@@ -63908,7 +63929,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_search_runtime" lineno="6697">
+<interface name="files_search_runtime" lineno="6716">
<summary>
Search the contents of runtime process
ID directories (/var/run).
@@ -63919,7 +63940,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_search_runtime" lineno="6717">
+<interface name="files_dontaudit_search_runtime" lineno="6736">
<summary>
Do not audit attempts to search
the /var/run directory.
@@ -63930,7 +63951,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_list_runtime" lineno="6737">
+<interface name="files_list_runtime" lineno="6756">
<summary>
List the contents of the runtime process
ID directories (/var/run).
@@ -63941,7 +63962,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_check_write_runtime_dirs" lineno="6756">
+<interface name="files_check_write_runtime_dirs" lineno="6775">
<summary>
Check write access on /var/run directories.
</summary>
@@ -63951,7 +63972,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_create_runtime_dirs" lineno="6774">
+<interface name="files_create_runtime_dirs" lineno="6793">
<summary>
Create a /var/run directory.
</summary>
@@ -63961,7 +63982,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_watch_runtime_dirs" lineno="6792">
+<interface name="files_watch_runtime_dirs" lineno="6811">
<summary>
Watch /var/run directories.
</summary>
@@ -63971,7 +63992,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_runtime_files" lineno="6810">
+<interface name="files_read_runtime_files" lineno="6829">
<summary>
Read generic runtime files.
</summary>
@@ -63981,7 +64002,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_exec_runtime" lineno="6830">
+<interface name="files_exec_runtime" lineno="6849">
<summary>
Execute generic programs in /var/run in the caller domain.
</summary>
@@ -63991,7 +64012,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_rw_runtime_files" lineno="6848">
+<interface name="files_rw_runtime_files" lineno="6867">
<summary>
Read and write generic runtime files.
</summary>
@@ -64001,7 +64022,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_runtime_symlinks" lineno="6868">
+<interface name="files_delete_runtime_symlinks" lineno="6887">
<summary>
Delete generic runtime symlinks.
</summary>
@@ -64011,7 +64032,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_write_runtime_pipes" lineno="6886">
+<interface name="files_write_runtime_pipes" lineno="6905">
<summary>
Write named generic runtime pipes.
</summary>
@@ -64021,7 +64042,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_all_runtime_dirs" lineno="6906">
+<interface name="files_delete_all_runtime_dirs" lineno="6925">
<summary>
Delete all runtime dirs.
</summary>
@@ -64032,7 +64053,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_manage_all_runtime_dirs" lineno="6924">
+<interface name="files_manage_all_runtime_dirs" lineno="6943">
<summary>
Create, read, write, and delete all runtime directories.
</summary>
@@ -64042,7 +64063,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabel_all_runtime_dirs" lineno="6942">
+<interface name="files_relabel_all_runtime_dirs" lineno="6961">
<summary>
Relabel all runtime directories.
</summary>
@@ -64052,7 +64073,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_getattr_all_runtime_files" lineno="6961">
+<interface name="files_dontaudit_getattr_all_runtime_files" lineno="6980">
<summary>
Do not audit attempts to get the attributes of
all runtime data files.
@@ -64063,7 +64084,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_read_all_runtime_files" lineno="6982">
+<interface name="files_read_all_runtime_files" lineno="7001">
<summary>
Read all runtime files.
</summary>
@@ -64074,7 +64095,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_dontaudit_ioctl_all_runtime_files" lineno="7003">
+<interface name="files_dontaudit_ioctl_all_runtime_files" lineno="7022">
<summary>
Do not audit attempts to ioctl all runtime files.
</summary>
@@ -64084,7 +64105,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_write_all_runtime_files" lineno="7023">
+<interface name="files_dontaudit_write_all_runtime_files" lineno="7042">
<summary>
Do not audit attempts to write to all runtime files.
</summary>
@@ -64094,7 +64115,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_delete_all_runtime_files" lineno="7044">
+<interface name="files_delete_all_runtime_files" lineno="7063">
<summary>
Delete all runtime files.
</summary>
@@ -64105,7 +64126,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_manage_all_runtime_files" lineno="7063">
+<interface name="files_manage_all_runtime_files" lineno="7082">
<summary>
Create, read, write and delete all
var_run (pid) files
@@ -64116,7 +64137,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabel_all_runtime_files" lineno="7081">
+<interface name="files_relabel_all_runtime_files" lineno="7100">
<summary>
Relabel all runtime files.
</summary>
@@ -64126,7 +64147,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_all_runtime_symlinks" lineno="7100">
+<interface name="files_delete_all_runtime_symlinks" lineno="7119">
<summary>
Delete all runtime symlinks.
</summary>
@@ -64137,7 +64158,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_manage_all_runtime_symlinks" lineno="7119">
+<interface name="files_manage_all_runtime_symlinks" lineno="7138">
<summary>
Create, read, write and delete all
var_run (pid) symbolic links.
@@ -64148,7 +64169,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabel_all_runtime_symlinks" lineno="7137">
+<interface name="files_relabel_all_runtime_symlinks" lineno="7156">
<summary>
Relabel all runtime symbolic links.
</summary>
@@ -64158,7 +64179,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_create_all_runtime_pipes" lineno="7155">
+<interface name="files_create_all_runtime_pipes" lineno="7174">
<summary>
Create all runtime named pipes
</summary>
@@ -64168,7 +64189,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_all_runtime_pipes" lineno="7174">
+<interface name="files_delete_all_runtime_pipes" lineno="7193">
<summary>
Delete all runtime named pipes
</summary>
@@ -64178,7 +64199,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_create_all_runtime_sockets" lineno="7193">
+<interface name="files_create_all_runtime_sockets" lineno="7212">
<summary>
Create all runtime sockets.
</summary>
@@ -64188,7 +64209,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_all_runtime_sockets" lineno="7211">
+<interface name="files_delete_all_runtime_sockets" lineno="7230">
<summary>
Delete all runtime sockets.
</summary>
@@ -64198,7 +64219,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_relabel_all_runtime_sockets" lineno="7229">
+<interface name="files_relabel_all_runtime_sockets" lineno="7248">
<summary>
Relabel all runtime named sockets.
</summary>
@@ -64208,7 +64229,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_runtime_filetrans" lineno="7289">
+<interface name="files_runtime_filetrans" lineno="7308">
<summary>
Create an object in the /run directory, with a private type.
</summary>
@@ -64260,7 +64281,7 @@ The name of the object being created.
</param>
<infoflow type="write" weight="10"/>
</interface>
-<interface name="files_runtime_filetrans_lock_dir" lineno="7314">
+<interface name="files_runtime_filetrans_lock_dir" lineno="7333">
<summary>
Create a generic lock directory within the run directories.
</summary>
@@ -64275,7 +64296,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_create_all_spool_sockets" lineno="7332">
+<interface name="files_create_all_spool_sockets" lineno="7351">
<summary>
Create all spool sockets
</summary>
@@ -64285,7 +64306,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_delete_all_spool_sockets" lineno="7350">
+<interface name="files_delete_all_spool_sockets" lineno="7369">
<summary>
Delete all spool sockets
</summary>
@@ -64295,7 +64316,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_mounton_all_poly_members" lineno="7369">
+<interface name="files_mounton_all_poly_members" lineno="7388">
<summary>
Mount filesystems on all polyinstantiation
member directories.
@@ -64306,7 +64327,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_search_spool" lineno="7388">
+<interface name="files_search_spool" lineno="7407">
<summary>
Search the contents of generic spool
directories (/var/spool).
@@ -64317,7 +64338,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_dontaudit_search_spool" lineno="7407">
+<interface name="files_dontaudit_search_spool" lineno="7426">
<summary>
Do not audit attempts to search generic
spool directories.
@@ -64328,7 +64349,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="files_list_spool" lineno="7426">
+<interface name="files_list_spool" lineno="7445">
<summary>
List the contents of generic spool
(/var/spool) directories.
@@ -64339,7 +64360,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_generic_spool_dirs" lineno="7445">
+<interface name="files_manage_generic_spool_dirs" lineno="7464">
<summary>
Create, read, write, and delete generic
spool directories (/var/spool).
@@ -64350,7 +64371,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_read_generic_spool" lineno="7464">
+<interface name="files_read_generic_spool" lineno="7483">
<summary>
Read generic spool files.
</summary>
@@ -64360,7 +64381,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_generic_spool" lineno="7484">
+<interface name="files_manage_generic_spool" lineno="7503">
<summary>
Create, read, write, and delete generic
spool files.
@@ -64371,7 +64392,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_spool_filetrans" lineno="7520">
+<interface name="files_spool_filetrans" lineno="7539">
<summary>
Create objects in the spool directory
with a private type with a type transition.
@@ -64398,7 +64419,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="files_polyinstantiate_all" lineno="7540">
+<interface name="files_polyinstantiate_all" lineno="7559">
<summary>
Allow access to manage all polyinstantiated
directories on the system.
@@ -64409,7 +64430,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_unconfined" lineno="7594">
+<interface name="files_unconfined" lineno="7613">
<summary>
Unconfined access to files.
</summary>
@@ -64419,7 +64440,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_manage_etc_runtime_lnk_files" lineno="7616">
+<interface name="files_manage_etc_runtime_lnk_files" lineno="7635">
<summary>
Create, read, write, and delete symbolic links in
/etc that are dynamically created on boot.
@@ -64431,7 +64452,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_dontaudit_read_etc_runtime" lineno="7634">
+<interface name="files_dontaudit_read_etc_runtime" lineno="7653">
<summary>
Do not audit attempts to read etc_runtime resources
</summary>
@@ -64441,7 +64462,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="files_list_src" lineno="7652">
+<interface name="files_list_src" lineno="7671">
<summary>
List usr/src files
</summary>
@@ -64451,7 +64472,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="files_read_src_files" lineno="7670">
+<interface name="files_read_src_files" lineno="7689">
<summary>
Read usr/src files
</summary>
@@ -64461,7 +64482,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="files_manage_src_files" lineno="7688">
+<interface name="files_manage_src_files" lineno="7707">
<summary>
Manage /usr/src files
</summary>
@@ -64471,7 +64492,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="files_lib_filetrans_kernel_modules" lineno="7719">
+<interface name="files_lib_filetrans_kernel_modules" lineno="7738">
<summary>
Create a resource in the generic lib location
with an automatic type transition towards the kernel modules
@@ -64493,7 +64514,7 @@ Optional name of the resource
</summary>
</param>
</interface>
-<interface name="files_read_etc_runtime" lineno="7737">
+<interface name="files_read_etc_runtime" lineno="7756">
<summary>
Read etc runtime resources
</summary>
@@ -64503,7 +64524,7 @@ Domain allowed access
</summary>
</param>
</interface>
-<interface name="files_relabel_all_non_security_file_types" lineno="7759">
+<interface name="files_relabel_all_non_security_file_types" lineno="7778">
<summary>
Allow relabel from and to non-security types
</summary>
@@ -64514,7 +64535,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_manage_all_non_security_file_types" lineno="7789">
+<interface name="files_manage_all_non_security_file_types" lineno="7808">
<summary>
Manage non-security-sensitive resource types
</summary>
@@ -64525,7 +64546,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="files_relabel_all_pidfiles" lineno="7811">
+<interface name="files_relabel_all_pidfiles" lineno="7830">
<summary>
Allow relabeling from and to any pidfile associated type
</summary>
@@ -65023,7 +65044,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_cgroup_dirs" lineno="818">
+<interface name="fs_list_cgroup_dirs" lineno="817">
<summary>
list cgroup directories.
</summary>
@@ -65033,7 +65054,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_ioctl_cgroup_dirs" lineno="837">
+<interface name="fs_ioctl_cgroup_dirs" lineno="836">
<summary>
Ioctl cgroup directories.
</summary>
@@ -65043,7 +65064,17 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_delete_cgroup_dirs" lineno="856">
+<interface name="fs_create_cgroup_dirs" lineno="855">
+<summary>
+Create cgroup directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_delete_cgroup_dirs" lineno="874">
<summary>
Delete cgroup directories.
</summary>
@@ -65053,7 +65084,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_cgroup_dirs" lineno="875">
+<interface name="fs_manage_cgroup_dirs" lineno="893">
<summary>
Manage cgroup directories.
</summary>
@@ -65063,7 +65094,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_relabel_cgroup_dirs" lineno="895">
+<interface name="fs_relabel_cgroup_dirs" lineno="913">
<summary>
Relabel cgroup directories.
</summary>
@@ -65073,7 +65104,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_cgroup_files" lineno="913">
+<interface name="fs_getattr_cgroup_files" lineno="931">
<summary>
Get attributes of cgroup files.
</summary>
@@ -65083,7 +65114,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_cgroup_files" lineno="933">
+<interface name="fs_read_cgroup_files" lineno="951">
<summary>
Read cgroup files.
</summary>
@@ -65093,7 +65124,17 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_watch_cgroup_files" lineno="954">
+<interface name="fs_create_cgroup_files" lineno="972">
+<summary>
+Create cgroup files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_watch_cgroup_files" lineno="992">
<summary>
Watch cgroup files.
</summary>
@@ -65103,7 +65144,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_create_cgroup_links" lineno="973">
+<interface name="fs_create_cgroup_links" lineno="1011">
<summary>
Create cgroup lnk_files.
</summary>
@@ -65113,7 +65154,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_write_cgroup_files" lineno="993">
+<interface name="fs_write_cgroup_files" lineno="1031">
<summary>
Write cgroup files.
</summary>
@@ -65123,7 +65164,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_rw_cgroup_files" lineno="1012">
+<interface name="fs_rw_cgroup_files" lineno="1050">
<summary>
Read and write cgroup files.
</summary>
@@ -65133,7 +65174,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_rw_cgroup_files" lineno="1034">
+<interface name="fs_dontaudit_rw_cgroup_files" lineno="1072">
<summary>
Do not audit attempts to open,
get attributes, read and write
@@ -65145,7 +65186,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_manage_cgroup_files" lineno="1052">
+<interface name="fs_manage_cgroup_files" lineno="1090">
<summary>
Manage cgroup files.
</summary>
@@ -65155,7 +65196,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_relabel_cgroup_symlinks" lineno="1072">
+<interface name="fs_relabel_cgroup_symlinks" lineno="1110">
<summary>
Relabel cgroup symbolic links.
</summary>
@@ -65165,7 +65206,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_watch_cgroup_dirs" lineno="1090">
+<interface name="fs_watch_cgroup_dirs" lineno="1128">
<summary>
Watch cgroup directories.
</summary>
@@ -65175,7 +65216,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mounton_cgroup" lineno="1108">
+<interface name="fs_mounton_cgroup" lineno="1146">
<summary>
Mount on cgroup directories.
</summary>
@@ -65185,7 +65226,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_cgroup_filetrans" lineno="1142">
+<interface name="fs_cgroup_filetrans" lineno="1180">
<summary>
Create an object in a cgroup tmpfs filesystem, with a private
type using a type transition.
@@ -65211,7 +65252,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_list_cifs_dirs" lineno="1163">
+<interface name="fs_dontaudit_list_cifs_dirs" lineno="1201">
<summary>
Do not audit attempts to read
dirs on a CIFS or SMB filesystem.
@@ -65222,7 +65263,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_mount_cifs" lineno="1181">
+<interface name="fs_mount_cifs" lineno="1219">
<summary>
Mount a CIFS or SMB network filesystem.
</summary>
@@ -65232,7 +65273,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_remount_cifs" lineno="1200">
+<interface name="fs_remount_cifs" lineno="1238">
<summary>
Remount a CIFS or SMB network filesystem.
This allows some mount options to be changed.
@@ -65243,7 +65284,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_cifs" lineno="1218">
+<interface name="fs_unmount_cifs" lineno="1256">
<summary>
Unmount a CIFS or SMB network filesystem.
</summary>
@@ -65253,7 +65294,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_cifs" lineno="1238">
+<interface name="fs_getattr_cifs" lineno="1276">
<summary>
Get the attributes of a CIFS or
SMB network filesystem.
@@ -65265,7 +65306,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_search_cifs" lineno="1256">
+<interface name="fs_search_cifs" lineno="1294">
<summary>
Search directories on a CIFS or SMB filesystem.
</summary>
@@ -65275,7 +65316,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_cifs" lineno="1275">
+<interface name="fs_list_cifs" lineno="1313">
<summary>
List the contents of directories on a
CIFS or SMB filesystem.
@@ -65286,7 +65327,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_list_cifs" lineno="1294">
+<interface name="fs_dontaudit_list_cifs" lineno="1332">
<summary>
Do not audit attempts to list the contents
of directories on a CIFS or SMB filesystem.
@@ -65297,7 +65338,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_mounton_cifs" lineno="1312">
+<interface name="fs_mounton_cifs" lineno="1350">
<summary>
Mounton a CIFS filesystem.
</summary>
@@ -65307,7 +65348,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_cifs_files" lineno="1331">
+<interface name="fs_read_cifs_files" lineno="1369">
<summary>
Read files on a CIFS or SMB filesystem.
</summary>
@@ -65318,7 +65359,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_read_all_inherited_image_files" lineno="1351">
+<interface name="fs_read_all_inherited_image_files" lineno="1389">
<summary>
Read all inherited filesystem image files.
</summary>
@@ -65329,7 +65370,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_read_all_image_files" lineno="1370">
+<interface name="fs_read_all_image_files" lineno="1408">
<summary>
Read all filesystem image files.
</summary>
@@ -65340,7 +65381,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_mmap_read_all_image_files" lineno="1389">
+<interface name="fs_mmap_read_all_image_files" lineno="1427">
<summary>
Mmap-read all filesystem image files.
</summary>
@@ -65351,7 +65392,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_rw_all_image_files" lineno="1408">
+<interface name="fs_rw_all_image_files" lineno="1446">
<summary>
Read and write all filesystem image files.
</summary>
@@ -65362,7 +65403,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_mmap_rw_all_image_files" lineno="1427">
+<interface name="fs_mmap_rw_all_image_files" lineno="1465">
<summary>
Mmap-Read-write all filesystem image files.
</summary>
@@ -65373,7 +65414,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_write_all_image_files" lineno="1446">
+<interface name="fs_dontaudit_write_all_image_files" lineno="1484">
<summary>
Do not audit attempts to write all filesystem image files.
</summary>
@@ -65384,7 +65425,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_getattr_noxattr_fs" lineno="1466">
+<interface name="fs_getattr_noxattr_fs" lineno="1504">
<summary>
Get the attributes of filesystems that
do not have extended attribute support.
@@ -65396,7 +65437,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_list_noxattr_fs" lineno="1484">
+<interface name="fs_list_noxattr_fs" lineno="1522">
<summary>
Read all noxattrfs directories.
</summary>
@@ -65406,7 +65447,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_list_noxattr_fs" lineno="1503">
+<interface name="fs_dontaudit_list_noxattr_fs" lineno="1541">
<summary>
Do not audit attempts to list all
noxattrfs directories.
@@ -65417,7 +65458,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_manage_noxattr_fs_dirs" lineno="1521">
+<interface name="fs_manage_noxattr_fs_dirs" lineno="1559">
<summary>
Create, read, write, and delete all noxattrfs directories.
</summary>
@@ -65427,7 +65468,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_noxattr_fs_files" lineno="1539">
+<interface name="fs_read_noxattr_fs_files" lineno="1577">
<summary>
Read all noxattrfs files.
</summary>
@@ -65437,7 +65478,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_read_noxattr_fs_files" lineno="1559">
+<interface name="fs_dontaudit_read_noxattr_fs_files" lineno="1597">
<summary>
Do not audit attempts to read all
noxattrfs files.
@@ -65448,7 +65489,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1577">
+<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1615">
<summary>
Dont audit attempts to write to noxattrfs files.
</summary>
@@ -65458,7 +65499,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_manage_noxattr_fs_files" lineno="1595">
+<interface name="fs_manage_noxattr_fs_files" lineno="1633">
<summary>
Create, read, write, and delete all noxattrfs files.
</summary>
@@ -65468,7 +65509,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_noxattr_fs_symlinks" lineno="1614">
+<interface name="fs_read_noxattr_fs_symlinks" lineno="1652">
<summary>
Read all noxattrfs symbolic links.
</summary>
@@ -65478,7 +65519,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_noxattr_fs_symlinks" lineno="1633">
+<interface name="fs_manage_noxattr_fs_symlinks" lineno="1671">
<summary>
Manage all noxattrfs symbolic links.
</summary>
@@ -65488,7 +65529,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_relabelfrom_noxattr_fs" lineno="1653">
+<interface name="fs_relabelfrom_noxattr_fs" lineno="1691">
<summary>
Relabel all objects from filesystems that
do not support extended attributes.
@@ -65499,7 +65540,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_read_cifs_files" lineno="1679">
+<interface name="fs_dontaudit_read_cifs_files" lineno="1717">
<summary>
Do not audit attempts to read
files on a CIFS or SMB filesystem.
@@ -65510,7 +65551,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_append_cifs_files" lineno="1699">
+<interface name="fs_append_cifs_files" lineno="1737">
<summary>
Append files
on a CIFS filesystem.
@@ -65522,7 +65563,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_append_cifs_files" lineno="1719">
+<interface name="fs_dontaudit_append_cifs_files" lineno="1757">
<summary>
dontaudit Append files
on a CIFS filesystem.
@@ -65534,7 +65575,7 @@ Domain to not audit.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_rw_cifs_files" lineno="1738">
+<interface name="fs_dontaudit_rw_cifs_files" lineno="1776">
<summary>
Do not audit attempts to read or
write files on a CIFS or SMB filesystem.
@@ -65545,7 +65586,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_read_cifs_symlinks" lineno="1756">
+<interface name="fs_read_cifs_symlinks" lineno="1794">
<summary>
Read symbolic links on a CIFS or SMB filesystem.
</summary>
@@ -65555,7 +65596,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_cifs_named_pipes" lineno="1776">
+<interface name="fs_read_cifs_named_pipes" lineno="1814">
<summary>
Read named pipes
on a CIFS or SMB network filesystem.
@@ -65566,7 +65607,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_cifs_named_sockets" lineno="1795">
+<interface name="fs_read_cifs_named_sockets" lineno="1833">
<summary>
Read named sockets
on a CIFS or SMB network filesystem.
@@ -65577,7 +65618,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_exec_cifs_files" lineno="1816">
+<interface name="fs_exec_cifs_files" lineno="1854">
<summary>
Execute files on a CIFS or SMB
network filesystem, in the caller
@@ -65590,7 +65631,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_manage_cifs_dirs" lineno="1837">
+<interface name="fs_manage_cifs_dirs" lineno="1875">
<summary>
Create, read, write, and delete directories
on a CIFS or SMB network filesystem.
@@ -65602,7 +65643,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1857">
+<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1895">
<summary>
Do not audit attempts to create, read,
write, and delete directories
@@ -65614,7 +65655,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_manage_cifs_files" lineno="1877">
+<interface name="fs_manage_cifs_files" lineno="1915">
<summary>
Create, read, write, and delete files
on a CIFS or SMB network filesystem.
@@ -65626,7 +65667,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_manage_cifs_files" lineno="1897">
+<interface name="fs_dontaudit_manage_cifs_files" lineno="1935">
<summary>
Do not audit attempts to create, read,
write, and delete files
@@ -65638,7 +65679,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_manage_cifs_symlinks" lineno="1916">
+<interface name="fs_manage_cifs_symlinks" lineno="1954">
<summary>
Create, read, write, and delete symbolic links
on a CIFS or SMB network filesystem.
@@ -65649,7 +65690,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_cifs_named_pipes" lineno="1935">
+<interface name="fs_manage_cifs_named_pipes" lineno="1973">
<summary>
Create, read, write, and delete named pipes
on a CIFS or SMB network filesystem.
@@ -65660,7 +65701,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_cifs_named_sockets" lineno="1954">
+<interface name="fs_manage_cifs_named_sockets" lineno="1992">
<summary>
Create, read, write, and delete named sockets
on a CIFS or SMB network filesystem.
@@ -65671,7 +65712,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_cifs_domtrans" lineno="1997">
+<interface name="fs_cifs_domtrans" lineno="2035">
<summary>
Execute a file on a CIFS or SMB filesystem
in the specified domain.
@@ -65706,7 +65747,7 @@ The type of the new process.
</summary>
</param>
</interface>
-<interface name="fs_manage_configfs_dirs" lineno="2017">
+<interface name="fs_manage_configfs_dirs" lineno="2055">
<summary>
Create, read, write, and delete dirs
on a configfs filesystem.
@@ -65717,7 +65758,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_configfs_files" lineno="2036">
+<interface name="fs_manage_configfs_files" lineno="2074">
<summary>
Create, read, write, and delete files
on a configfs filesystem.
@@ -65728,7 +65769,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mount_dos_fs" lineno="2055">
+<interface name="fs_mount_dos_fs" lineno="2093">
<summary>
Mount a DOS filesystem, such as
FAT32 or NTFS.
@@ -65739,7 +65780,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_remount_dos_fs" lineno="2075">
+<interface name="fs_remount_dos_fs" lineno="2113">
<summary>
Remount a DOS filesystem, such as
FAT32 or NTFS. This allows
@@ -65751,7 +65792,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_dos_fs" lineno="2094">
+<interface name="fs_unmount_dos_fs" lineno="2132">
<summary>
Unmount a DOS filesystem, such as
FAT32 or NTFS.
@@ -65762,7 +65803,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_dos_fs" lineno="2114">
+<interface name="fs_getattr_dos_fs" lineno="2152">
<summary>
Get the attributes of a DOS
filesystem, such as FAT32 or NTFS.
@@ -65774,7 +65815,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_relabelfrom_dos_fs" lineno="2133">
+<interface name="fs_relabelfrom_dos_fs" lineno="2171">
<summary>
Allow changing of the label of a
DOS filesystem using the context= mount option.
@@ -65785,7 +65826,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_dos_dirs" lineno="2151">
+<interface name="fs_getattr_dos_dirs" lineno="2189">
<summary>
Get attributes of directories on a dosfs filesystem.
</summary>
@@ -65795,7 +65836,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_search_dos" lineno="2169">
+<interface name="fs_search_dos" lineno="2207">
<summary>
Search dosfs filesystem.
</summary>
@@ -65805,7 +65846,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_dos" lineno="2187">
+<interface name="fs_list_dos" lineno="2225">
<summary>
List dirs DOS filesystem.
</summary>
@@ -65815,7 +65856,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_dos_dirs" lineno="2206">
+<interface name="fs_manage_dos_dirs" lineno="2244">
<summary>
Create, read, write, and delete dirs
on a DOS filesystem.
@@ -65826,7 +65867,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_dos_files" lineno="2224">
+<interface name="fs_read_dos_files" lineno="2262">
<summary>
Read files on a DOS filesystem.
</summary>
@@ -65836,7 +65877,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mmap_read_dos_files" lineno="2242">
+<interface name="fs_mmap_read_dos_files" lineno="2280">
<summary>
Read and map files on a DOS filesystem.
</summary>
@@ -65846,7 +65887,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_dos_files" lineno="2262">
+<interface name="fs_manage_dos_files" lineno="2300">
<summary>
Create, read, write, and delete files
on a DOS filesystem.
@@ -65857,7 +65898,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_ecryptfs" lineno="2280">
+<interface name="fs_list_ecryptfs" lineno="2318">
<summary>
Read symbolic links on an eCryptfs filesystem.
</summary>
@@ -65867,7 +65908,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_ecryptfs_dirs" lineno="2301">
+<interface name="fs_manage_ecryptfs_dirs" lineno="2339">
<summary>
Create, read, write, and delete directories
on an eCryptfs filesystem.
@@ -65879,7 +65920,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_manage_ecryptfs_files" lineno="2321">
+<interface name="fs_manage_ecryptfs_files" lineno="2359">
<summary>
Create, read, write, and delete files
on an eCryptfs filesystem.
@@ -65891,7 +65932,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_manage_ecryptfs_named_sockets" lineno="2340">
+<interface name="fs_manage_ecryptfs_named_sockets" lineno="2378">
<summary>
Create, read, write, and delete named sockets
on an eCryptfs filesystem.
@@ -65902,7 +65943,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_efivarfs" lineno="2358">
+<interface name="fs_getattr_efivarfs" lineno="2396">
<summary>
Get the attributes of efivarfs filesystems.
</summary>
@@ -65912,7 +65953,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_efivars" lineno="2376">
+<interface name="fs_list_efivars" lineno="2414">
<summary>
List dirs in efivarfs filesystem.
</summary>
@@ -65922,7 +65963,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_efivarfs_files" lineno="2396">
+<interface name="fs_read_efivarfs_files" lineno="2434">
<summary>
Read files in efivarfs
- contains Linux Kernel configuration options for UEFI systems
@@ -65934,7 +65975,19 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_manage_efivarfs_files" lineno="2416">
+<interface name="fs_setattr_efivarfs_files" lineno="2454">
+<summary>
+Set the attributes of files in efivarfs
+- contains Linux Kernel configuration options for UEFI systems
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_manage_efivarfs_files" lineno="2474">
<summary>
Create, read, write, and delete files
on a efivarfs filesystem.
@@ -65946,7 +65999,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_fusefs" lineno="2434">
+<interface name="fs_getattr_fusefs" lineno="2492">
<summary>
stat a FUSE filesystem
</summary>
@@ -65956,7 +66009,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mount_fusefs" lineno="2452">
+<interface name="fs_mount_fusefs" lineno="2510">
<summary>
Mount a FUSE filesystem.
</summary>
@@ -65966,7 +66019,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_fusefs" lineno="2470">
+<interface name="fs_unmount_fusefs" lineno="2528">
<summary>
Unmount a FUSE filesystem.
</summary>
@@ -65976,7 +66029,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_remount_fusefs" lineno="2488">
+<interface name="fs_remount_fusefs" lineno="2546">
<summary>
Remount a FUSE filesystem.
</summary>
@@ -65986,7 +66039,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mounton_fusefs" lineno="2506">
+<interface name="fs_mounton_fusefs" lineno="2564">
<summary>
Mounton a FUSEFS filesystem.
</summary>
@@ -65996,7 +66049,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_fusefs_entry_type" lineno="2525">
+<interface name="fs_fusefs_entry_type" lineno="2583">
<summary>
Make FUSEFS files an entrypoint for the
specified domain.
@@ -66007,7 +66060,7 @@ The domain for which fusefs_t is an entrypoint.
</summary>
</param>
</interface>
-<interface name="fs_fusefs_domtrans" lineno="2558">
+<interface name="fs_fusefs_domtrans" lineno="2616">
<summary>
Execute FUSEFS files in a specified domain.
</summary>
@@ -66032,7 +66085,7 @@ Domain to transition to.
</summary>
</param>
</interface>
-<interface name="fs_search_fusefs" lineno="2578">
+<interface name="fs_search_fusefs" lineno="2636">
<summary>
Search directories
on a FUSEFS filesystem.
@@ -66044,7 +66097,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_list_fusefs" lineno="2598">
+<interface name="fs_list_fusefs" lineno="2656">
<summary>
List the contents of directories
on a FUSEFS filesystem.
@@ -66056,7 +66109,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_list_fusefs" lineno="2617">
+<interface name="fs_dontaudit_list_fusefs" lineno="2675">
<summary>
Do not audit attempts to list the contents
of directories on a FUSEFS filesystem.
@@ -66067,7 +66120,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_setattr_fusefs_dirs" lineno="2637">
+<interface name="fs_setattr_fusefs_dirs" lineno="2695">
<summary>
Set the attributes of directories
on a FUSEFS filesystem.
@@ -66079,7 +66132,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_manage_fusefs_dirs" lineno="2657">
+<interface name="fs_manage_fusefs_dirs" lineno="2715">
<summary>
Create, read, write, and delete directories
on a FUSEFS filesystem.
@@ -66091,7 +66144,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="2677">
+<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="2735">
<summary>
Do not audit attempts to create, read,
write, and delete directories
@@ -66103,7 +66156,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_getattr_fusefs_files" lineno="2697">
+<interface name="fs_getattr_fusefs_files" lineno="2755">
<summary>
Get the attributes of files on a
FUSEFS filesystem.
@@ -66115,7 +66168,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_read_fusefs_files" lineno="2716">
+<interface name="fs_read_fusefs_files" lineno="2774">
<summary>
Read, a FUSEFS filesystem.
</summary>
@@ -66126,7 +66179,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_exec_fusefs_files" lineno="2735">
+<interface name="fs_exec_fusefs_files" lineno="2793">
<summary>
Execute files on a FUSEFS filesystem.
</summary>
@@ -66137,7 +66190,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_setattr_fusefs_files" lineno="2755">
+<interface name="fs_setattr_fusefs_files" lineno="2813">
<summary>
Set the attributes of files on a
FUSEFS filesystem.
@@ -66149,7 +66202,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_manage_fusefs_files" lineno="2775">
+<interface name="fs_manage_fusefs_files" lineno="2833">
<summary>
Create, read, write, and delete files
on a FUSEFS filesystem.
@@ -66161,7 +66214,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_manage_fusefs_files" lineno="2795">
+<interface name="fs_dontaudit_manage_fusefs_files" lineno="2853">
<summary>
Do not audit attempts to create,
read, write, and delete files
@@ -66173,7 +66226,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_getattr_fusefs_symlinks" lineno="2815">
+<interface name="fs_getattr_fusefs_symlinks" lineno="2873">
<summary>
Get the attributes of symlinks
on a FUSEFS filesystem.
@@ -66185,7 +66238,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_read_fusefs_symlinks" lineno="2833">
+<interface name="fs_read_fusefs_symlinks" lineno="2891">
<summary>
Read symbolic links on a FUSEFS filesystem.
</summary>
@@ -66195,7 +66248,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_setattr_fusefs_symlinks" lineno="2854">
+<interface name="fs_setattr_fusefs_symlinks" lineno="2912">
<summary>
Set the attributes of symlinks
on a FUSEFS filesystem.
@@ -66207,7 +66260,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_manage_fusefs_symlinks" lineno="2873">
+<interface name="fs_manage_fusefs_symlinks" lineno="2931">
<summary>
Manage symlinks on a FUSEFS filesystem.
</summary>
@@ -66218,7 +66271,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_getattr_fusefs_fifo_files" lineno="2893">
+<interface name="fs_getattr_fusefs_fifo_files" lineno="2951">
<summary>
Get the attributes of named pipes
on a FUSEFS filesystem.
@@ -66230,7 +66283,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_setattr_fusefs_fifo_files" lineno="2913">
+<interface name="fs_setattr_fusefs_fifo_files" lineno="2971">
<summary>
Set the attributes of named pipes
on a FUSEFS filesystem.
@@ -66242,7 +66295,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_manage_fusefs_fifo_files" lineno="2933">
+<interface name="fs_manage_fusefs_fifo_files" lineno="2991">
<summary>
Manage named pipes on a FUSEFS
filesystem.
@@ -66254,7 +66307,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_getattr_fusefs_sock_files" lineno="2953">
+<interface name="fs_getattr_fusefs_sock_files" lineno="3011">
<summary>
Get the attributes of named sockets
on a FUSEFS filesystem.
@@ -66266,7 +66319,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_setattr_fusefs_sock_files" lineno="2973">
+<interface name="fs_setattr_fusefs_sock_files" lineno="3031">
<summary>
Set the attributes of named sockets
on a FUSEFS filesystem.
@@ -66278,7 +66331,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_manage_fusefs_sock_files" lineno="2993">
+<interface name="fs_manage_fusefs_sock_files" lineno="3051">
<summary>
Manage named sockets on a FUSEFS
filesystem.
@@ -66290,7 +66343,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_getattr_fusefs_chr_files" lineno="3013">
+<interface name="fs_getattr_fusefs_chr_files" lineno="3071">
<summary>
Get the attributes of character files
on a FUSEFS filesystem.
@@ -66302,7 +66355,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_setattr_fusefs_chr_files" lineno="3033">
+<interface name="fs_setattr_fusefs_chr_files" lineno="3091">
<summary>
Set the attributes of character files
on a FUSEFS filesystem.
@@ -66314,7 +66367,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_manage_fusefs_chr_files" lineno="3053">
+<interface name="fs_manage_fusefs_chr_files" lineno="3111">
<summary>
Manage character files on a FUSEFS
filesystem.
@@ -66326,7 +66379,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_getattr_hugetlbfs" lineno="3072">
+<interface name="fs_getattr_hugetlbfs" lineno="3130">
<summary>
Get the attributes of an hugetlbfs
filesystem.
@@ -66337,7 +66390,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_hugetlbfs" lineno="3090">
+<interface name="fs_list_hugetlbfs" lineno="3148">
<summary>
List hugetlbfs.
</summary>
@@ -66347,7 +66400,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_hugetlbfs_dirs" lineno="3108">
+<interface name="fs_manage_hugetlbfs_dirs" lineno="3166">
<summary>
Manage hugetlbfs dirs.
</summary>
@@ -66357,7 +66410,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_rw_inherited_hugetlbfs_files" lineno="3126">
+<interface name="fs_rw_inherited_hugetlbfs_files" lineno="3184">
<summary>
Read and write inherited hugetlbfs files.
</summary>
@@ -66367,7 +66420,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_rw_hugetlbfs_files" lineno="3144">
+<interface name="fs_rw_hugetlbfs_files" lineno="3202">
<summary>
Read and write hugetlbfs files.
</summary>
@@ -66377,7 +66430,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mmap_rw_hugetlbfs_files" lineno="3162">
+<interface name="fs_mmap_rw_hugetlbfs_files" lineno="3220">
<summary>
Read, map and write hugetlbfs files.
</summary>
@@ -66387,7 +66440,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_associate_hugetlbfs" lineno="3181">
+<interface name="fs_associate_hugetlbfs" lineno="3239">
<summary>
Allow the type to associate to hugetlbfs filesystems.
</summary>
@@ -66397,7 +66450,7 @@ The type of the object to be associated.
</summary>
</param>
</interface>
-<interface name="fs_search_inotifyfs" lineno="3199">
+<interface name="fs_search_inotifyfs" lineno="3257">
<summary>
Search inotifyfs filesystem.
</summary>
@@ -66407,7 +66460,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_inotifyfs" lineno="3217">
+<interface name="fs_list_inotifyfs" lineno="3275">
<summary>
List inotifyfs filesystem.
</summary>
@@ -66417,7 +66470,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_list_inotifyfs" lineno="3235">
+<interface name="fs_dontaudit_list_inotifyfs" lineno="3293">
<summary>
Dontaudit List inotifyfs filesystem.
</summary>
@@ -66427,7 +66480,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_hugetlbfs_filetrans" lineno="3269">
+<interface name="fs_hugetlbfs_filetrans" lineno="3327">
<summary>
Create an object in a hugetlbfs filesystem, with a private
type using a type transition.
@@ -66453,7 +66506,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="fs_mount_iso9660_fs" lineno="3289">
+<interface name="fs_mount_iso9660_fs" lineno="3347">
<summary>
Mount an iso9660 filesystem, which
is usually used on CDs.
@@ -66464,7 +66517,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_remount_iso9660_fs" lineno="3309">
+<interface name="fs_remount_iso9660_fs" lineno="3367">
<summary>
Remount an iso9660 filesystem, which
is usually used on CDs. This allows
@@ -66476,7 +66529,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_relabelfrom_iso9660_fs" lineno="3328">
+<interface name="fs_relabelfrom_iso9660_fs" lineno="3386">
<summary>
Allow changing of the label of a
filesystem with iso9660 type
@@ -66487,7 +66540,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_iso9660_fs" lineno="3347">
+<interface name="fs_unmount_iso9660_fs" lineno="3405">
<summary>
Unmount an iso9660 filesystem, which
is usually used on CDs.
@@ -66498,7 +66551,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_iso9660_fs" lineno="3367">
+<interface name="fs_getattr_iso9660_fs" lineno="3425">
<summary>
Get the attributes of an iso9660
filesystem, which is usually used on CDs.
@@ -66510,7 +66563,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_getattr_iso9660_files" lineno="3386">
+<interface name="fs_getattr_iso9660_files" lineno="3444">
<summary>
Get the attributes of files on an iso9660
filesystem, which is usually used on CDs.
@@ -66521,7 +66574,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_iso9660_files" lineno="3406">
+<interface name="fs_read_iso9660_files" lineno="3464">
<summary>
Read files on an iso9660 filesystem, which
is usually used on CDs.
@@ -66532,7 +66585,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mount_nfs" lineno="3426">
+<interface name="fs_mount_nfs" lineno="3484">
<summary>
Mount a NFS filesystem.
</summary>
@@ -66542,7 +66595,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_remount_nfs" lineno="3445">
+<interface name="fs_remount_nfs" lineno="3503">
<summary>
Remount a NFS filesystem. This allows
some mount options to be changed.
@@ -66553,7 +66606,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_nfs" lineno="3463">
+<interface name="fs_unmount_nfs" lineno="3521">
<summary>
Unmount a NFS filesystem.
</summary>
@@ -66563,7 +66616,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_nfs" lineno="3482">
+<interface name="fs_getattr_nfs" lineno="3540">
<summary>
Get the attributes of a NFS filesystem.
</summary>
@@ -66574,7 +66627,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_search_nfs" lineno="3500">
+<interface name="fs_search_nfs" lineno="3558">
<summary>
Search directories on a NFS filesystem.
</summary>
@@ -66584,7 +66637,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_nfs" lineno="3518">
+<interface name="fs_list_nfs" lineno="3576">
<summary>
List NFS filesystem.
</summary>
@@ -66594,7 +66647,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_list_nfs" lineno="3537">
+<interface name="fs_dontaudit_list_nfs" lineno="3595">
<summary>
Do not audit attempts to list the contents
of directories on a NFS filesystem.
@@ -66605,7 +66658,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_watch_nfs_dirs" lineno="3556">
+<interface name="fs_watch_nfs_dirs" lineno="3614">
<summary>
Add a watch on directories on an NFS
filesystem.
@@ -66616,7 +66669,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mounton_nfs" lineno="3574">
+<interface name="fs_mounton_nfs" lineno="3632">
<summary>
Mounton a NFS filesystem.
</summary>
@@ -66626,7 +66679,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_nfs_files" lineno="3593">
+<interface name="fs_read_nfs_files" lineno="3651">
<summary>
Read files on a NFS filesystem.
</summary>
@@ -66637,7 +66690,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_read_nfs_files" lineno="3613">
+<interface name="fs_dontaudit_read_nfs_files" lineno="3671">
<summary>
Do not audit attempts to read
files on a NFS filesystem.
@@ -66648,7 +66701,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_write_nfs_files" lineno="3631">
+<interface name="fs_write_nfs_files" lineno="3689">
<summary>
Read files on a NFS filesystem.
</summary>
@@ -66658,7 +66711,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_exec_nfs_files" lineno="3651">
+<interface name="fs_exec_nfs_files" lineno="3709">
<summary>
Execute files on a NFS filesystem.
</summary>
@@ -66669,7 +66722,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_append_nfs_files" lineno="3672">
+<interface name="fs_append_nfs_files" lineno="3730">
<summary>
Append files
on a NFS filesystem.
@@ -66681,7 +66734,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_append_nfs_files" lineno="3692">
+<interface name="fs_dontaudit_append_nfs_files" lineno="3750">
<summary>
dontaudit Append files
on a NFS filesystem.
@@ -66693,7 +66746,7 @@ Domain to not audit.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_rw_nfs_files" lineno="3711">
+<interface name="fs_dontaudit_rw_nfs_files" lineno="3769">
<summary>
Do not audit attempts to read or
write files on a NFS filesystem.
@@ -66704,7 +66757,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_watch_nfs_files" lineno="3729">
+<interface name="fs_watch_nfs_files" lineno="3787">
<summary>
Add a watch on files on an NFS filesystem.
</summary>
@@ -66714,7 +66767,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_nfs_symlinks" lineno="3747">
+<interface name="fs_read_nfs_symlinks" lineno="3805">
<summary>
Read symbolic links on a NFS filesystem.
</summary>
@@ -66724,7 +66777,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_read_nfs_symlinks" lineno="3766">
+<interface name="fs_dontaudit_read_nfs_symlinks" lineno="3824">
<summary>
Dontaudit read symbolic links on a NFS filesystem.
</summary>
@@ -66734,7 +66787,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_read_nfs_named_sockets" lineno="3784">
+<interface name="fs_read_nfs_named_sockets" lineno="3842">
<summary>
Read named sockets on a NFS filesystem.
</summary>
@@ -66744,7 +66797,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_nfs_named_pipes" lineno="3803">
+<interface name="fs_read_nfs_named_pipes" lineno="3861">
<summary>
Read named pipes on a NFS network filesystem.
</summary>
@@ -66755,7 +66808,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_getattr_rpc_dirs" lineno="3822">
+<interface name="fs_getattr_rpc_dirs" lineno="3880">
<summary>
Get the attributes of directories of RPC
file system pipes.
@@ -66766,7 +66819,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_search_rpc" lineno="3841">
+<interface name="fs_search_rpc" lineno="3899">
<summary>
Search directories of RPC file system pipes.
</summary>
@@ -66776,7 +66829,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_search_removable" lineno="3859">
+<interface name="fs_search_removable" lineno="3917">
<summary>
Search removable storage directories.
</summary>
@@ -66786,7 +66839,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_list_removable" lineno="3877">
+<interface name="fs_dontaudit_list_removable" lineno="3935">
<summary>
Do not audit attempts to list removable storage directories.
</summary>
@@ -66796,7 +66849,7 @@ Domain not to audit.
</summary>
</param>
</interface>
-<interface name="fs_read_removable_files" lineno="3895">
+<interface name="fs_read_removable_files" lineno="3953">
<summary>
Read removable storage files.
</summary>
@@ -66806,7 +66859,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_read_removable_files" lineno="3913">
+<interface name="fs_dontaudit_read_removable_files" lineno="3971">
<summary>
Do not audit attempts to read removable storage files.
</summary>
@@ -66816,7 +66869,7 @@ Domain not to audit.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_write_removable_files" lineno="3931">
+<interface name="fs_dontaudit_write_removable_files" lineno="3989">
<summary>
Do not audit attempts to write removable storage files.
</summary>
@@ -66826,7 +66879,7 @@ Domain not to audit.
</summary>
</param>
</interface>
-<interface name="fs_read_removable_symlinks" lineno="3949">
+<interface name="fs_read_removable_symlinks" lineno="4007">
<summary>
Read removable storage symbolic links.
</summary>
@@ -66836,7 +66889,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_removable_blk_files" lineno="3967">
+<interface name="fs_read_removable_blk_files" lineno="4025">
<summary>
Read block nodes on removable filesystems.
</summary>
@@ -66846,7 +66899,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_rw_removable_blk_files" lineno="3986">
+<interface name="fs_rw_removable_blk_files" lineno="4044">
<summary>
Read and write block nodes on removable filesystems.
</summary>
@@ -66856,7 +66909,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_rpc" lineno="4005">
+<interface name="fs_list_rpc" lineno="4063">
<summary>
Read directories of RPC file system pipes.
</summary>
@@ -66866,7 +66919,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_rpc_files" lineno="4023">
+<interface name="fs_read_rpc_files" lineno="4081">
<summary>
Read files of RPC file system pipes.
</summary>
@@ -66876,7 +66929,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_rpc_symlinks" lineno="4041">
+<interface name="fs_read_rpc_symlinks" lineno="4099">
<summary>
Read symbolic links of RPC file system pipes.
</summary>
@@ -66886,7 +66939,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_rpc_sockets" lineno="4059">
+<interface name="fs_read_rpc_sockets" lineno="4117">
<summary>
Read sockets of RPC file system pipes.
</summary>
@@ -66896,7 +66949,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_rw_rpc_sockets" lineno="4077">
+<interface name="fs_rw_rpc_sockets" lineno="4135">
<summary>
Read and write sockets of RPC file system pipes.
</summary>
@@ -66906,7 +66959,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_nfs_dirs" lineno="4097">
+<interface name="fs_manage_nfs_dirs" lineno="4155">
<summary>
Create, read, write, and delete directories
on a NFS filesystem.
@@ -66918,7 +66971,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_manage_nfs_dirs" lineno="4117">
+<interface name="fs_dontaudit_manage_nfs_dirs" lineno="4175">
<summary>
Do not audit attempts to create, read,
write, and delete directories
@@ -66930,7 +66983,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_manage_nfs_files" lineno="4137">
+<interface name="fs_manage_nfs_files" lineno="4195">
<summary>
Create, read, write, and delete files
on a NFS filesystem.
@@ -66942,7 +66995,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_manage_nfs_files" lineno="4157">
+<interface name="fs_dontaudit_manage_nfs_files" lineno="4215">
<summary>
Do not audit attempts to create,
read, write, and delete files
@@ -66954,7 +67007,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_manage_nfs_symlinks" lineno="4177">
+<interface name="fs_manage_nfs_symlinks" lineno="4235">
<summary>
Create, read, write, and delete symbolic links
on a NFS network filesystem.
@@ -66966,7 +67019,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_manage_nfs_named_pipes" lineno="4196">
+<interface name="fs_manage_nfs_named_pipes" lineno="4254">
<summary>
Create, read, write, and delete named pipes
on a NFS filesystem.
@@ -66977,7 +67030,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_nfs_named_sockets" lineno="4215">
+<interface name="fs_manage_nfs_named_sockets" lineno="4273">
<summary>
Create, read, write, and delete named sockets
on a NFS filesystem.
@@ -66988,7 +67041,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_nfs_domtrans" lineno="4258">
+<interface name="fs_nfs_domtrans" lineno="4316">
<summary>
Execute a file on a NFS filesystem
in the specified domain.
@@ -67023,7 +67076,7 @@ The type of the new process.
</summary>
</param>
</interface>
-<interface name="fs_mount_nfsd_fs" lineno="4277">
+<interface name="fs_mount_nfsd_fs" lineno="4335">
<summary>
Mount a NFS server pseudo filesystem.
</summary>
@@ -67033,7 +67086,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_remount_nfsd_fs" lineno="4296">
+<interface name="fs_remount_nfsd_fs" lineno="4354">
<summary>
Mount a NFS server pseudo filesystem.
This allows some mount options to be changed.
@@ -67044,7 +67097,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_nfsd_fs" lineno="4314">
+<interface name="fs_unmount_nfsd_fs" lineno="4372">
<summary>
Unmount a NFS server pseudo filesystem.
</summary>
@@ -67054,7 +67107,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_nfsd_fs" lineno="4333">
+<interface name="fs_getattr_nfsd_fs" lineno="4391">
<summary>
Get the attributes of a NFS server
pseudo filesystem.
@@ -67065,7 +67118,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_search_nfsd_fs" lineno="4351">
+<interface name="fs_search_nfsd_fs" lineno="4409">
<summary>
Search NFS server directories.
</summary>
@@ -67075,7 +67128,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_nfsd_fs" lineno="4369">
+<interface name="fs_list_nfsd_fs" lineno="4427">
<summary>
List NFS server directories.
</summary>
@@ -67085,7 +67138,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_watch_nfsd_dirs" lineno="4387">
+<interface name="fs_watch_nfsd_dirs" lineno="4445">
<summary>
Watch NFS server directories.
</summary>
@@ -67095,7 +67148,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_nfsd_files" lineno="4405">
+<interface name="fs_getattr_nfsd_files" lineno="4463">
<summary>
Getattr files on an nfsd filesystem
</summary>
@@ -67105,7 +67158,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_rw_nfsd_fs" lineno="4423">
+<interface name="fs_rw_nfsd_fs" lineno="4481">
<summary>
Read and write NFS server files.
</summary>
@@ -67115,7 +67168,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_nsfs_files" lineno="4441">
+<interface name="fs_getattr_nsfs_files" lineno="4499">
<summary>
Get the attributes of nsfs inodes (e.g. /proc/pid/ns/uts)
</summary>
@@ -67125,7 +67178,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_nsfs_files" lineno="4459">
+<interface name="fs_read_nsfs_files" lineno="4517">
<summary>
Read nsfs inodes (e.g. /proc/pid/ns/uts)
</summary>
@@ -67135,7 +67188,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_watch_nfsd_files" lineno="4477">
+<interface name="fs_watch_nfsd_files" lineno="4535">
<summary>
Watch NFS server files.
</summary>
@@ -67145,7 +67198,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_nsfs" lineno="4495">
+<interface name="fs_getattr_nsfs" lineno="4553">
<summary>
Get the attributes of an nsfs filesystem.
</summary>
@@ -67155,7 +67208,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_nsfs" lineno="4513">
+<interface name="fs_unmount_nsfs" lineno="4571">
<summary>
Unmount an nsfs filesystem.
</summary>
@@ -67165,7 +67218,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_pstorefs" lineno="4531">
+<interface name="fs_getattr_pstorefs" lineno="4589">
<summary>
Get the attributes of a pstore filesystem.
</summary>
@@ -67175,7 +67228,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_pstore_dirs" lineno="4550">
+<interface name="fs_getattr_pstore_dirs" lineno="4608">
<summary>
Get the attributes of directories
of a pstore filesystem.
@@ -67186,7 +67239,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_create_pstore_dirs" lineno="4569">
+<interface name="fs_create_pstore_dirs" lineno="4627">
<summary>
Create pstore directories.
</summary>
@@ -67196,7 +67249,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_relabel_pstore_dirs" lineno="4588">
+<interface name="fs_relabel_pstore_dirs" lineno="4646">
<summary>
Relabel to/from pstore_t directories.
</summary>
@@ -67206,7 +67259,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_pstore_dirs" lineno="4607">
+<interface name="fs_list_pstore_dirs" lineno="4665">
<summary>
List the directories
of a pstore filesystem.
@@ -67217,7 +67270,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_pstore_files" lineno="4626">
+<interface name="fs_read_pstore_files" lineno="4684">
<summary>
Read pstore_t files
</summary>
@@ -67227,7 +67280,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_delete_pstore_files" lineno="4645">
+<interface name="fs_delete_pstore_files" lineno="4703">
<summary>
Delete the files
of a pstore filesystem.
@@ -67238,7 +67291,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_associate_ramfs" lineno="4664">
+<interface name="fs_associate_ramfs" lineno="4722">
<summary>
Allow the type to associate to ramfs filesystems.
</summary>
@@ -67248,7 +67301,7 @@ The type of the object to be associated.
</summary>
</param>
</interface>
-<interface name="fs_mount_ramfs" lineno="4682">
+<interface name="fs_mount_ramfs" lineno="4740">
<summary>
Mount a RAM filesystem.
</summary>
@@ -67258,7 +67311,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_remount_ramfs" lineno="4701">
+<interface name="fs_remount_ramfs" lineno="4759">
<summary>
Remount a RAM filesystem. This allows
some mount options to be changed.
@@ -67269,7 +67322,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_ramfs" lineno="4719">
+<interface name="fs_unmount_ramfs" lineno="4777">
<summary>
Unmount a RAM filesystem.
</summary>
@@ -67279,7 +67332,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_ramfs" lineno="4737">
+<interface name="fs_getattr_ramfs" lineno="4795">
<summary>
Get the attributes of a RAM filesystem.
</summary>
@@ -67289,7 +67342,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_search_ramfs" lineno="4755">
+<interface name="fs_search_ramfs" lineno="4813">
<summary>
Search directories on a ramfs
</summary>
@@ -67299,7 +67352,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_search_ramfs" lineno="4773">
+<interface name="fs_dontaudit_search_ramfs" lineno="4831">
<summary>
Dontaudit Search directories on a ramfs
</summary>
@@ -67309,7 +67362,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_setattr_ramfs_dirs" lineno="4792">
+<interface name="fs_setattr_ramfs_dirs" lineno="4850">
<summary>
Set the attributes of directories on
a ramfs.
@@ -67320,7 +67373,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_ramfs_dirs" lineno="4811">
+<interface name="fs_manage_ramfs_dirs" lineno="4869">
<summary>
Create, read, write, and delete
directories on a ramfs.
@@ -67331,7 +67384,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_read_ramfs_files" lineno="4829">
+<interface name="fs_dontaudit_read_ramfs_files" lineno="4887">
<summary>
Dontaudit read on a ramfs files.
</summary>
@@ -67341,7 +67394,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_read_ramfs_pipes" lineno="4847">
+<interface name="fs_dontaudit_read_ramfs_pipes" lineno="4905">
<summary>
Dontaudit read on a ramfs fifo_files.
</summary>
@@ -67351,7 +67404,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_manage_ramfs_files" lineno="4866">
+<interface name="fs_manage_ramfs_files" lineno="4924">
<summary>
Create, read, write, and delete
files on a ramfs filesystem.
@@ -67362,7 +67415,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_write_ramfs_pipes" lineno="4884">
+<interface name="fs_write_ramfs_pipes" lineno="4942">
<summary>
Write to named pipe on a ramfs filesystem.
</summary>
@@ -67372,7 +67425,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_write_ramfs_pipes" lineno="4903">
+<interface name="fs_dontaudit_write_ramfs_pipes" lineno="4961">
<summary>
Do not audit attempts to write to named
pipes on a ramfs filesystem.
@@ -67383,7 +67436,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_rw_ramfs_pipes" lineno="4921">
+<interface name="fs_rw_ramfs_pipes" lineno="4979">
<summary>
Read and write a named pipe on a ramfs filesystem.
</summary>
@@ -67393,7 +67446,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_ramfs_pipes" lineno="4940">
+<interface name="fs_manage_ramfs_pipes" lineno="4998">
<summary>
Create, read, write, and delete
named pipes on a ramfs filesystem.
@@ -67404,7 +67457,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_write_ramfs_sockets" lineno="4958">
+<interface name="fs_write_ramfs_sockets" lineno="5016">
<summary>
Write to named socket on a ramfs filesystem.
</summary>
@@ -67414,7 +67467,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_ramfs_sockets" lineno="4977">
+<interface name="fs_manage_ramfs_sockets" lineno="5035">
<summary>
Create, read, write, and delete
named sockets on a ramfs filesystem.
@@ -67425,7 +67478,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mount_romfs" lineno="4995">
+<interface name="fs_mount_romfs" lineno="5053">
<summary>
Mount a ROM filesystem.
</summary>
@@ -67435,7 +67488,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_remount_romfs" lineno="5014">
+<interface name="fs_remount_romfs" lineno="5072">
<summary>
Remount a ROM filesystem. This allows
some mount options to be changed.
@@ -67446,7 +67499,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_romfs" lineno="5032">
+<interface name="fs_unmount_romfs" lineno="5090">
<summary>
Unmount a ROM filesystem.
</summary>
@@ -67456,7 +67509,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_romfs" lineno="5051">
+<interface name="fs_getattr_romfs" lineno="5109">
<summary>
Get the attributes of a ROM
filesystem.
@@ -67467,7 +67520,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mount_rpc_pipefs" lineno="5069">
+<interface name="fs_mount_rpc_pipefs" lineno="5127">
<summary>
Mount a RPC pipe filesystem.
</summary>
@@ -67477,7 +67530,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_remount_rpc_pipefs" lineno="5088">
+<interface name="fs_remount_rpc_pipefs" lineno="5146">
<summary>
Remount a RPC pipe filesystem. This
allows some mount option to be changed.
@@ -67488,7 +67541,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_rpc_pipefs" lineno="5106">
+<interface name="fs_unmount_rpc_pipefs" lineno="5164">
<summary>
Unmount a RPC pipe filesystem.
</summary>
@@ -67498,7 +67551,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_rpc_pipefs" lineno="5125">
+<interface name="fs_getattr_rpc_pipefs" lineno="5183">
<summary>
Get the attributes of a RPC pipe
filesystem.
@@ -67509,7 +67562,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_rw_rpc_named_pipes" lineno="5143">
+<interface name="fs_rw_rpc_named_pipes" lineno="5201">
<summary>
Read and write RPC pipe filesystem named pipes.
</summary>
@@ -67519,7 +67572,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_watch_rpc_pipefs_dirs" lineno="5161">
+<interface name="fs_watch_rpc_pipefs_dirs" lineno="5219">
<summary>
Watch RPC pipe filesystem directories.
</summary>
@@ -67529,7 +67582,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mount_tmpfs" lineno="5179">
+<interface name="fs_mount_tmpfs" lineno="5237">
<summary>
Mount a tmpfs filesystem.
</summary>
@@ -67539,7 +67592,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_remount_tmpfs" lineno="5197">
+<interface name="fs_remount_tmpfs" lineno="5255">
<summary>
Remount a tmpfs filesystem.
</summary>
@@ -67549,7 +67602,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_tmpfs" lineno="5215">
+<interface name="fs_unmount_tmpfs" lineno="5273">
<summary>
Unmount a tmpfs filesystem.
</summary>
@@ -67559,7 +67612,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_getattr_tmpfs" lineno="5233">
+<interface name="fs_dontaudit_getattr_tmpfs" lineno="5291">
<summary>
Do not audit getting the attributes of a tmpfs filesystem
</summary>
@@ -67569,7 +67622,7 @@ Domain to not audit
</summary>
</param>
</interface>
-<interface name="fs_getattr_tmpfs" lineno="5253">
+<interface name="fs_getattr_tmpfs" lineno="5311">
<summary>
Get the attributes of a tmpfs
filesystem.
@@ -67581,7 +67634,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_associate_tmpfs" lineno="5271">
+<interface name="fs_associate_tmpfs" lineno="5329">
<summary>
Allow the type to associate to tmpfs filesystems.
</summary>
@@ -67591,7 +67644,7 @@ The type of the object to be associated.
</summary>
</param>
</interface>
-<interface name="fs_relabelfrom_tmpfs" lineno="5289">
+<interface name="fs_relabelfrom_tmpfs" lineno="5347">
<summary>
Relabel from tmpfs filesystem.
</summary>
@@ -67601,7 +67654,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_tmpfs_dirs" lineno="5307">
+<interface name="fs_getattr_tmpfs_dirs" lineno="5365">
<summary>
Get the attributes of tmpfs directories.
</summary>
@@ -67611,7 +67664,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="5326">
+<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="5384">
<summary>
Do not audit attempts to get the attributes
of tmpfs directories.
@@ -67622,7 +67675,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_mounton_tmpfs" lineno="5344">
+<interface name="fs_mounton_tmpfs" lineno="5402">
<summary>
Mount on tmpfs directories.
</summary>
@@ -67632,7 +67685,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mounton_tmpfs_files" lineno="5362">
+<interface name="fs_mounton_tmpfs_files" lineno="5420">
<summary>
Mount on tmpfs files.
</summary>
@@ -67642,7 +67695,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_setattr_tmpfs_dirs" lineno="5380">
+<interface name="fs_setattr_tmpfs_dirs" lineno="5438">
<summary>
Set the attributes of tmpfs directories.
</summary>
@@ -67652,7 +67705,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_search_tmpfs" lineno="5398">
+<interface name="fs_search_tmpfs" lineno="5456">
<summary>
Search tmpfs directories.
</summary>
@@ -67662,7 +67715,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_tmpfs" lineno="5416">
+<interface name="fs_list_tmpfs" lineno="5474">
<summary>
List the contents of generic tmpfs directories.
</summary>
@@ -67672,7 +67725,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_list_tmpfs" lineno="5435">
+<interface name="fs_dontaudit_list_tmpfs" lineno="5493">
<summary>
Do not audit attempts to list the
contents of generic tmpfs directories.
@@ -67683,7 +67736,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_manage_tmpfs_dirs" lineno="5454">
+<interface name="fs_manage_tmpfs_dirs" lineno="5512">
<summary>
Create, read, write, and delete
tmpfs directories
@@ -67694,7 +67747,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_write_tmpfs_dirs" lineno="5473">
+<interface name="fs_dontaudit_write_tmpfs_dirs" lineno="5531">
<summary>
Do not audit attempts to write
tmpfs directories
@@ -67705,7 +67758,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_relabelfrom_tmpfs_dirs" lineno="5491">
+<interface name="fs_relabelfrom_tmpfs_dirs" lineno="5549">
<summary>
Relabel from tmpfs_t dir
</summary>
@@ -67715,7 +67768,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_relabel_tmpfs_dirs" lineno="5509">
+<interface name="fs_relabel_tmpfs_dirs" lineno="5567">
<summary>
Relabel directory on tmpfs filesystems.
</summary>
@@ -67725,7 +67778,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_watch_tmpfs_dirs" lineno="5526">
+<interface name="fs_watch_tmpfs_dirs" lineno="5584">
<summary>
Watch directories on tmpfs filesystems.
</summary>
@@ -67735,7 +67788,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_tmpfs_filetrans" lineno="5560">
+<interface name="fs_tmpfs_filetrans" lineno="5618">
<summary>
Create an object in a tmpfs filesystem, with a private
type using a type transition.
@@ -67761,7 +67814,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="5580">
+<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="5638">
<summary>
Do not audit attempts to getattr
generic tmpfs files.
@@ -67772,7 +67825,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_rw_tmpfs_files" lineno="5599">
+<interface name="fs_dontaudit_rw_tmpfs_files" lineno="5657">
<summary>
Do not audit attempts to read or write
generic tmpfs files.
@@ -67783,7 +67836,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_delete_tmpfs_symlinks" lineno="5617">
+<interface name="fs_delete_tmpfs_symlinks" lineno="5675">
<summary>
Delete tmpfs symbolic links.
</summary>
@@ -67793,7 +67846,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_auto_mountpoints" lineno="5636">
+<interface name="fs_manage_auto_mountpoints" lineno="5694">
<summary>
Create, read, write, and delete
auto moutpoints.
@@ -67804,7 +67857,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_tmpfs_files" lineno="5654">
+<interface name="fs_read_tmpfs_files" lineno="5712">
<summary>
Read generic tmpfs files.
</summary>
@@ -67814,7 +67867,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_rw_tmpfs_files" lineno="5672">
+<interface name="fs_rw_tmpfs_files" lineno="5730">
<summary>
Read and write generic tmpfs files.
</summary>
@@ -67824,7 +67877,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_relabel_tmpfs_files" lineno="5690">
+<interface name="fs_relabel_tmpfs_files" lineno="5748">
<summary>
Relabel files on tmpfs filesystems.
</summary>
@@ -67834,7 +67887,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_read_tmpfs_symlinks" lineno="5708">
+<interface name="fs_read_tmpfs_symlinks" lineno="5766">
<summary>
Read tmpfs link files.
</summary>
@@ -67844,7 +67897,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_relabelfrom_tmpfs_sockets" lineno="5726">
+<interface name="fs_relabelfrom_tmpfs_sockets" lineno="5784">
<summary>
Relabelfrom socket files on tmpfs filesystems.
</summary>
@@ -67854,7 +67907,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_relabelfrom_tmpfs_symlinks" lineno="5744">
+<interface name="fs_relabelfrom_tmpfs_symlinks" lineno="5802">
<summary>
Relabelfrom tmpfs link files.
</summary>
@@ -67864,7 +67917,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_rw_tmpfs_chr_files" lineno="5762">
+<interface name="fs_rw_tmpfs_chr_files" lineno="5820">
<summary>
Read and write character nodes on tmpfs filesystems.
</summary>
@@ -67874,7 +67927,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="5781">
+<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="5839">
<summary>
dontaudit Read and write character nodes on tmpfs filesystems.
</summary>
@@ -67884,7 +67937,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_relabel_tmpfs_chr_files" lineno="5800">
+<interface name="fs_relabel_tmpfs_chr_files" lineno="5858">
<summary>
Relabel character nodes on tmpfs filesystems.
</summary>
@@ -67894,7 +67947,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_rw_tmpfs_blk_files" lineno="5819">
+<interface name="fs_rw_tmpfs_blk_files" lineno="5877">
<summary>
Read and write block nodes on tmpfs filesystems.
</summary>
@@ -67904,7 +67957,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_relabel_tmpfs_blk_files" lineno="5838">
+<interface name="fs_relabel_tmpfs_blk_files" lineno="5896">
<summary>
Relabel block nodes on tmpfs filesystems.
</summary>
@@ -67914,7 +67967,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_relabel_tmpfs_fifo_files" lineno="5857">
+<interface name="fs_relabel_tmpfs_fifo_files" lineno="5915">
<summary>
Relabel named pipes on tmpfs filesystems.
</summary>
@@ -67924,7 +67977,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_tmpfs_files" lineno="5877">
+<interface name="fs_manage_tmpfs_files" lineno="5935">
<summary>
Read and write, create and delete generic
files on tmpfs filesystems.
@@ -67935,7 +67988,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_tmpfs_symlinks" lineno="5896">
+<interface name="fs_manage_tmpfs_symlinks" lineno="5954">
<summary>
Read and write, create and delete symbolic
links on tmpfs filesystems.
@@ -67946,7 +67999,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_tmpfs_sockets" lineno="5915">
+<interface name="fs_manage_tmpfs_sockets" lineno="5973">
<summary>
Read and write, create and delete socket
files on tmpfs filesystems.
@@ -67957,7 +68010,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_tmpfs_chr_files" lineno="5934">
+<interface name="fs_manage_tmpfs_chr_files" lineno="5992">
<summary>
Read and write, create and delete character
nodes on tmpfs filesystems.
@@ -67968,7 +68021,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_tmpfs_blk_files" lineno="5953">
+<interface name="fs_manage_tmpfs_blk_files" lineno="6011">
<summary>
Read and write, create and delete block nodes
on tmpfs filesystems.
@@ -67979,7 +68032,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_tracefs" lineno="5971">
+<interface name="fs_getattr_tracefs" lineno="6029">
<summary>
Get the attributes of a trace filesystem.
</summary>
@@ -67989,7 +68042,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_tracefs_dirs" lineno="5989">
+<interface name="fs_getattr_tracefs_dirs" lineno="6047">
<summary>
Get attributes of dirs on tracefs filesystem.
</summary>
@@ -67999,7 +68052,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_search_tracefs" lineno="6007">
+<interface name="fs_search_tracefs" lineno="6065">
<summary>
search directories on a tracefs filesystem
</summary>
@@ -68009,7 +68062,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_tracefs_files" lineno="6026">
+<interface name="fs_getattr_tracefs_files" lineno="6084">
<summary>
Get the attributes of files
on a trace filesystem.
@@ -68020,7 +68073,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_mount_xenfs" lineno="6044">
+<interface name="fs_mount_xenfs" lineno="6102">
<summary>
Mount a XENFS filesystem.
</summary>
@@ -68030,7 +68083,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_search_xenfs" lineno="6062">
+<interface name="fs_search_xenfs" lineno="6120">
<summary>
Search the XENFS filesystem.
</summary>
@@ -68040,7 +68093,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_manage_xenfs_dirs" lineno="6082">
+<interface name="fs_manage_xenfs_dirs" lineno="6140">
<summary>
Create, read, write, and delete directories
on a XENFS filesystem.
@@ -68052,7 +68105,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="6102">
+<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="6160">
<summary>
Do not audit attempts to create, read,
write, and delete directories
@@ -68064,7 +68117,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_manage_xenfs_files" lineno="6122">
+<interface name="fs_manage_xenfs_files" lineno="6180">
<summary>
Create, read, write, and delete files
on a XENFS filesystem.
@@ -68076,7 +68129,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_mmap_xenfs_files" lineno="6140">
+<interface name="fs_mmap_xenfs_files" lineno="6198">
<summary>
Map files a XENFS filesystem.
</summary>
@@ -68086,7 +68139,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_manage_xenfs_files" lineno="6160">
+<interface name="fs_dontaudit_manage_xenfs_files" lineno="6218">
<summary>
Do not audit attempts to create,
read, write, and delete files
@@ -68098,7 +68151,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_mount_all_fs" lineno="6178">
+<interface name="fs_mount_all_fs" lineno="6236">
<summary>
Mount all filesystems.
</summary>
@@ -68108,7 +68161,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_remount_all_fs" lineno="6197">
+<interface name="fs_remount_all_fs" lineno="6255">
<summary>
Remount all filesystems. This
allows some mount options to be changed.
@@ -68119,7 +68172,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unmount_all_fs" lineno="6215">
+<interface name="fs_unmount_all_fs" lineno="6273">
<summary>
Unmount all filesystems.
</summary>
@@ -68129,7 +68182,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_all_fs" lineno="6247">
+<interface name="fs_getattr_all_fs" lineno="6305">
<summary>
Get the attributes of all filesystems.
</summary>
@@ -68153,7 +68206,7 @@ Domain allowed access.
<infoflow type="read" weight="5"/>
<rolecap/>
</interface>
-<interface name="fs_dontaudit_getattr_all_fs" lineno="6267">
+<interface name="fs_dontaudit_getattr_all_fs" lineno="6325">
<summary>
Do not audit attempts to get the attributes
all filesystems.
@@ -68164,7 +68217,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_get_all_fs_quotas" lineno="6286">
+<interface name="fs_get_all_fs_quotas" lineno="6344">
<summary>
Get the quotas of all filesystems.
</summary>
@@ -68175,7 +68228,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_set_all_quotas" lineno="6305">
+<interface name="fs_set_all_quotas" lineno="6363">
<summary>
Set the quotas of all filesystems.
</summary>
@@ -68186,7 +68239,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="fs_relabelfrom_all_fs" lineno="6323">
+<interface name="fs_relabelfrom_all_fs" lineno="6381">
<summary>
Relabelfrom all filesystems.
</summary>
@@ -68196,7 +68249,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_all_dirs" lineno="6342">
+<interface name="fs_getattr_all_dirs" lineno="6400">
<summary>
Get the attributes of all directories
with a filesystem type.
@@ -68207,7 +68260,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_search_all" lineno="6360">
+<interface name="fs_search_all" lineno="6418">
<summary>
Search all directories with a filesystem type.
</summary>
@@ -68217,7 +68270,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_list_all" lineno="6378">
+<interface name="fs_list_all" lineno="6436">
<summary>
List all directories with a filesystem type.
</summary>
@@ -68227,7 +68280,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_all_files" lineno="6397">
+<interface name="fs_getattr_all_files" lineno="6455">
<summary>
Get the attributes of all files with
a filesystem type.
@@ -68238,7 +68291,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_getattr_all_files" lineno="6416">
+<interface name="fs_dontaudit_getattr_all_files" lineno="6474">
<summary>
Do not audit attempts to get the attributes
of all files with a filesystem type.
@@ -68249,7 +68302,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_getattr_all_symlinks" lineno="6435">
+<interface name="fs_getattr_all_symlinks" lineno="6493">
<summary>
Get the attributes of all symbolic links with
a filesystem type.
@@ -68260,7 +68313,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_getattr_all_symlinks" lineno="6454">
+<interface name="fs_dontaudit_getattr_all_symlinks" lineno="6512">
<summary>
Do not audit attempts to get the attributes
of all symbolic links with a filesystem type.
@@ -68271,7 +68324,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_getattr_all_pipes" lineno="6473">
+<interface name="fs_getattr_all_pipes" lineno="6531">
<summary>
Get the attributes of all named pipes with
a filesystem type.
@@ -68282,7 +68335,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_getattr_all_pipes" lineno="6492">
+<interface name="fs_dontaudit_getattr_all_pipes" lineno="6550">
<summary>
Do not audit attempts to get the attributes
of all named pipes with a filesystem type.
@@ -68293,7 +68346,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_getattr_all_sockets" lineno="6511">
+<interface name="fs_getattr_all_sockets" lineno="6569">
<summary>
Get the attributes of all named sockets with
a filesystem type.
@@ -68304,7 +68357,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_dontaudit_getattr_all_sockets" lineno="6530">
+<interface name="fs_dontaudit_getattr_all_sockets" lineno="6588">
<summary>
Do not audit attempts to get the attributes
of all named sockets with a filesystem type.
@@ -68315,7 +68368,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="fs_getattr_all_blk_files" lineno="6549">
+<interface name="fs_getattr_all_blk_files" lineno="6607">
<summary>
Get the attributes of all block device nodes with
a filesystem type.
@@ -68326,7 +68379,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_getattr_all_chr_files" lineno="6568">
+<interface name="fs_getattr_all_chr_files" lineno="6626">
<summary>
Get the attributes of all character device nodes with
a filesystem type.
@@ -68337,7 +68390,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="fs_unconfined" lineno="6586">
+<interface name="fs_unconfined" lineno="6644">
<summary>
Unconfined access to filesystems
</summary>
@@ -71360,7 +71413,18 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="selinux_dontaudit_getattr_dir" lineno="214">
+<interface name="selinux_getattr_dirs" lineno="214">
+<summary>
+Get the attributes of the selinuxfs
+directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="selinux_dontaudit_getattr_dir" lineno="233">
<summary>
Do not audit attempts to get the
attributes of the selinuxfs directory.
@@ -71371,7 +71435,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="selinux_search_fs" lineno="232">
+<interface name="selinux_search_fs" lineno="251">
<summary>
Search selinuxfs.
</summary>
@@ -71381,7 +71445,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="selinux_dontaudit_search_fs" lineno="251">
+<interface name="selinux_dontaudit_search_fs" lineno="270">
<summary>
Do not audit attempts to search selinuxfs.
</summary>
@@ -71391,7 +71455,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="selinux_dontaudit_read_fs" lineno="270">
+<interface name="selinux_dontaudit_read_fs" lineno="289">
<summary>
Do not audit attempts to read
generic selinuxfs entries
@@ -71402,7 +71466,17 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="selinux_get_enforce_mode" lineno="291">
+<interface name="selinux_mounton_dirs" lineno="308">
+<summary>
+Mount on the selinuxfs directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_get_enforce_mode" lineno="328">
<summary>
Allows the caller to get the mode of policy enforcement
(enforcing or permissive mode).
@@ -71414,7 +71488,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="selinux_set_enforce_mode" lineno="323">
+<interface name="selinux_set_enforce_mode" lineno="360">
<summary>
Allow caller to set the mode of policy enforcement
(enforcing or permissive mode).
@@ -71436,7 +71510,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="selinux_load_policy" lineno="341">
+<interface name="selinux_load_policy" lineno="378">
<summary>
Allow caller to load the policy into the kernel.
</summary>
@@ -71446,7 +71520,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="selinux_read_policy" lineno="359">
+<interface name="selinux_read_policy" lineno="396">
<summary>
Allow caller to read the policy from the kernel.
</summary>
@@ -71456,7 +71530,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="selinux_set_generic_booleans" lineno="392">
+<interface name="selinux_set_generic_booleans" lineno="429">
<summary>
Allow caller to set the state of generic Booleans to
enable or disable conditional portions of the policy.
@@ -71478,7 +71552,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="selinux_set_all_booleans" lineno="434">
+<interface name="selinux_set_all_booleans" lineno="471">
<summary>
Allow caller to set the state of all Booleans to
enable or disable conditional portions of the policy.
@@ -71500,7 +71574,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="selinux_get_all_booleans" lineno="476">
+<interface name="selinux_get_all_booleans" lineno="513">
<summary>
Allow caller to get the state of all Booleans to
view conditional portions of the policy.
@@ -71512,7 +71586,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="selinux_set_parameters" lineno="510">
+<interface name="selinux_set_parameters" lineno="547">
<summary>
Allow caller to set SELinux access vector cache parameters.
</summary>
@@ -71534,7 +71608,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="selinux_validate_context" lineno="529">
+<interface name="selinux_validate_context" lineno="566">
<summary>
Allows caller to validate security contexts.
</summary>
@@ -71545,7 +71619,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="selinux_dontaudit_validate_context" lineno="551">
+<interface name="selinux_dontaudit_validate_context" lineno="588">
<summary>
Do not audit attempts to validate security contexts.
</summary>
@@ -71556,7 +71630,7 @@ Domain to not audit.
</param>
<rolecap/>
</interface>
-<interface name="selinux_compute_access_vector" lineno="572">
+<interface name="selinux_compute_access_vector" lineno="609">
<summary>
Allows caller to compute an access vector.
</summary>
@@ -71567,7 +71641,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="selinux_compute_create_context" lineno="595">
+<interface name="selinux_compute_create_context" lineno="632">
<summary>
Calculate the default type for object creation.
</summary>
@@ -71578,7 +71652,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="selinux_compute_member" lineno="617">
+<interface name="selinux_compute_member" lineno="654">
<summary>
Allows caller to compute polyinstatntiated
directory members.
@@ -71589,7 +71663,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="selinux_compute_relabel_context" lineno="647">
+<interface name="selinux_compute_relabel_context" lineno="684">
<summary>
Calculate the context for relabeling objects.
</summary>
@@ -71608,7 +71682,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="selinux_compute_user_contexts" lineno="668">
+<interface name="selinux_compute_user_contexts" lineno="705">
<summary>
Allows caller to compute possible contexts for a user.
</summary>
@@ -71618,7 +71692,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="selinux_use_status_page" lineno="690">
+<interface name="selinux_use_status_page" lineno="727">
<summary>
Allows the caller to use the SELinux status page.
</summary>
@@ -71629,7 +71703,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="selinux_unconfined" lineno="710">
+<interface name="selinux_unconfined" lineno="747">
<summary>
Unconfined access to the SELinux kernel security server.
</summary>
@@ -77965,7 +78039,18 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_read_config" lineno="1087">
+<interface name="container_search_config" lineno="1087">
+<summary>
+Allow the specified domain to
+search container config directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="container_read_config" lineno="1107">
<summary>
Allow the specified domain to
read container config files.
@@ -77976,7 +78061,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_watch_config_dirs" lineno="1107">
+<interface name="container_watch_config_dirs" lineno="1127">
<summary>
Allow the specified domain to
watch container config directories.
@@ -77987,7 +78072,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_create_config_files" lineno="1126">
+<interface name="container_create_config_files" lineno="1146">
<summary>
Allow the specified domain to
create container config files.
@@ -77998,7 +78083,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_rw_config_files" lineno="1145">
+<interface name="container_rw_config_files" lineno="1165">
<summary>
Allow the specified domain to read
and write container config files.
@@ -78009,7 +78094,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_config_files" lineno="1164">
+<interface name="container_manage_config_files" lineno="1184">
<summary>
Allow the specified domain to
manage container config files.
@@ -78020,7 +78105,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_file_root_filetrans" lineno="1185">
+<interface name="container_file_root_filetrans" lineno="1205">
<summary>
Allow the specified domain to
create container files in the
@@ -78033,7 +78118,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_dirs" lineno="1204">
+<interface name="container_manage_dirs" lineno="1224">
<summary>
Allow the specified domain to
manage container file directories.
@@ -78044,7 +78129,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_watch_dirs" lineno="1223">
+<interface name="container_watch_dirs" lineno="1243">
<summary>
Allow the specified domain to
watch container file directories.
@@ -78055,7 +78140,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_files" lineno="1242">
+<interface name="container_manage_files" lineno="1262">
<summary>
Allow the specified domain to
manage container files.
@@ -78066,7 +78151,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_dontaudit_relabel_dirs" lineno="1261">
+<interface name="container_dontaudit_relabel_dirs" lineno="1281">
<summary>
Do not audit attempts to relabel
container file directories.
@@ -78077,7 +78162,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="container_dontaudit_relabel_files" lineno="1280">
+<interface name="container_dontaudit_relabel_files" lineno="1300">
<summary>
Do not audit attempts to relabel
container files.
@@ -78088,7 +78173,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="container_manage_lnk_files" lineno="1299">
+<interface name="container_manage_lnk_files" lineno="1319">
<summary>
Allow the specified domain to
manage container lnk files.
@@ -78099,7 +78184,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_rw_fifo_files" lineno="1318">
+<interface name="container_rw_fifo_files" lineno="1338">
<summary>
Allow the specified domain to
read and write container fifo files.
@@ -78110,7 +78195,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_fifo_files" lineno="1337">
+<interface name="container_manage_fifo_files" lineno="1357">
<summary>
Allow the specified domain to
manage container fifo files.
@@ -78121,7 +78206,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_sock_files" lineno="1356">
+<interface name="container_manage_sock_files" lineno="1376">
<summary>
Allow the specified domain to
manage container sock files.
@@ -78132,7 +78217,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_rw_chr_files" lineno="1375">
+<interface name="container_rw_chr_files" lineno="1395">
<summary>
Allow the specified domain to read
and write container chr files.
@@ -78143,7 +78228,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_dontaudit_rw_chr_files" lineno="1394">
+<interface name="container_dontaudit_rw_chr_files" lineno="1414">
<summary>
Do not audit attempts to read
and write container chr files.
@@ -78154,7 +78239,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_chr_files" lineno="1413">
+<interface name="container_manage_chr_files" lineno="1433">
<summary>
Allow the specified domain to
manage container chr files.
@@ -78165,7 +78250,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_spec_filetrans_file" lineno="1449">
+<interface name="container_spec_filetrans_file" lineno="1469">
<summary>
Allow the specified domain to create
objects in specified directories with
@@ -78193,7 +78278,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="container_list_ro_dirs" lineno="1469">
+<interface name="container_list_ro_dirs" lineno="1489">
<summary>
Allow the specified domain to list
the contents of read-only container
@@ -78205,7 +78290,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_home_config" lineno="1488">
+<interface name="container_manage_home_config" lineno="1508">
<summary>
Allow the specified domain to
manage container config home content.
@@ -78216,7 +78301,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_config_home_filetrans" lineno="1520">
+<interface name="container_config_home_filetrans" lineno="1540">
<summary>
Allow the specified domain to create
objects in an xdg_config directory
@@ -78239,7 +78324,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="container_manage_home_data_files" lineno="1540">
+<interface name="container_manage_home_data_files" lineno="1560">
<summary>
Allow the specified domain to
manage container data home files.
@@ -78250,7 +78335,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_home_data_fifo_files" lineno="1560">
+<interface name="container_manage_home_data_fifo_files" lineno="1580">
<summary>
Allow the specified domain to
manage container data home named
@@ -78262,7 +78347,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_home_data_sock_files" lineno="1580">
+<interface name="container_manage_home_data_sock_files" lineno="1600">
<summary>
Allow the specified domain to
manage container data home named
@@ -78274,7 +78359,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_admin_all_files" lineno="1598">
+<interface name="container_admin_all_files" lineno="1618">
<summary>
Administrate all container files.
</summary>
@@ -78284,7 +78369,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_admin_all_ro_files" lineno="1618">
+<interface name="container_admin_all_ro_files" lineno="1638">
<summary>
Administrate all container read-only files.
</summary>
@@ -78294,7 +78379,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_admin_all_user_runtime_content" lineno="1640">
+<interface name="container_admin_all_user_runtime_content" lineno="1660">
<summary>
All of the rules necessary for a user
to manage user container runtime data
@@ -78306,7 +78391,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_all_home_content" lineno="1660">
+<interface name="container_manage_all_home_content" lineno="1680">
<summary>
All of the rules necessary for a user
to manage container data in their home
@@ -78318,7 +78403,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_relabel_all_content" lineno="1704">
+<interface name="container_relabel_all_content" lineno="1724">
<summary>
Allow the specified domain to
relabel container files and
@@ -78330,7 +78415,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_remount_fs" lineno="1723">
+<interface name="container_remount_fs" lineno="1743">
<summary>
Allow the specified domain to
remount container filesystems.
@@ -78341,7 +78426,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_relabel_fs" lineno="1742">
+<interface name="container_relabel_fs" lineno="1762">
<summary>
Allow the specified domain to
relabel container filesystems.
@@ -78352,7 +78437,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_getattr_fs" lineno="1762">
+<interface name="container_getattr_fs" lineno="1782">
<summary>
Allow the specified domain to
get the attributes of container
@@ -78364,7 +78449,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_search_runtime" lineno="1781">
+<interface name="container_search_runtime" lineno="1801">
<summary>
Allow the specified domain to search
runtime container directories.
@@ -78375,7 +78460,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_read_runtime_files" lineno="1801">
+<interface name="container_read_runtime_files" lineno="1821">
<summary>
Allow the specified domain to read
runtime container files.
@@ -78386,7 +78471,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_getattr_runtime_sock_files" lineno="1822">
+<interface name="container_getattr_runtime_sock_files" lineno="1842">
<summary>
Allow the specified domain to get
the attributes runtime container of
@@ -78398,7 +78483,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_runtime_files" lineno="1841">
+<interface name="container_manage_runtime_files" lineno="1861">
<summary>
Allow the specified domain to manage
runtime container files.
@@ -78409,7 +78494,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_runtime_fifo_files" lineno="1860">
+<interface name="container_manage_runtime_fifo_files" lineno="1880">
<summary>
Allow the specified domain to manage
runtime container named pipes.
@@ -78420,7 +78505,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_runtime_lnk_files" lineno="1879">
+<interface name="container_manage_runtime_lnk_files" lineno="1899">
<summary>
Allow the specified domain to manage
runtime container symlinks.
@@ -78431,7 +78516,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_runtime_sock_files" lineno="1898">
+<interface name="container_manage_runtime_sock_files" lineno="1918">
<summary>
Allow the specified domain to manage
runtime container named sockets.
@@ -78442,7 +78527,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_user_runtime_files" lineno="1917">
+<interface name="container_manage_user_runtime_files" lineno="1937">
<summary>
Allow the specified domain to manage
user runtime container files.
@@ -78453,7 +78538,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_rw_user_runtime_sock_files" lineno="1936">
+<interface name="container_rw_user_runtime_sock_files" lineno="1956">
<summary>
Allow the specified domain to read and
write user runtime container named sockets.
@@ -78464,7 +78549,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_search_var_lib" lineno="1955">
+<interface name="container_search_var_lib" lineno="1975">
<summary>
Allow the specified domain to search
container directories in /var/lib.
@@ -78475,7 +78560,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_list_var_lib" lineno="1976">
+<interface name="container_list_var_lib" lineno="1996">
<summary>
Allow the specified domain to list
the contents of container directories
@@ -78487,7 +78572,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_var_lib_dirs" lineno="1996">
+<interface name="container_manage_var_lib_dirs" lineno="2016">
<summary>
Allow the specified domain to manage
container file directories in /var/lib.
@@ -78498,7 +78583,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_read_var_lib_files" lineno="2015">
+<interface name="container_read_var_lib_files" lineno="2035">
<summary>
Allow the specified domain to read
container files in /var/lib.
@@ -78509,7 +78594,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_var_lib_files" lineno="2034">
+<interface name="container_manage_var_lib_files" lineno="2054">
<summary>
Allow the specified domain to manage
container files in /var/lib.
@@ -78520,7 +78605,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_map_var_lib_files" lineno="2053">
+<interface name="container_map_var_lib_files" lineno="2073">
<summary>
Allow the specified domain to memory
map container files in /var/lib.
@@ -78531,7 +78616,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_var_lib_fifo_files" lineno="2072">
+<interface name="container_manage_var_lib_fifo_files" lineno="2092">
<summary>
Allow the specified domain to manage
container named pipes in /var/lib.
@@ -78542,7 +78627,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_var_lib_lnk_files" lineno="2091">
+<interface name="container_manage_var_lib_lnk_files" lineno="2111">
<summary>
Allow the specified domain to manage
container symlinks in /var/lib.
@@ -78553,7 +78638,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_var_lib_sock_files" lineno="2110">
+<interface name="container_manage_var_lib_sock_files" lineno="2130">
<summary>
Allow the specified domain to manage
container named sockets in /var/lib.
@@ -78564,7 +78649,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_var_lib_filetrans" lineno="2140">
+<interface name="container_var_lib_filetrans" lineno="2160">
<summary>
Allow the specified domain to create
objects in /var/lib with an automatic
@@ -78586,7 +78671,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="container_var_lib_filetrans_file" lineno="2170">
+<interface name="container_var_lib_filetrans_file" lineno="2190">
<summary>
Allow the specified domain to create
objects in /var/lib with an automatic
@@ -78608,7 +78693,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="container_filetrans_var_lib_file" lineno="2201">
+<interface name="container_filetrans_var_lib_file" lineno="2221">
<summary>
Allow the specified domain to create
objects in container /var/lib directories
@@ -78631,7 +78716,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="container_unlabeled_var_lib_filetrans" lineno="2233">
+<interface name="container_unlabeled_var_lib_filetrans" lineno="2253">
<summary>
Allow the specified domain to create
objects in unlabeled directories with
@@ -78654,7 +78739,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="container_search_logs" lineno="2254">
+<interface name="container_search_logs" lineno="2274">
<summary>
Allow the specified domain to search
container log file directories.
@@ -78665,7 +78750,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_list_log_dirs" lineno="2274">
+<interface name="container_list_log_dirs" lineno="2294">
<summary>
Allow the specified domain to list
the contents of container log directories.
@@ -78676,7 +78761,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_create_log_dirs" lineno="2293">
+<interface name="container_create_log_dirs" lineno="2313">
<summary>
Allow the specified domain to create
container log file directories.
@@ -78687,7 +78772,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_log_dirs" lineno="2312">
+<interface name="container_manage_log_dirs" lineno="2332">
<summary>
Allow the specified domain to manage
container log file directories.
@@ -78698,7 +78783,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_watch_log_dirs" lineno="2331">
+<interface name="container_watch_log_dirs" lineno="2351">
<summary>
Allow the specified domain to watch
container log file directories.
@@ -78709,7 +78794,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_create_log_files" lineno="2350">
+<interface name="container_create_log_files" lineno="2370">
<summary>
Allow the specified domain to create
container log files.
@@ -78720,7 +78805,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_append_log_files" lineno="2369">
+<interface name="container_append_log_files" lineno="2389">
<summary>
Allow the specified domain to append
data to container log files.
@@ -78731,7 +78816,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_manage_log_files" lineno="2388">
+<interface name="container_manage_log_files" lineno="2408">
<summary>
Allow the specified domain to manage
container log files.
@@ -78742,7 +78827,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_watch_log_files" lineno="2407">
+<interface name="container_watch_log_files" lineno="2427">
<summary>
Allow the specified domain to watch
container log files.
@@ -78753,7 +78838,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_log_filetrans" lineno="2438">
+<interface name="container_log_filetrans" lineno="2458">
<summary>
Allow the specified domain to create
objects in log directories with an
@@ -78776,7 +78861,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="container_manage_log_symlinks" lineno="2458">
+<interface name="container_manage_log_symlinks" lineno="2478">
<summary>
Allow the specified domain to manage
container log symlinks.
@@ -78787,7 +78872,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_start_units" lineno="2477">
+<interface name="container_start_units" lineno="2497">
<summary>
Allow the specified domain to start
systemd units for containers.
@@ -78798,7 +78883,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="container_admin" lineno="2504">
+<interface name="container_admin" lineno="2524">
<summary>
All of the rules required to
administrate a container
@@ -86526,7 +86611,17 @@ Domain prefix to be used.
</summary>
</param>
</template>
-<interface name="munin_stream_connect" lineno="55">
+<interface name="munin_rw_tcp_sockets" lineno="54">
+<summary>
+Permit to read/write Munin TCP sockets
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="munin_stream_connect" lineno="72">
<summary>
Connect to munin over a unix domain
stream socket.
@@ -86537,7 +86632,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="munin_read_config" lineno="75">
+<interface name="munin_read_config" lineno="92">
<summary>
Read munin configuration content.
</summary>
@@ -86548,7 +86643,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="munin_append_log" lineno="97">
+<interface name="munin_append_log" lineno="114">
<summary>
Append munin log files.
</summary>
@@ -86559,7 +86654,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="munin_search_lib" lineno="117">
+<interface name="munin_search_lib" lineno="134">
<summary>
Search munin library directories.
</summary>
@@ -86569,7 +86664,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="munin_dontaudit_search_lib" lineno="137">
+<interface name="munin_dontaudit_search_lib" lineno="154">
<summary>
Do not audit attempts to search
munin library directories.
@@ -86580,7 +86675,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="munin_admin" lineno="162">
+<interface name="munin_admin" lineno="179">
<summary>
All of the rules required to
administrate an munin environment.
@@ -98074,7 +98169,19 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="zfs_rw_zpool_cache" lineno="117">
+<interface name="zfs_filetrans_zpool_cache" lineno="119">
+<summary>
+Create the zpool cache with an
+automatic transition to the zpool
+cache type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zfs_rw_zpool_cache" lineno="137">
<summary>
Read and write zpool cache files.
</summary>
@@ -98084,7 +98191,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="zfs_admin" lineno="143">
+<interface name="zfs_admin" lineno="163">
<summary>
All of the rules required to
administrate a ZFS environment.
@@ -105537,7 +105644,18 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="sysnet_dontaudit_rw_dhcpc_unix_stream_sockets" lineno="97">
+<interface name="sysnet_dontaudit_rw_dhcpc_dgram_sockets" lineno="97">
+<summary>
+Do not audit attempts to read/write to the
+dhcp unix datagram socket descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_dontaudit_rw_dhcpc_unix_stream_sockets" lineno="116">
<summary>
Do not audit attempts to read/write to the
dhcp unix stream socket descriptors.
@@ -105548,7 +105666,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="sysnet_sigchld_dhcpc" lineno="115">
+<interface name="sysnet_sigchld_dhcpc" lineno="134">
<summary>
Send a SIGCHLD signal to the dhcp client.
</summary>
@@ -105558,7 +105676,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_kill_dhcpc" lineno="134">
+<interface name="sysnet_kill_dhcpc" lineno="153">
<summary>
Send a kill signal to the dhcp client.
</summary>
@@ -105569,7 +105687,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="sysnet_sigstop_dhcpc" lineno="152">
+<interface name="sysnet_sigstop_dhcpc" lineno="171">
<summary>
Send a SIGSTOP signal to the dhcp client.
</summary>
@@ -105579,7 +105697,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_signull_dhcpc" lineno="170">
+<interface name="sysnet_signull_dhcpc" lineno="189">
<summary>
Send a null signal to the dhcp client.
</summary>
@@ -105589,7 +105707,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_signal_dhcpc" lineno="189">
+<interface name="sysnet_signal_dhcpc" lineno="208">
<summary>
Send a generic signal to the dhcp client.
</summary>
@@ -105600,7 +105718,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="sysnet_dbus_chat_dhcpc" lineno="208">
+<interface name="sysnet_dbus_chat_dhcpc" lineno="227">
<summary>
Send and receive messages from
dhcpc over dbus.
@@ -105611,7 +105729,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_rw_dhcp_config" lineno="228">
+<interface name="sysnet_rw_dhcp_config" lineno="247">
<summary>
Read and write dhcp configuration files.
</summary>
@@ -105621,7 +105739,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_search_dhcpc_state" lineno="248">
+<interface name="sysnet_search_dhcpc_state" lineno="267">
<summary>
Search the DHCP client state
directories.
@@ -105632,7 +105750,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_read_dhcpc_state" lineno="267">
+<interface name="sysnet_read_dhcpc_state" lineno="286">
<summary>
Read dhcp client state files.
</summary>
@@ -105642,7 +105760,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_delete_dhcpc_state" lineno="285">
+<interface name="sysnet_delete_dhcpc_state" lineno="304">
<summary>
Delete the dhcp client state files.
</summary>
@@ -105652,7 +105770,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_setattr_config" lineno="303">
+<interface name="sysnet_setattr_config" lineno="322">
<summary>
Set the attributes of network config files.
</summary>
@@ -105662,7 +105780,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_read_config" lineno="343">
+<interface name="sysnet_read_config" lineno="362">
<summary>
Read network config files.
</summary>
@@ -105693,7 +105811,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_mmap_config_files" lineno="386">
+<interface name="sysnet_mmap_config_files" lineno="405">
<summary>
Map network config files.
</summary>
@@ -105709,7 +105827,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_mmap_read_config" lineno="411">
+<interface name="sysnet_mmap_read_config" lineno="430">
<summary>
map network config files.
</summary>
@@ -105725,7 +105843,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_dontaudit_read_config" lineno="430">
+<interface name="sysnet_dontaudit_read_config" lineno="449">
<summary>
Do not audit attempts to read network config files.
</summary>
@@ -105735,7 +105853,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="sysnet_write_config" lineno="448">
+<interface name="sysnet_write_config" lineno="467">
<summary>
Write network config files.
</summary>
@@ -105745,7 +105863,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_create_config" lineno="467">
+<interface name="sysnet_create_config" lineno="486">
<summary>
Create network config files.
</summary>
@@ -105755,7 +105873,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_relabel_config" lineno="486">
+<interface name="sysnet_relabel_config" lineno="505">
<summary>
Relabel network config files.
</summary>
@@ -105765,7 +105883,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_etc_filetrans_config" lineno="511">
+<interface name="sysnet_etc_filetrans_config" lineno="530">
<summary>
Create files in /etc with the type used for
the network config files.
@@ -105781,7 +105899,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="sysnet_manage_config" lineno="529">
+<interface name="sysnet_manage_config" lineno="548">
<summary>
Create, read, write, and delete network config files.
</summary>
@@ -105791,7 +105909,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_read_dhcpc_runtime_files" lineno="561">
+<interface name="sysnet_read_dhcpc_runtime_files" lineno="580">
<summary>
Read dhcp client runtime files.
</summary>
@@ -105801,7 +105919,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_delete_dhcpc_runtime_files" lineno="580">
+<interface name="sysnet_delete_dhcpc_runtime_files" lineno="599">
<summary>
Delete the dhcp client runtime files.
</summary>
@@ -105811,7 +105929,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_manage_dhcpc_runtime_files" lineno="598">
+<interface name="sysnet_manage_dhcpc_runtime_files" lineno="617">
<summary>
Create, read, write, and delete dhcp client runtime files.
</summary>
@@ -105821,7 +105939,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_domtrans_ifconfig" lineno="616">
+<interface name="sysnet_domtrans_ifconfig" lineno="635">
<summary>
Execute ifconfig in the ifconfig domain.
</summary>
@@ -105831,7 +105949,7 @@ Domain allowed to transition.
</summary>
</param>
</interface>
-<interface name="sysnet_run_ifconfig" lineno="643">
+<interface name="sysnet_run_ifconfig" lineno="662">
<summary>
Execute ifconfig in the ifconfig domain, and
allow the specified role the ifconfig domain,
@@ -105849,7 +105967,7 @@ Role allowed access.
</param>
<rolecap/>
</interface>
-<interface name="sysnet_exec_ifconfig" lineno="663">
+<interface name="sysnet_exec_ifconfig" lineno="682">
<summary>
Execute ifconfig in the caller domain.
</summary>
@@ -105859,7 +105977,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_signal_ifconfig" lineno="683">
+<interface name="sysnet_signal_ifconfig" lineno="702">
<summary>
Send a generic signal to ifconfig.
</summary>
@@ -105870,7 +105988,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="sysnet_signull_ifconfig" lineno="702">
+<interface name="sysnet_signull_ifconfig" lineno="721">
<summary>
Send null signals to ifconfig.
</summary>
@@ -105881,7 +105999,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="sysnet_create_netns_dirs" lineno="721">
+<interface name="sysnet_create_netns_dirs" lineno="740">
<summary>
Create the /run/netns directory with
an automatic type transition.
@@ -105892,7 +106010,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_netns_filetrans" lineno="755">
+<interface name="sysnet_netns_filetrans" lineno="774">
<summary>
Create an object in the /run/netns
directory with a private type.
@@ -105918,7 +106036,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="sysnet_read_dhcp_config" lineno="776">
+<interface name="sysnet_read_dhcp_config" lineno="795">
<summary>
Read the DHCP configuration files.
</summary>
@@ -105928,7 +106046,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_search_dhcp_state" lineno="796">
+<interface name="sysnet_search_dhcp_state" lineno="815">
<summary>
Search the DHCP state data directory.
</summary>
@@ -105938,7 +106056,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_dhcp_state_filetrans" lineno="840">
+<interface name="sysnet_dhcp_state_filetrans" lineno="859">
<summary>
Create DHCP state data.
</summary>
@@ -105973,7 +106091,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="sysnet_dns_name_resolve" lineno="860">
+<interface name="sysnet_dns_name_resolve" lineno="879">
<summary>
Perform a DNS name resolution.
</summary>
@@ -105984,7 +106102,7 @@ Domain allowed access.
</param>
<rolecap/>
</interface>
-<interface name="sysnet_use_ldap" lineno="911">
+<interface name="sysnet_use_ldap" lineno="930">
<summary>
Connect and use a LDAP server.
</summary>
@@ -105994,7 +106112,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_use_portmap" lineno="938">
+<interface name="sysnet_use_portmap" lineno="957">
<summary>
Connect and use remote port mappers.
</summary>
@@ -106004,7 +106122,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="sysnet_dhcpc_script_entry" lineno="972">
+<interface name="sysnet_dhcpc_script_entry" lineno="991">
<summary>
Make the specified program domain
accessable from the DHCP hooks/scripts.
@@ -106728,7 +106846,17 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_manage_userdb_runtime_sock_files" lineno="1415">
+<interface name="systemd_manage_userdb_runtime_symlinks" lineno="1415">
+<summary>
+Manage symbolic links under /run/systemd/userdb.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_manage_userdb_runtime_sock_files" lineno="1433">
<summary>
Manage socket files under /run/systemd/userdb .
</summary>
@@ -106738,7 +106866,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_stream_connect_userdb" lineno="1433">
+<interface name="systemd_stream_connect_userdb" lineno="1451">
<summary>
Connect to /run/systemd/userdb/io.systemd.DynamicUser .
</summary>
@@ -106748,7 +106876,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_read_machines" lineno="1455">
+<interface name="systemd_read_machines" lineno="1473">
<summary>
Allow reading /run/systemd/machines
</summary>
@@ -106758,7 +106886,7 @@ Domain that can access the machines files
</summary>
</param>
</interface>
-<interface name="systemd_watch_machines_dirs" lineno="1474">
+<interface name="systemd_watch_machines_dirs" lineno="1492">
<summary>
Allow watching /run/systemd/machines
</summary>
@@ -106768,7 +106896,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_connect_machined" lineno="1492">
+<interface name="systemd_connect_machined" lineno="1510">
<summary>
Allow connecting to /run/systemd/userdb/io.systemd.Machine socket
</summary>
@@ -106778,7 +106906,7 @@ Domain that can access the socket
</summary>
</param>
</interface>
-<interface name="systemd_dbus_chat_machined" lineno="1511">
+<interface name="systemd_dbus_chat_machined" lineno="1529">
<summary>
Send and receive messages from
systemd machined over dbus.
@@ -106789,7 +106917,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_dbus_chat_hostnamed" lineno="1532">
+<interface name="systemd_dbus_chat_hostnamed" lineno="1550">
<summary>
Send and receive messages from
systemd hostnamed over dbus.
@@ -106800,7 +106928,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_use_passwd_agent_fds" lineno="1552">
+<interface name="systemd_use_passwd_agent_fds" lineno="1570">
<summary>
allow systemd_passwd_agent to inherit fds
</summary>
@@ -106810,7 +106938,7 @@ Domain that owns the fds
</summary>
</param>
</interface>
-<interface name="systemd_run_passwd_agent" lineno="1575">
+<interface name="systemd_run_passwd_agent" lineno="1593">
<summary>
allow systemd_passwd_agent to be run by admin
</summary>
@@ -106825,7 +106953,7 @@ role that it runs in
</summary>
</param>
</interface>
-<interface name="systemd_use_passwd_agent" lineno="1596">
+<interface name="systemd_use_passwd_agent" lineno="1614">
<summary>
Allow a systemd_passwd_agent_t process to interact with a daemon
that needs a password from the sysadmin.
@@ -106836,7 +106964,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_filetrans_passwd_runtime_dirs" lineno="1620">
+<interface name="systemd_filetrans_passwd_runtime_dirs" lineno="1638">
<summary>
Transition to systemd_passwd_runtime_t when creating dirs
</summary>
@@ -106846,7 +106974,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_filetrans_userdb_runtime_dirs" lineno="1641">
+<interface name="systemd_filetrans_userdb_runtime_dirs" lineno="1659">
<summary>
Transition to systemd_userdbd_runtime_t when
creating the userdb directory inside an init runtime
@@ -106858,7 +106986,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_manage_passwd_runtime_symlinks" lineno="1659">
+<interface name="systemd_manage_passwd_runtime_symlinks" lineno="1677">
<summary>
Allow to domain to create systemd-passwd symlink
</summary>
@@ -106868,7 +106996,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_watch_passwd_runtime_dirs" lineno="1677">
+<interface name="systemd_watch_passwd_runtime_dirs" lineno="1695">
<summary>
Allow a domain to watch systemd-passwd runtime dirs.
</summary>
@@ -106878,7 +107006,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_list_journal_dirs" lineno="1695">
+<interface name="systemd_list_journal_dirs" lineno="1713">
<summary>
Allow domain to list the contents of systemd_journal_t dirs
</summary>
@@ -106888,7 +107016,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_read_journal_files" lineno="1713">
+<interface name="systemd_read_journal_files" lineno="1731">
<summary>
Allow domain to read systemd_journal_t files
</summary>
@@ -106898,7 +107026,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_manage_journal_files" lineno="1732">
+<interface name="systemd_manage_journal_files" lineno="1750">
<summary>
Allow domain to create/manage systemd_journal_t files
</summary>
@@ -106908,7 +107036,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_watch_journal_dirs" lineno="1752">
+<interface name="systemd_watch_journal_dirs" lineno="1770">
<summary>
Allow domain to add a watch on systemd_journal_t directories
</summary>
@@ -106918,7 +107046,17 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_relabelto_journal_dirs" lineno="1770">
+<interface name="systemd_relabelfrom_journal_files" lineno="1788">
+<summary>
+Relabel from systemd-journald file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_relabelto_journal_dirs" lineno="1806">
<summary>
Relabel to systemd-journald directory type.
</summary>
@@ -106928,7 +107066,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_relabelto_journal_files" lineno="1789">
+<interface name="systemd_relabelto_journal_files" lineno="1825">
<summary>
Relabel to systemd-journald file type.
</summary>
@@ -106938,7 +107076,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_read_networkd_units" lineno="1809">
+<interface name="systemd_read_networkd_units" lineno="1845">
<summary>
Allow domain to read systemd_networkd_t unit files
</summary>
@@ -106948,7 +107086,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_manage_networkd_units" lineno="1829">
+<interface name="systemd_manage_networkd_units" lineno="1865">
<summary>
Allow domain to create/manage systemd_networkd_t unit files
</summary>
@@ -106958,7 +107096,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_enabledisable_networkd" lineno="1849">
+<interface name="systemd_enabledisable_networkd" lineno="1885">
<summary>
Allow specified domain to enable systemd-networkd units
</summary>
@@ -106968,7 +107106,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_startstop_networkd" lineno="1868">
+<interface name="systemd_startstop_networkd" lineno="1904">
<summary>
Allow specified domain to start systemd-networkd units
</summary>
@@ -106978,7 +107116,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_dbus_chat_networkd" lineno="1888">
+<interface name="systemd_dbus_chat_networkd" lineno="1924">
<summary>
Send and receive messages from
systemd networkd over dbus.
@@ -106989,7 +107127,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_status_networkd" lineno="1908">
+<interface name="systemd_status_networkd" lineno="1944">
<summary>
Allow specified domain to get status of systemd-networkd
</summary>
@@ -106999,7 +107137,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_relabelfrom_networkd_tun_sockets" lineno="1927">
+<interface name="systemd_relabelfrom_networkd_tun_sockets" lineno="1963">
<summary>
Relabel systemd_networkd tun socket.
</summary>
@@ -107009,7 +107147,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_rw_networkd_netlink_route_sockets" lineno="1945">
+<interface name="systemd_rw_networkd_netlink_route_sockets" lineno="1981">
<summary>
Read/Write from systemd_networkd netlink route socket.
</summary>
@@ -107019,7 +107157,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_list_networkd_runtime" lineno="1963">
+<interface name="systemd_list_networkd_runtime" lineno="1999">
<summary>
Allow domain to list dirs under /run/systemd/netif
</summary>
@@ -107029,7 +107167,7 @@ domain permitted the access
</summary>
</param>
</interface>
-<interface name="systemd_watch_networkd_runtime_dirs" lineno="1982">
+<interface name="systemd_watch_networkd_runtime_dirs" lineno="2018">
<summary>
Watch directories under /run/systemd/netif
</summary>
@@ -107039,7 +107177,7 @@ Domain permitted the access
</summary>
</param>
</interface>
-<interface name="systemd_read_networkd_runtime" lineno="2001">
+<interface name="systemd_read_networkd_runtime" lineno="2037">
<summary>
Allow domain to read files generated by systemd_networkd
</summary>
@@ -107049,7 +107187,7 @@ domain allowed access
</summary>
</param>
</interface>
-<interface name="systemd_read_logind_state" lineno="2020">
+<interface name="systemd_read_logind_state" lineno="2056">
<summary>
Allow systemd_logind_t to read process state for cgroup file
</summary>
@@ -107059,7 +107197,7 @@ Domain systemd_logind_t may access.
</summary>
</param>
</interface>
-<interface name="systemd_create_logind_linger_dir" lineno="2041">
+<interface name="systemd_create_logind_linger_dir" lineno="2077">
<summary>
Allow the specified domain to create
the systemd-logind linger directory with
@@ -107071,7 +107209,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_start_user_manager_units" lineno="2061">
+<interface name="systemd_start_user_manager_units" lineno="2097">
<summary>
Allow the specified domain to start systemd
user manager units (systemd --user).
@@ -107082,7 +107220,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_stop_user_manager_units" lineno="2081">
+<interface name="systemd_stop_user_manager_units" lineno="2117">
<summary>
Allow the specified domain to stop systemd
user manager units (systemd --user).
@@ -107093,7 +107231,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_reload_user_manager_units" lineno="2101">
+<interface name="systemd_reload_user_manager_units" lineno="2137">
<summary>
Allow the specified domain to reload systemd
user manager units (systemd --user).
@@ -107104,7 +107242,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_get_user_manager_units_status" lineno="2121">
+<interface name="systemd_get_user_manager_units_status" lineno="2157">
<summary>
Get the status of systemd user manager
units (systemd --user).
@@ -107115,7 +107253,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_start_power_units" lineno="2140">
+<interface name="systemd_start_power_units" lineno="2176">
<summary>
Allow specified domain to start power units
</summary>
@@ -107125,7 +107263,7 @@ Domain to not audit.
</summary>
</param>
</interface>
-<interface name="systemd_status_power_units" lineno="2159">
+<interface name="systemd_status_power_units" lineno="2195">
<summary>
Get the system status information about power units
</summary>
@@ -107135,7 +107273,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_stream_connect_socket_proxyd" lineno="2178">
+<interface name="systemd_stream_connect_socket_proxyd" lineno="2214">
<summary>
Allows connections to the systemd-socket-proxyd's socket.
</summary>
@@ -107145,7 +107283,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_tmpfiles_conf_file" lineno="2197">
+<interface name="systemd_tmpfiles_conf_file" lineno="2233">
<summary>
Make the specified type usable for
systemd tmpfiles config files.
@@ -107156,7 +107294,7 @@ Type to be used for systemd tmpfiles config files.
</summary>
</param>
</interface>
-<interface name="systemd_tmpfiles_creator" lineno="2218">
+<interface name="systemd_tmpfiles_creator" lineno="2254">
<summary>
Allow the specified domain to create
the tmpfiles config directory with
@@ -107168,7 +107306,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_tmpfiles_conf_filetrans" lineno="2254">
+<interface name="systemd_tmpfiles_conf_filetrans" lineno="2290">
<summary>
Create an object in the systemd tmpfiles config
directory, with a private type
@@ -107195,7 +107333,7 @@ The name of the object being created.
</summary>
</param>
</interface>
-<interface name="systemd_list_tmpfiles_conf" lineno="2273">
+<interface name="systemd_list_tmpfiles_conf" lineno="2309">
<summary>
Allow domain to list systemd tmpfiles config directory
</summary>
@@ -107205,7 +107343,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_relabelto_tmpfiles_conf_dirs" lineno="2291">
+<interface name="systemd_relabelto_tmpfiles_conf_dirs" lineno="2327">
<summary>
Allow domain to relabel to systemd tmpfiles config directory
</summary>
@@ -107215,7 +107353,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_relabelto_tmpfiles_conf_files" lineno="2309">
+<interface name="systemd_relabelto_tmpfiles_conf_files" lineno="2345">
<summary>
Allow domain to relabel to systemd tmpfiles config files
</summary>
@@ -107225,7 +107363,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_tmpfilesd_managed" lineno="2327">
+<interface name="systemd_tmpfilesd_managed" lineno="2363">
<summary>
Allow systemd_tmpfiles_t to manage filesystem objects
</summary>
@@ -107235,7 +107373,7 @@ Type of object to manage
</summary>
</param>
</interface>
-<interface name="systemd_stream_connect_resolved" lineno="2354">
+<interface name="systemd_stream_connect_resolved" lineno="2390">
<summary>
Connect to systemd resolved over
/run/systemd/resolve/io.systemd.Resolve .
@@ -107246,7 +107384,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_dbus_chat_resolved" lineno="2375">
+<interface name="systemd_dbus_chat_resolved" lineno="2411">
<summary>
Send and receive messages from
systemd resolved over dbus.
@@ -107257,7 +107395,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_read_resolved_runtime" lineno="2395">
+<interface name="systemd_read_resolved_runtime" lineno="2431">
<summary>
Allow domain to read resolv.conf file generated by systemd_resolved
</summary>
@@ -107267,7 +107405,7 @@ domain allowed access
</summary>
</param>
</interface>
-<interface name="systemd_exec_systemctl" lineno="2417">
+<interface name="systemd_exec_systemctl" lineno="2453">
<summary>
Execute the systemctl program.
</summary>
@@ -107277,7 +107415,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_getattr_updated_runtime" lineno="2448">
+<interface name="systemd_getattr_updated_runtime" lineno="2484">
<summary>
Allow domain to getattr on .updated file (generated by systemd-update-done
</summary>
@@ -107287,7 +107425,7 @@ domain allowed access
</summary>
</param>
</interface>
-<interface name="systemd_search_all_user_keys" lineno="2466">
+<interface name="systemd_search_all_user_keys" lineno="2502">
<summary>
Search keys for the all systemd --user domains.
</summary>
@@ -107297,7 +107435,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_create_all_user_keys" lineno="2484">
+<interface name="systemd_create_all_user_keys" lineno="2520">
<summary>
Create keys for the all systemd --user domains.
</summary>
@@ -107307,7 +107445,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_write_all_user_keys" lineno="2502">
+<interface name="systemd_write_all_user_keys" lineno="2538">
<summary>
Write keys for the all systemd --user domains.
</summary>
@@ -107317,7 +107455,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_domtrans_sysusers" lineno="2521">
+<interface name="systemd_domtrans_sysusers" lineno="2557">
<summary>
Execute systemd-sysusers in the
systemd sysusers domain.
@@ -107328,7 +107466,7 @@ Domain allowed access.
</summary>
</param>
</interface>
-<interface name="systemd_run_sysusers" lineno="2546">
+<interface name="systemd_run_sysusers" lineno="2582">
<summary>
Run systemd-sysusers with a domain transition.
</summary>
@@ -107344,7 +107482,7 @@ Role allowed access.
</param>
<rolecap/>
</interface>
-<interface name="systemd_use_inherited_machined_ptys" lineno="2566">
+<interface name="systemd_use_inherited_machined_ptys" lineno="2602">
<summary>
receive and use a systemd_machined_devpts_t file handle
</summary>
next reply other threads:[~2023-03-31 23:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-31 23:07 Kenton Groombridge [this message]
-- strict thread matches above, loose matches on Subject: below --
2023-10-20 22:05 [gentoo-commits] proj/hardened-refpolicy:master commit in: doc/ Kenton Groombridge
2022-03-31 3:31 Jason Zaman
2014-08-10 13:59 Sven Vermeulen
2013-04-19 18:01 Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1680286082.062f39e5dcb952b95a2f1272960b2379f5a41069.concord@gentoo \
--to=concord@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox