From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1502955-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 986BF15802F
	for <garchives@archives.gentoo.org>; Fri, 31 Mar 2023 23:07:24 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 391D6E08ED;
	Fri, 31 Mar 2023 23:07:17 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id DC46EE08ED
	for <gentoo-commits@lists.gentoo.org>; Fri, 31 Mar 2023 23:07:16 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 73984340FCC
	for <gentoo-commits@lists.gentoo.org>; Fri, 31 Mar 2023 23:07:15 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 4EB53A2F
	for <gentoo-commits@lists.gentoo.org>; Fri, 31 Mar 2023 23:07:12 +0000 (UTC)
From: "Kenton Groombridge" <concord@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Kenton Groombridge" <concord@gentoo.org>
Message-ID: <1680286082.062f39e5dcb952b95a2f1272960b2379f5a41069.concord@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:master commit in: doc/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: doc/policy.xml
X-VCS-Directories: doc/
X-VCS-Committer: concord
X-VCS-Committer-Name: Kenton Groombridge
X-VCS-Revision: 062f39e5dcb952b95a2f1272960b2379f5a41069
X-VCS-Branch: master
Date: Fri, 31 Mar 2023 23:07:12 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 6199e9bf-00d0-4d73-85ec-40ff576f94c8
X-Archives-Hash: fac482737f51cb96ee8206702eb1bee6

commit:     062f39e5dcb952b95a2f1272960b2379f5a41069
Author:     Kenton Groombridge <concord <AT> gentoo <DOT> org>
AuthorDate: Fri Mar 31 18:07:26 2023 +0000
Commit:     Kenton Groombridge <concord <AT> gentoo <DOT> org>
CommitDate: Fri Mar 31 18:08:02 2023 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=062f39e5

Update generated policy and doc files

Signed-off-by: Kenton Groombridge <concord <AT> gentoo.org>

 doc/policy.xml | 1750 ++++++++++++++++++++++++++++++--------------------------
 1 file changed, 944 insertions(+), 806 deletions(-)

diff --git a/doc/policy.xml b/doc/policy.xml
index ed1c8ef5d..ec78d3383 100644
--- a/doc/policy.xml
+++ b/doc/policy.xml
@@ -2455,7 +2455,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="portage_dontaudit_search_tmp" lineno="338">
+<interface name="portage_dontaudit_use_inherited_ptys" lineno="337">
+<summary>
+Do not audit attempts to read and write inherited portage ptys.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="portage_dontaudit_search_tmp" lineno="356">
 <summary>
 Do not audit attempts to search the
 portage temporary directories.
@@ -2466,7 +2476,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="portage_dontaudit_rw_tmp_files" lineno="357">
+<interface name="portage_dontaudit_rw_tmp_files" lineno="375">
 <summary>
 Do not audit attempts to read and write
 the portage temporary files.
@@ -2477,7 +2487,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="portage_eselect_module" lineno="382">
+<interface name="portage_eselect_module" lineno="400">
 <summary>
 Allow the domain to run within an eselect module script.
 </summary>
@@ -2487,7 +2497,7 @@ Domain to allow within an eselect module
 </summary>
 </param>
 </interface>
-<interface name="portage_ro_role" lineno="405">
+<interface name="portage_ro_role" lineno="423">
 <summary>
 Read all portage files
 </summary>
@@ -2502,7 +2512,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="portage_read_db" lineno="425">
+<interface name="portage_read_db" lineno="443">
 <summary>
 Read portage db files
 </summary>
@@ -2512,7 +2522,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="portage_read_cache" lineno="445">
+<interface name="portage_read_cache" lineno="463">
 <summary>
 Read portage cache files
 </summary>
@@ -2522,7 +2532,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="portage_read_config" lineno="466">
+<interface name="portage_read_config" lineno="484">
 <summary>
 Read portage configuration files
 </summary>
@@ -2532,7 +2542,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="portage_read_ebuild" lineno="488">
+<interface name="portage_read_ebuild" lineno="506">
 <summary>
 Read portage ebuild files
 </summary>
@@ -2542,7 +2552,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="portage_read_log" lineno="510">
+<interface name="portage_read_log" lineno="528">
 <summary>
 Read portage log files
 </summary>
@@ -2552,7 +2562,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="portage_read_srcrepo" lineno="529">
+<interface name="portage_read_srcrepo" lineno="547">
 <summary>
 Read portage src repository files
 </summary>
@@ -2562,7 +2572,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="portage_dontaudit_write_cache" lineno="551">
+<interface name="portage_dontaudit_write_cache" lineno="569">
 <summary>
 Do not audit writing portage cache files
 </summary>
@@ -61051,7 +61061,18 @@ Domain not to audit.
 </param>
 
 </interface>
-<interface name="files_mounton_all_mountpoints" lineno="1726">
+<interface name="files_relabel_config_symlinks" lineno="1727">
+<summary>
+Relabel configuration symlinks.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+
+</interface>
+<interface name="files_mounton_all_mountpoints" lineno="1745">
 <summary>
 Mount a filesystem on all mount points.
 </summary>
@@ -61061,7 +61082,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_all_mountpoints" lineno="1747">
+<interface name="files_getattr_all_mountpoints" lineno="1766">
 <summary>
 Get the attributes of all mount points.
 </summary>
@@ -61071,7 +61092,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_all_mountpoints" lineno="1765">
+<interface name="files_setattr_all_mountpoints" lineno="1784">
 <summary>
 Set the attributes of all mount points.
 </summary>
@@ -61081,7 +61102,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_setattr_all_mountpoints" lineno="1783">
+<interface name="files_dontaudit_setattr_all_mountpoints" lineno="1802">
 <summary>
 Do not audit attempts to set the attributes on all mount points.
 </summary>
@@ -61091,7 +61112,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_search_all_mountpoints" lineno="1801">
+<interface name="files_search_all_mountpoints" lineno="1820">
 <summary>
 Search all mount points.
 </summary>
@@ -61101,7 +61122,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_all_mountpoints" lineno="1819">
+<interface name="files_dontaudit_search_all_mountpoints" lineno="1838">
 <summary>
 Do not audit searching of all mount points.
 </summary>
@@ -61111,7 +61132,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_all_mountpoints" lineno="1837">
+<interface name="files_list_all_mountpoints" lineno="1856">
 <summary>
 List all mount points.
 </summary>
@@ -61121,7 +61142,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_all_mountpoints" lineno="1855">
+<interface name="files_dontaudit_list_all_mountpoints" lineno="1874">
 <summary>
 Do not audit listing of all mount points.
 </summary>
@@ -61131,7 +61152,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_watch_all_mountpoints" lineno="1873">
+<interface name="files_watch_all_mountpoints" lineno="1892">
 <summary>
 Watch all mountpoints.
 </summary>
@@ -61141,7 +61162,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_watch_all_mount_perm" lineno="1891">
+<interface name="files_watch_all_mount_perm" lineno="1910">
 <summary>
 Watch all mountpoints.
 </summary>
@@ -61151,7 +61172,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_write_all_mountpoints" lineno="1909">
+<interface name="files_write_all_mountpoints" lineno="1928">
 <summary>
 Check if all mountpoints are writable.
 </summary>
@@ -61161,7 +61182,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_all_mountpoints" lineno="1927">
+<interface name="files_dontaudit_write_all_mountpoints" lineno="1946">
 <summary>
 Do not audit attempts to write to mount points.
 </summary>
@@ -61171,7 +61192,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_root" lineno="1945">
+<interface name="files_list_root" lineno="1964">
 <summary>
 List the contents of the root directory.
 </summary>
@@ -61181,7 +61202,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_root_symlinks" lineno="1965">
+<interface name="files_delete_root_symlinks" lineno="1984">
 <summary>
 Delete symbolic links in the
 root directory.
@@ -61192,7 +61213,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_root_dirs" lineno="1983">
+<interface name="files_dontaudit_write_root_dirs" lineno="2002">
 <summary>
 Do not audit attempts to write to / dirs.
 </summary>
@@ -61202,7 +61223,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_rw_root_dir" lineno="2002">
+<interface name="files_dontaudit_rw_root_dir" lineno="2021">
 <summary>
 Do not audit attempts to write
 files in the root directory.
@@ -61213,7 +61234,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_watch_root_dirs" lineno="2020">
+<interface name="files_watch_root_dirs" lineno="2039">
 <summary>
 Watch the root directory.
 </summary>
@@ -61223,7 +61244,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_root_filetrans" lineno="2054">
+<interface name="files_root_filetrans" lineno="2073">
 <summary>
 Create an object in the root directory, with a private
 type using a type transition.
@@ -61249,7 +61270,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_read_root_files" lineno="2073">
+<interface name="files_dontaudit_read_root_files" lineno="2092">
 <summary>
 Do not audit attempts to read files in
 the root directory.
@@ -61260,7 +61281,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_rw_root_files" lineno="2092">
+<interface name="files_dontaudit_rw_root_files" lineno="2111">
 <summary>
 Do not audit attempts to read or write
 files in the root directory.
@@ -61271,7 +61292,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_rw_root_chr_files" lineno="2111">
+<interface name="files_dontaudit_rw_root_chr_files" lineno="2130">
 <summary>
 Do not audit attempts to read or write
 character device nodes in the root directory.
@@ -61282,7 +61303,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_root_chr_files" lineno="2130">
+<interface name="files_delete_root_chr_files" lineno="2149">
 <summary>
 Delete character device nodes in
 the root directory.
@@ -61293,7 +61314,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_root_files" lineno="2148">
+<interface name="files_delete_root_files" lineno="2167">
 <summary>
 Delete files in the root directory.
 </summary>
@@ -61303,7 +61324,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_exec_root_files" lineno="2166">
+<interface name="files_exec_root_files" lineno="2185">
 <summary>
 Execute files in the root directory.
 </summary>
@@ -61313,7 +61334,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_root_dir_entry" lineno="2184">
+<interface name="files_delete_root_dir_entry" lineno="2203">
 <summary>
 Remove entries from the root directory.
 </summary>
@@ -61323,7 +61344,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_root_dir" lineno="2202">
+<interface name="files_manage_root_dir" lineno="2221">
 <summary>
 Manage the root directory.
 </summary>
@@ -61333,7 +61354,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_rootfs" lineno="2221">
+<interface name="files_getattr_rootfs" lineno="2240">
 <summary>
 Get the attributes of a rootfs
 file system.
@@ -61344,7 +61365,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_associate_rootfs" lineno="2239">
+<interface name="files_associate_rootfs" lineno="2258">
 <summary>
 Associate to root file system.
 </summary>
@@ -61354,7 +61375,7 @@ Type of the file to associate.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_rootfs" lineno="2257">
+<interface name="files_relabel_rootfs" lineno="2276">
 <summary>
 Relabel to and from rootfs file system.
 </summary>
@@ -61364,7 +61385,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_unmount_rootfs" lineno="2275">
+<interface name="files_unmount_rootfs" lineno="2294">
 <summary>
 Unmount a rootfs filesystem.
 </summary>
@@ -61374,7 +61395,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mounton_root" lineno="2293">
+<interface name="files_mounton_root" lineno="2312">
 <summary>
 Mount on the root directory (/)
 </summary>
@@ -61384,7 +61405,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_boot_fs" lineno="2312">
+<interface name="files_getattr_boot_fs" lineno="2331">
 <summary>
 Get the attributes of a filesystem
 mounted on /boot.
@@ -61395,7 +61416,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_remount_boot" lineno="2330">
+<interface name="files_remount_boot" lineno="2349">
 <summary>
 Remount a filesystem mounted on /boot.
 </summary>
@@ -61405,7 +61426,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_boot_dirs" lineno="2348">
+<interface name="files_getattr_boot_dirs" lineno="2367">
 <summary>
 Get attributes of the /boot directory.
 </summary>
@@ -61415,7 +61436,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_boot_dirs" lineno="2367">
+<interface name="files_dontaudit_getattr_boot_dirs" lineno="2386">
 <summary>
 Do not audit attempts to get attributes
 of the /boot directory.
@@ -61426,7 +61447,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_search_boot" lineno="2385">
+<interface name="files_search_boot" lineno="2404">
 <summary>
 Search the /boot directory.
 </summary>
@@ -61436,7 +61457,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_boot" lineno="2403">
+<interface name="files_dontaudit_search_boot" lineno="2422">
 <summary>
 Do not audit attempts to search the /boot directory.
 </summary>
@@ -61446,7 +61467,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_boot" lineno="2421">
+<interface name="files_list_boot" lineno="2440">
 <summary>
 List the /boot directory.
 </summary>
@@ -61456,7 +61477,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_boot" lineno="2439">
+<interface name="files_dontaudit_list_boot" lineno="2458">
 <summary>
 Do not audit attempts to list the /boot directory.
 </summary>
@@ -61466,7 +61487,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_create_boot_dirs" lineno="2457">
+<interface name="files_create_boot_dirs" lineno="2476">
 <summary>
 Create directories in /boot
 </summary>
@@ -61476,7 +61497,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_boot_dirs" lineno="2476">
+<interface name="files_manage_boot_dirs" lineno="2495">
 <summary>
 Create, read, write, and delete
 directories in /boot.
@@ -61487,7 +61508,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_boot_filetrans" lineno="2510">
+<interface name="files_boot_filetrans" lineno="2529">
 <summary>
 Create a private type object in boot
 with an automatic type transition
@@ -61513,7 +61534,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_read_boot_files" lineno="2529">
+<interface name="files_read_boot_files" lineno="2548">
 <summary>
 read files in the /boot directory.
 </summary>
@@ -61524,7 +61545,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_boot_files" lineno="2549">
+<interface name="files_manage_boot_files" lineno="2568">
 <summary>
 Create, read, write, and delete files
 in the /boot directory.
@@ -61536,7 +61557,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_relabelfrom_boot_files" lineno="2567">
+<interface name="files_relabelfrom_boot_files" lineno="2586">
 <summary>
 Relabel from files in the /boot directory.
 </summary>
@@ -61546,7 +61567,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_boot_symlinks" lineno="2585">
+<interface name="files_read_boot_symlinks" lineno="2604">
 <summary>
 Read symbolic links in the /boot directory.
 </summary>
@@ -61556,7 +61577,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_boot_symlinks" lineno="2604">
+<interface name="files_rw_boot_symlinks" lineno="2623">
 <summary>
 Read and write symbolic links
 in the /boot directory.
@@ -61567,7 +61588,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_boot_symlinks" lineno="2624">
+<interface name="files_manage_boot_symlinks" lineno="2643">
 <summary>
 Create, read, write, and delete symbolic links
 in the /boot directory.
@@ -61578,7 +61599,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_kernel_img" lineno="2642">
+<interface name="files_read_kernel_img" lineno="2661">
 <summary>
 Read kernel files in the /boot directory.
 </summary>
@@ -61588,7 +61609,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_create_kernel_img" lineno="2663">
+<interface name="files_create_kernel_img" lineno="2682">
 <summary>
 Install a kernel into the /boot directory.
 </summary>
@@ -61599,7 +61620,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_delete_kernel" lineno="2683">
+<interface name="files_delete_kernel" lineno="2702">
 <summary>
 Delete a kernel from /boot.
 </summary>
@@ -61610,7 +61631,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_getattr_default_dirs" lineno="2701">
+<interface name="files_getattr_default_dirs" lineno="2720">
 <summary>
 Getattr of directories with the default file type.
 </summary>
@@ -61620,7 +61641,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_default_dirs" lineno="2720">
+<interface name="files_dontaudit_getattr_default_dirs" lineno="2739">
 <summary>
 Do not audit attempts to get the attributes of
 directories with the default file type.
@@ -61631,7 +61652,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_search_default" lineno="2738">
+<interface name="files_search_default" lineno="2757">
 <summary>
 Search the contents of directories with the default file type.
 </summary>
@@ -61641,7 +61662,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_default" lineno="2756">
+<interface name="files_list_default" lineno="2775">
 <summary>
 List contents of directories with the default file type.
 </summary>
@@ -61651,7 +61672,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_default" lineno="2775">
+<interface name="files_dontaudit_list_default" lineno="2794">
 <summary>
 Do not audit attempts to list contents of
 directories with the default file type.
@@ -61662,7 +61683,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_default_dirs" lineno="2794">
+<interface name="files_manage_default_dirs" lineno="2813">
 <summary>
 Create, read, write, and delete directories with
 the default file type.
@@ -61673,7 +61694,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mounton_default" lineno="2812">
+<interface name="files_mounton_default" lineno="2831">
 <summary>
 Mount a filesystem on a directory with the default file type.
 </summary>
@@ -61683,7 +61704,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_default_files" lineno="2831">
+<interface name="files_dontaudit_getattr_default_files" lineno="2850">
 <summary>
 Do not audit attempts to get the attributes of
 files with the default file type.
@@ -61694,7 +61715,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_read_default_files" lineno="2849">
+<interface name="files_read_default_files" lineno="2868">
 <summary>
 Read files with the default file type.
 </summary>
@@ -61704,7 +61725,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_read_default_files" lineno="2868">
+<interface name="files_dontaudit_read_default_files" lineno="2887">
 <summary>
 Do not audit attempts to read files
 with the default file type.
@@ -61715,7 +61736,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_default_files" lineno="2887">
+<interface name="files_manage_default_files" lineno="2906">
 <summary>
 Create, read, write, and delete files with
 the default file type.
@@ -61726,7 +61747,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_default_symlinks" lineno="2905">
+<interface name="files_read_default_symlinks" lineno="2924">
 <summary>
 Read symbolic links with the default file type.
 </summary>
@@ -61736,7 +61757,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_default_sockets" lineno="2923">
+<interface name="files_read_default_sockets" lineno="2942">
 <summary>
 Read sockets with the default file type.
 </summary>
@@ -61746,7 +61767,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_default_pipes" lineno="2941">
+<interface name="files_read_default_pipes" lineno="2960">
 <summary>
 Read named pipes with the default file type.
 </summary>
@@ -61756,7 +61777,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_etc" lineno="2959">
+<interface name="files_search_etc" lineno="2978">
 <summary>
 Search the contents of /etc directories.
 </summary>
@@ -61766,7 +61787,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_etc_dirs" lineno="2977">
+<interface name="files_setattr_etc_dirs" lineno="2996">
 <summary>
 Set the attributes of the /etc directories.
 </summary>
@@ -61776,7 +61797,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_etc" lineno="2995">
+<interface name="files_list_etc" lineno="3014">
 <summary>
 List the contents of /etc directories.
 </summary>
@@ -61786,7 +61807,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_etc_dirs" lineno="3013">
+<interface name="files_dontaudit_write_etc_dirs" lineno="3032">
 <summary>
 Do not audit attempts to write to /etc dirs.
 </summary>
@@ -61796,7 +61817,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_etc_dirs" lineno="3031">
+<interface name="files_rw_etc_dirs" lineno="3050">
 <summary>
 Add and remove entries from /etc directories.
 </summary>
@@ -61806,7 +61827,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_etc_dirs" lineno="3050">
+<interface name="files_manage_etc_dirs" lineno="3069">
 <summary>
 Manage generic directories in /etc
 </summary>
@@ -61817,7 +61838,7 @@ Domain allowed access
 </param>
 
 </interface>
-<interface name="files_relabelto_etc_dirs" lineno="3068">
+<interface name="files_relabelto_etc_dirs" lineno="3087">
 <summary>
 Relabel directories to etc_t.
 </summary>
@@ -61827,7 +61848,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mounton_etc_dirs" lineno="3087">
+<interface name="files_mounton_etc_dirs" lineno="3106">
 <summary>
 Mount a filesystem on the
 etc directories.
@@ -61838,7 +61859,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_remount_etc" lineno="3105">
+<interface name="files_remount_etc" lineno="3124">
 <summary>
 Remount etc filesystems.
 </summary>
@@ -61848,7 +61869,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_watch_etc_dirs" lineno="3123">
+<interface name="files_watch_etc_dirs" lineno="3142">
 <summary>
 Watch /etc directories
 </summary>
@@ -61858,7 +61879,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_etc_files" lineno="3175">
+<interface name="files_read_etc_files" lineno="3194">
 <summary>
 Read generic files in /etc.
 </summary>
@@ -61902,7 +61923,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="files_map_etc_files" lineno="3207">
+<interface name="files_map_etc_files" lineno="3226">
 <summary>
 Map generic files in /etc.
 </summary>
@@ -61924,7 +61945,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="files_dontaudit_write_etc_files" lineno="3225">
+<interface name="files_dontaudit_write_etc_files" lineno="3244">
 <summary>
 Do not audit attempts to write generic files in /etc.
 </summary>
@@ -61934,7 +61955,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_etc_files" lineno="3244">
+<interface name="files_rw_etc_files" lineno="3263">
 <summary>
 Read and write generic files in /etc.
 </summary>
@@ -61945,7 +61966,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_etc_files" lineno="3266">
+<interface name="files_manage_etc_files" lineno="3285">
 <summary>
 Create, read, write, and delete generic
 files in /etc.
@@ -61957,7 +61978,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_dontaudit_manage_etc_files" lineno="3287">
+<interface name="files_dontaudit_manage_etc_files" lineno="3306">
 <summary>
 Do not audit attempts to create, read, write,
 and delete generic files in /etc.
@@ -61969,7 +61990,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_delete_etc_files" lineno="3305">
+<interface name="files_delete_etc_files" lineno="3324">
 <summary>
 Delete system configuration files in /etc.
 </summary>
@@ -61979,7 +62000,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_exec_etc_files" lineno="3323">
+<interface name="files_exec_etc_files" lineno="3342">
 <summary>
 Execute generic files in /etc.
 </summary>
@@ -61989,7 +62010,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_watch_etc_files" lineno="3343">
+<interface name="files_watch_etc_files" lineno="3362">
 <summary>
 Watch /etc files.
 </summary>
@@ -61999,7 +62020,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_get_etc_unit_status" lineno="3361">
+<interface name="files_get_etc_unit_status" lineno="3380">
 <summary>
 Get etc_t service status.
 </summary>
@@ -62009,7 +62030,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_start_etc_service" lineno="3380">
+<interface name="files_start_etc_service" lineno="3399">
 <summary>
 start etc_t service
 </summary>
@@ -62019,7 +62040,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_stop_etc_service" lineno="3399">
+<interface name="files_stop_etc_service" lineno="3418">
 <summary>
 stop etc_t service
 </summary>
@@ -62029,7 +62050,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_etc_files" lineno="3418">
+<interface name="files_relabel_etc_files" lineno="3437">
 <summary>
 Relabel from and to generic files in /etc.
 </summary>
@@ -62039,7 +62060,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_etc_symlinks" lineno="3437">
+<interface name="files_read_etc_symlinks" lineno="3456">
 <summary>
 Read symbolic links in /etc.
 </summary>
@@ -62049,7 +62070,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_watch_etc_symlinks" lineno="3455">
+<interface name="files_watch_etc_symlinks" lineno="3474">
 <summary>
 Watch /etc symlinks
 </summary>
@@ -62059,7 +62080,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_etc_symlinks" lineno="3473">
+<interface name="files_manage_etc_symlinks" lineno="3492">
 <summary>
 Create, read, write, and delete symbolic links in /etc.
 </summary>
@@ -62069,7 +62090,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_etc_filetrans" lineno="3507">
+<interface name="files_etc_filetrans" lineno="3526">
 <summary>
 Create objects in /etc with a private
 type using a type_transition.
@@ -62095,7 +62116,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_create_boot_flag" lineno="3537">
+<interface name="files_create_boot_flag" lineno="3556">
 <summary>
 Create a boot flag.
 </summary>
@@ -62117,7 +62138,7 @@ The name of the object being created.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_delete_boot_flag" lineno="3563">
+<interface name="files_delete_boot_flag" lineno="3582">
 <summary>
 Delete a boot flag.
 </summary>
@@ -62134,7 +62155,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_getattr_etc_runtime_dirs" lineno="3582">
+<interface name="files_getattr_etc_runtime_dirs" lineno="3601">
 <summary>
 Get the attributes of the
 etc_runtime directories.
@@ -62145,7 +62166,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mounton_etc_runtime_dirs" lineno="3601">
+<interface name="files_mounton_etc_runtime_dirs" lineno="3620">
 <summary>
 Mount a filesystem on the
 etc_runtime directories.
@@ -62156,7 +62177,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabelto_etc_runtime_dirs" lineno="3619">
+<interface name="files_relabelto_etc_runtime_dirs" lineno="3638">
 <summary>
 Relabel to etc_runtime_t dirs.
 </summary>
@@ -62166,7 +62187,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="3637">
+<interface name="files_dontaudit_setattr_etc_runtime_files" lineno="3656">
 <summary>
 Do not audit attempts to set the attributes of the etc_runtime files
 </summary>
@@ -62176,7 +62197,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_read_etc_runtime_files" lineno="3675">
+<interface name="files_read_etc_runtime_files" lineno="3694">
 <summary>
 Read files in /etc that are dynamically
 created on boot, such as mtab.
@@ -62206,7 +62227,7 @@ Domain allowed access.
 <infoflow type="read" weight="10" />
 <rolecap/>
 </interface>
-<interface name="files_dontaudit_read_etc_runtime_files" lineno="3697">
+<interface name="files_dontaudit_read_etc_runtime_files" lineno="3716">
 <summary>
 Do not audit attempts to read files
 in /etc that are dynamically
@@ -62218,7 +62239,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_read_etc_files" lineno="3716">
+<interface name="files_dontaudit_read_etc_files" lineno="3735">
 <summary>
 Do not audit attempts to read files
 in /etc
@@ -62229,7 +62250,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_etc_runtime_files" lineno="3735">
+<interface name="files_dontaudit_write_etc_runtime_files" lineno="3754">
 <summary>
 Do not audit attempts to write
 etc runtime files.
@@ -62240,7 +62261,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_etc_runtime_files" lineno="3755">
+<interface name="files_rw_etc_runtime_files" lineno="3774">
 <summary>
 Read and write files in /etc that are dynamically
 created on boot, such as mtab.
@@ -62252,7 +62273,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_etc_runtime_files" lineno="3777">
+<interface name="files_manage_etc_runtime_files" lineno="3796">
 <summary>
 Create, read, write, and delete files in
 /etc that are dynamically created on boot,
@@ -62265,7 +62286,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_relabelto_etc_runtime_files" lineno="3795">
+<interface name="files_relabelto_etc_runtime_files" lineno="3814">
 <summary>
 Relabel to etc_runtime_t files.
 </summary>
@@ -62275,7 +62296,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_etc_filetrans_etc_runtime" lineno="3824">
+<interface name="files_etc_filetrans_etc_runtime" lineno="3843">
 <summary>
 Create, etc runtime objects with an automatic
 type transition.
@@ -62296,7 +62317,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_home_dir" lineno="3843">
+<interface name="files_getattr_home_dir" lineno="3862">
 <summary>
 Get the attributes of the home directories root
 (/home).
@@ -62307,7 +62328,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_home_dir" lineno="3864">
+<interface name="files_dontaudit_getattr_home_dir" lineno="3883">
 <summary>
 Do not audit attempts to get the
 attributes of the home directories root
@@ -62319,7 +62340,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_search_home" lineno="3883">
+<interface name="files_search_home" lineno="3902">
 <summary>
 Search home directories root (/home).
 </summary>
@@ -62329,7 +62350,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_home" lineno="3903">
+<interface name="files_dontaudit_search_home" lineno="3922">
 <summary>
 Do not audit attempts to search
 home directories root (/home).
@@ -62340,7 +62361,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_home" lineno="3923">
+<interface name="files_dontaudit_list_home" lineno="3942">
 <summary>
 Do not audit attempts to list
 home directories root (/home).
@@ -62351,7 +62372,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_home" lineno="3942">
+<interface name="files_list_home" lineno="3961">
 <summary>
 Get listing of home directories.
 </summary>
@@ -62361,7 +62382,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabelto_home" lineno="3961">
+<interface name="files_relabelto_home" lineno="3980">
 <summary>
 Relabel to user home root (/home).
 </summary>
@@ -62371,7 +62392,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabelfrom_home" lineno="3979">
+<interface name="files_relabelfrom_home" lineno="3998">
 <summary>
 Relabel from user home root (/home).
 </summary>
@@ -62381,7 +62402,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_watch_home" lineno="3997">
+<interface name="files_watch_home" lineno="4016">
 <summary>
 Watch the user home root (/home).
 </summary>
@@ -62391,7 +62412,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_home_filetrans" lineno="4030">
+<interface name="files_home_filetrans" lineno="4049">
 <summary>
 Create objects in /home.
 </summary>
@@ -62416,7 +62437,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_lost_found_dirs" lineno="4048">
+<interface name="files_getattr_lost_found_dirs" lineno="4067">
 <summary>
 Get the attributes of lost+found directories.
 </summary>
@@ -62426,7 +62447,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="4067">
+<interface name="files_dontaudit_getattr_lost_found_dirs" lineno="4086">
 <summary>
 Do not audit attempts to get the attributes of
 lost+found directories.
@@ -62437,7 +62458,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_lost_found" lineno="4085">
+<interface name="files_list_lost_found" lineno="4104">
 <summary>
 List the contents of lost+found directories.
 </summary>
@@ -62447,7 +62468,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_lost_found" lineno="4105">
+<interface name="files_manage_lost_found" lineno="4124">
 <summary>
 Create, read, write, and delete objects in
 lost+found directories.
@@ -62459,7 +62480,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_search_mnt" lineno="4127">
+<interface name="files_search_mnt" lineno="4146">
 <summary>
 Search the contents of /mnt.
 </summary>
@@ -62469,7 +62490,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_mnt" lineno="4145">
+<interface name="files_dontaudit_search_mnt" lineno="4164">
 <summary>
 Do not audit attempts to search /mnt.
 </summary>
@@ -62479,7 +62500,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_mnt" lineno="4163">
+<interface name="files_list_mnt" lineno="4182">
 <summary>
 List the contents of /mnt.
 </summary>
@@ -62489,7 +62510,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_mnt" lineno="4181">
+<interface name="files_dontaudit_list_mnt" lineno="4200">
 <summary>
 Do not audit attempts to list the contents of /mnt.
 </summary>
@@ -62499,7 +62520,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mounton_mnt" lineno="4199">
+<interface name="files_mounton_mnt" lineno="4218">
 <summary>
 Mount a filesystem on /mnt.
 </summary>
@@ -62509,7 +62530,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_mnt_dirs" lineno="4218">
+<interface name="files_manage_mnt_dirs" lineno="4237">
 <summary>
 Create, read, write, and delete directories in /mnt.
 </summary>
@@ -62520,7 +62541,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_mnt_files" lineno="4236">
+<interface name="files_manage_mnt_files" lineno="4255">
 <summary>
 Create, read, write, and delete files in /mnt.
 </summary>
@@ -62530,7 +62551,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_mnt_files" lineno="4254">
+<interface name="files_read_mnt_files" lineno="4273">
 <summary>
 read files in /mnt.
 </summary>
@@ -62540,7 +62561,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_mnt_symlinks" lineno="4272">
+<interface name="files_read_mnt_symlinks" lineno="4291">
 <summary>
 Read symbolic links in /mnt.
 </summary>
@@ -62550,7 +62571,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_mnt_symlinks" lineno="4290">
+<interface name="files_manage_mnt_symlinks" lineno="4309">
 <summary>
 Create, read, write, and delete symbolic links in /mnt.
 </summary>
@@ -62560,7 +62581,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_kernel_modules" lineno="4308">
+<interface name="files_search_kernel_modules" lineno="4327">
 <summary>
 Search the contents of the kernel module directories.
 </summary>
@@ -62570,7 +62591,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_kernel_modules" lineno="4327">
+<interface name="files_list_kernel_modules" lineno="4346">
 <summary>
 List the contents of the kernel module directories.
 </summary>
@@ -62580,7 +62601,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_kernel_modules" lineno="4346">
+<interface name="files_getattr_kernel_modules" lineno="4365">
 <summary>
 Get the attributes of kernel module files.
 </summary>
@@ -62590,7 +62611,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_kernel_modules" lineno="4364">
+<interface name="files_read_kernel_modules" lineno="4383">
 <summary>
 Read kernel module files.
 </summary>
@@ -62600,7 +62621,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mmap_read_kernel_modules" lineno="4384">
+<interface name="files_mmap_read_kernel_modules" lineno="4403">
 <summary>
 Read and mmap kernel module files.
 </summary>
@@ -62610,7 +62631,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_write_kernel_modules" lineno="4405">
+<interface name="files_write_kernel_modules" lineno="4424">
 <summary>
 Write kernel module files.
 </summary>
@@ -62620,7 +62641,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_kernel_modules" lineno="4424">
+<interface name="files_delete_kernel_modules" lineno="4443">
 <summary>
 Delete kernel module files.
 </summary>
@@ -62630,7 +62651,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_kernel_modules" lineno="4444">
+<interface name="files_manage_kernel_modules" lineno="4463">
 <summary>
 Create, read, write, and delete
 kernel module files.
@@ -62642,7 +62663,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_relabel_kernel_modules" lineno="4464">
+<interface name="files_relabel_kernel_modules" lineno="4483">
 <summary>
 Relabel from and to kernel module files.
 </summary>
@@ -62652,7 +62673,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mounton_kernel_modules_dirs" lineno="4483">
+<interface name="files_mounton_kernel_modules_dirs" lineno="4502">
 <summary>
 Mount on kernel module directories.
 </summary>
@@ -62662,7 +62683,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_kernel_modules_filetrans" lineno="4517">
+<interface name="files_kernel_modules_filetrans" lineno="4536">
 <summary>
 Create objects in the kernel module directories
 with a private type via an automatic type transition.
@@ -62688,7 +62709,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_load_kernel_modules" lineno="4535">
+<interface name="files_load_kernel_modules" lineno="4554">
 <summary>
 Load kernel module files.
 </summary>
@@ -62698,7 +62719,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_load_kernel_modules" lineno="4554">
+<interface name="files_dontaudit_load_kernel_modules" lineno="4573">
 <summary>
 Load kernel module files.
 </summary>
@@ -62708,7 +62729,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_world_readable" lineno="4574">
+<interface name="files_list_world_readable" lineno="4593">
 <summary>
 List world-readable directories.
 </summary>
@@ -62719,7 +62740,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_read_world_readable_files" lineno="4593">
+<interface name="files_read_world_readable_files" lineno="4612">
 <summary>
 Read world-readable files.
 </summary>
@@ -62730,7 +62751,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_read_world_readable_symlinks" lineno="4612">
+<interface name="files_read_world_readable_symlinks" lineno="4631">
 <summary>
 Read world-readable symbolic links.
 </summary>
@@ -62741,7 +62762,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_read_world_readable_pipes" lineno="4630">
+<interface name="files_read_world_readable_pipes" lineno="4649">
 <summary>
 Read world-readable named pipes.
 </summary>
@@ -62751,7 +62772,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_world_readable_sockets" lineno="4648">
+<interface name="files_read_world_readable_sockets" lineno="4667">
 <summary>
 Read world-readable sockets.
 </summary>
@@ -62761,7 +62782,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_associate_tmp" lineno="4668">
+<interface name="files_associate_tmp" lineno="4687">
 <summary>
 Allow the specified type to associate
 to a filesystem with the type of the
@@ -62773,7 +62794,7 @@ Type of the file to associate.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_tmp_dirs" lineno="4686">
+<interface name="files_getattr_tmp_dirs" lineno="4705">
 <summary>
 Get the	attributes of the tmp directory (/tmp).
 </summary>
@@ -62783,7 +62804,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_tmp_dirs" lineno="4705">
+<interface name="files_dontaudit_getattr_tmp_dirs" lineno="4724">
 <summary>
 Do not audit attempts to get the
 attributes of the tmp directory (/tmp).
@@ -62794,7 +62815,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_tmp" lineno="4723">
+<interface name="files_search_tmp" lineno="4742">
 <summary>
 Search the tmp directory (/tmp).
 </summary>
@@ -62804,7 +62825,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_tmp" lineno="4741">
+<interface name="files_dontaudit_search_tmp" lineno="4760">
 <summary>
 Do not audit attempts to search the tmp directory (/tmp).
 </summary>
@@ -62814,7 +62835,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_tmp" lineno="4759">
+<interface name="files_list_tmp" lineno="4778">
 <summary>
 Read the tmp directory (/tmp).
 </summary>
@@ -62824,7 +62845,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_tmp" lineno="4777">
+<interface name="files_dontaudit_list_tmp" lineno="4796">
 <summary>
 Do not audit listing of the tmp directory (/tmp).
 </summary>
@@ -62834,7 +62855,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_tmp_dir_entry" lineno="4795">
+<interface name="files_delete_tmp_dir_entry" lineno="4814">
 <summary>
 Remove entries from the tmp directory.
 </summary>
@@ -62844,7 +62865,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_generic_tmp_files" lineno="4813">
+<interface name="files_read_generic_tmp_files" lineno="4832">
 <summary>
 Read files in the tmp directory (/tmp).
 </summary>
@@ -62854,7 +62875,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_generic_tmp_dirs" lineno="4831">
+<interface name="files_manage_generic_tmp_dirs" lineno="4850">
 <summary>
 Manage temporary directories in /tmp.
 </summary>
@@ -62864,7 +62885,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_generic_tmp_dirs" lineno="4849">
+<interface name="files_relabel_generic_tmp_dirs" lineno="4868">
 <summary>
 Relabel temporary directories in /tmp.
 </summary>
@@ -62874,7 +62895,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_generic_tmp_files" lineno="4867">
+<interface name="files_manage_generic_tmp_files" lineno="4886">
 <summary>
 Manage temporary files and directories in /tmp.
 </summary>
@@ -62884,7 +62905,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_generic_tmp_symlinks" lineno="4885">
+<interface name="files_read_generic_tmp_symlinks" lineno="4904">
 <summary>
 Read symbolic links in the tmp directory (/tmp).
 </summary>
@@ -62894,7 +62915,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_generic_tmp_sockets" lineno="4903">
+<interface name="files_rw_generic_tmp_sockets" lineno="4922">
 <summary>
 Read and write generic named sockets in the tmp directory (/tmp).
 </summary>
@@ -62904,7 +62925,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mounton_tmp" lineno="4921">
+<interface name="files_mounton_tmp" lineno="4940">
 <summary>
 Mount filesystems in the tmp directory (/tmp)
 </summary>
@@ -62914,7 +62935,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_all_tmp_dirs" lineno="4939">
+<interface name="files_setattr_all_tmp_dirs" lineno="4958">
 <summary>
 Set the attributes of all tmp directories.
 </summary>
@@ -62924,7 +62945,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_all_tmp" lineno="4957">
+<interface name="files_list_all_tmp" lineno="4976">
 <summary>
 List all tmp directories.
 </summary>
@@ -62934,7 +62955,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_tmp_dirs" lineno="4977">
+<interface name="files_relabel_all_tmp_dirs" lineno="4996">
 <summary>
 Relabel to and from all temporary
 directory types.
@@ -62946,7 +62967,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_dontaudit_getattr_all_tmp_files" lineno="4998">
+<interface name="files_dontaudit_getattr_all_tmp_files" lineno="5017">
 <summary>
 Do not audit attempts to get the attributes
 of all tmp files.
@@ -62957,7 +62978,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_all_tmp_files" lineno="5017">
+<interface name="files_getattr_all_tmp_files" lineno="5036">
 <summary>
 Allow attempts to get the attributes
 of all tmp files.
@@ -62968,7 +62989,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_tmp_files" lineno="5037">
+<interface name="files_relabel_all_tmp_files" lineno="5056">
 <summary>
 Relabel to and from all temporary
 file types.
@@ -62980,7 +63001,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="5058">
+<interface name="files_dontaudit_getattr_all_tmp_sockets" lineno="5077">
 <summary>
 Do not audit attempts to get the attributes
 of all tmp sock_file.
@@ -62991,7 +63012,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="files_read_all_tmp_files" lineno="5076">
+<interface name="files_read_all_tmp_files" lineno="5095">
 <summary>
 Read all tmp files.
 </summary>
@@ -63001,7 +63022,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_tmp_filetrans" lineno="5110">
+<interface name="files_tmp_filetrans" lineno="5129">
 <summary>
 Create an object in the tmp directories, with a private
 type using a type transition.
@@ -63027,7 +63048,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_purge_tmp" lineno="5128">
+<interface name="files_purge_tmp" lineno="5147">
 <summary>
 Delete the contents of /tmp.
 </summary>
@@ -63037,7 +63058,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_all_tmpfs_files" lineno="5151">
+<interface name="files_getattr_all_tmpfs_files" lineno="5170">
 <summary>
 Get the attributes of all tmpfs files.
 </summary>
@@ -63047,7 +63068,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_usr_dirs" lineno="5170">
+<interface name="files_setattr_usr_dirs" lineno="5189">
 <summary>
 Set the attributes of the /usr directory.
 </summary>
@@ -63057,7 +63078,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_usr" lineno="5188">
+<interface name="files_search_usr" lineno="5207">
 <summary>
 Search the content of /usr.
 </summary>
@@ -63067,7 +63088,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_usr" lineno="5207">
+<interface name="files_list_usr" lineno="5226">
 <summary>
 List the contents of generic
 directories in /usr.
@@ -63078,7 +63099,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_usr_dirs" lineno="5225">
+<interface name="files_dontaudit_write_usr_dirs" lineno="5244">
 <summary>
 Do not audit write of /usr dirs
 </summary>
@@ -63088,7 +63109,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_usr_dirs" lineno="5243">
+<interface name="files_rw_usr_dirs" lineno="5262">
 <summary>
 Add and remove entries from /usr directories.
 </summary>
@@ -63098,7 +63119,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_rw_usr_dirs" lineno="5262">
+<interface name="files_dontaudit_rw_usr_dirs" lineno="5281">
 <summary>
 Do not audit attempts to add and remove
 entries from /usr directories.
@@ -63109,7 +63130,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_usr_dirs" lineno="5280">
+<interface name="files_delete_usr_dirs" lineno="5299">
 <summary>
 Delete generic directories in /usr in the caller domain.
 </summary>
@@ -63119,7 +63140,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_watch_usr_dirs" lineno="5298">
+<interface name="files_watch_usr_dirs" lineno="5317">
 <summary>
 Watch generic directories in /usr.
 </summary>
@@ -63129,7 +63150,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_usr_files" lineno="5316">
+<interface name="files_delete_usr_files" lineno="5335">
 <summary>
 Delete generic files in /usr in the caller domain.
 </summary>
@@ -63139,7 +63160,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_usr_files" lineno="5334">
+<interface name="files_getattr_usr_files" lineno="5353">
 <summary>
 Get the attributes of files in /usr.
 </summary>
@@ -63149,7 +63170,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_map_usr_files" lineno="5353">
+<interface name="files_map_usr_files" lineno="5372">
 <summary>
 Map generic files in /usr.
 </summary>
@@ -63160,7 +63181,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="files_read_usr_files" lineno="5389">
+<interface name="files_read_usr_files" lineno="5408">
 <summary>
 Read generic files in /usr.
 </summary>
@@ -63188,7 +63209,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="10"/>
 </interface>
-<interface name="files_exec_usr_files" lineno="5409">
+<interface name="files_exec_usr_files" lineno="5428">
 <summary>
 Execute generic programs in /usr in the caller domain.
 </summary>
@@ -63198,7 +63219,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_usr_files" lineno="5429">
+<interface name="files_dontaudit_write_usr_files" lineno="5448">
 <summary>
 dontaudit write of /usr files
 </summary>
@@ -63208,7 +63229,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_usr_files" lineno="5447">
+<interface name="files_manage_usr_files" lineno="5466">
 <summary>
 Create, read, write, and delete files in the /usr directory.
 </summary>
@@ -63218,7 +63239,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabelto_usr_files" lineno="5465">
+<interface name="files_relabelto_usr_files" lineno="5484">
 <summary>
 Relabel a file to the type used in /usr.
 </summary>
@@ -63228,7 +63249,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabelfrom_usr_files" lineno="5483">
+<interface name="files_relabelfrom_usr_files" lineno="5502">
 <summary>
 Relabel a file from the type used in /usr.
 </summary>
@@ -63238,7 +63259,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_usr_symlinks" lineno="5501">
+<interface name="files_read_usr_symlinks" lineno="5520">
 <summary>
 Read symbolic links in /usr.
 </summary>
@@ -63248,7 +63269,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_usr_filetrans" lineno="5534">
+<interface name="files_usr_filetrans" lineno="5553">
 <summary>
 Create objects in the /usr directory
 </summary>
@@ -63273,7 +63294,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_search_src" lineno="5552">
+<interface name="files_search_src" lineno="5571">
 <summary>
 Search directories in /usr/src.
 </summary>
@@ -63283,7 +63304,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_src" lineno="5570">
+<interface name="files_dontaudit_search_src" lineno="5589">
 <summary>
 Do not audit attempts to search /usr/src.
 </summary>
@@ -63293,7 +63314,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_usr_src_files" lineno="5588">
+<interface name="files_getattr_usr_src_files" lineno="5607">
 <summary>
 Get the attributes of files in /usr/src.
 </summary>
@@ -63303,7 +63324,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_usr_src_files" lineno="5609">
+<interface name="files_read_usr_src_files" lineno="5628">
 <summary>
 Read files in /usr/src.
 </summary>
@@ -63313,7 +63334,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_exec_usr_src_files" lineno="5630">
+<interface name="files_exec_usr_src_files" lineno="5649">
 <summary>
 Execute programs in /usr/src in the caller domain.
 </summary>
@@ -63323,7 +63344,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_create_kernel_symbol_table" lineno="5650">
+<interface name="files_create_kernel_symbol_table" lineno="5669">
 <summary>
 Install a system.map into the /boot directory.
 </summary>
@@ -63333,7 +63354,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_kernel_symbol_table" lineno="5669">
+<interface name="files_read_kernel_symbol_table" lineno="5688">
 <summary>
 Read system.map in the /boot directory.
 </summary>
@@ -63343,7 +63364,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_kernel_symbol_table" lineno="5688">
+<interface name="files_delete_kernel_symbol_table" lineno="5707">
 <summary>
 Delete a system.map in the /boot directory.
 </summary>
@@ -63353,7 +63374,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_var" lineno="5707">
+<interface name="files_search_var" lineno="5726">
 <summary>
 Search the contents of /var.
 </summary>
@@ -63363,7 +63384,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_var_dirs" lineno="5725">
+<interface name="files_dontaudit_write_var_dirs" lineno="5744">
 <summary>
 Do not audit attempts to write to /var.
 </summary>
@@ -63373,7 +63394,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_write_var_dirs" lineno="5743">
+<interface name="files_write_var_dirs" lineno="5762">
 <summary>
 Allow attempts to write to /var.dirs
 </summary>
@@ -63383,7 +63404,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_var" lineno="5762">
+<interface name="files_dontaudit_search_var" lineno="5781">
 <summary>
 Do not audit attempts to search
 the contents of /var.
@@ -63394,7 +63415,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_var" lineno="5780">
+<interface name="files_list_var" lineno="5799">
 <summary>
 List the contents of /var.
 </summary>
@@ -63404,7 +63425,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_list_var" lineno="5799">
+<interface name="files_dontaudit_list_var" lineno="5818">
 <summary>
 Do not audit attempts to list
 the contents of /var.
@@ -63415,7 +63436,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_var_dirs" lineno="5818">
+<interface name="files_manage_var_dirs" lineno="5837">
 <summary>
 Create, read, write, and delete directories
 in the /var directory.
@@ -63426,7 +63447,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_var_dirs" lineno="5836">
+<interface name="files_relabel_var_dirs" lineno="5855">
 <summary>
 relabelto/from var directories
 </summary>
@@ -63436,7 +63457,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_var_files" lineno="5854">
+<interface name="files_read_var_files" lineno="5873">
 <summary>
 Read files in the /var directory.
 </summary>
@@ -63446,7 +63467,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_append_var_files" lineno="5872">
+<interface name="files_append_var_files" lineno="5891">
 <summary>
 Append files in the /var directory.
 </summary>
@@ -63456,7 +63477,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_var_files" lineno="5890">
+<interface name="files_rw_var_files" lineno="5909">
 <summary>
 Read and write files in the /var directory.
 </summary>
@@ -63466,7 +63487,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_rw_var_files" lineno="5909">
+<interface name="files_dontaudit_rw_var_files" lineno="5928">
 <summary>
 Do not audit attempts to read and write
 files in the /var directory.
@@ -63477,7 +63498,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_var_files" lineno="5927">
+<interface name="files_manage_var_files" lineno="5946">
 <summary>
 Create, read, write, and delete files in the /var directory.
 </summary>
@@ -63487,7 +63508,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_var_symlinks" lineno="5945">
+<interface name="files_read_var_symlinks" lineno="5964">
 <summary>
 Read symbolic links in the /var directory.
 </summary>
@@ -63497,7 +63518,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_var_symlinks" lineno="5964">
+<interface name="files_manage_var_symlinks" lineno="5983">
 <summary>
 Create, read, write, and delete symbolic
 links in the /var directory.
@@ -63508,7 +63529,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_var_filetrans" lineno="5997">
+<interface name="files_var_filetrans" lineno="6016">
 <summary>
 Create objects in the /var directory
 </summary>
@@ -63533,7 +63554,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_getattr_var_lib_dirs" lineno="6015">
+<interface name="files_getattr_var_lib_dirs" lineno="6034">
 <summary>
 Get the attributes of the /var/lib directory.
 </summary>
@@ -63543,7 +63564,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_var_lib" lineno="6047">
+<interface name="files_search_var_lib" lineno="6066">
 <summary>
 Search the /var/lib directory.
 </summary>
@@ -63567,7 +63588,7 @@ Domain allowed access.
 </param>
 <infoflow type="read" weight="5"/>
 </interface>
-<interface name="files_dontaudit_search_var_lib" lineno="6067">
+<interface name="files_dontaudit_search_var_lib" lineno="6086">
 <summary>
 Do not audit attempts to search the
 contents of /var/lib.
@@ -63579,7 +63600,7 @@ Domain to not audit.
 </param>
 <infoflow type="read" weight="5"/>
 </interface>
-<interface name="files_list_var_lib" lineno="6085">
+<interface name="files_list_var_lib" lineno="6104">
 <summary>
 List the contents of the /var/lib directory.
 </summary>
@@ -63589,7 +63610,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_var_lib_dirs" lineno="6103">
+<interface name="files_rw_var_lib_dirs" lineno="6122">
 <summary>
 Read-write /var/lib directories
 </summary>
@@ -63599,7 +63620,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_var_lib_dirs" lineno="6121">
+<interface name="files_manage_var_lib_dirs" lineno="6140">
 <summary>
 manage var_lib_t dirs
 </summary>
@@ -63609,7 +63630,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_var_lib_dirs" lineno="6140">
+<interface name="files_relabel_var_lib_dirs" lineno="6159">
 <summary>
 relabel var_lib_t dirs
 </summary>
@@ -63619,7 +63640,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_var_lib_filetrans" lineno="6174">
+<interface name="files_var_lib_filetrans" lineno="6193">
 <summary>
 Create objects in the /var/lib directory
 </summary>
@@ -63644,7 +63665,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_read_var_lib_files" lineno="6193">
+<interface name="files_read_var_lib_files" lineno="6212">
 <summary>
 Read generic files in /var/lib.
 </summary>
@@ -63654,7 +63675,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_var_lib_symlinks" lineno="6212">
+<interface name="files_read_var_lib_symlinks" lineno="6231">
 <summary>
 Read generic symbolic links in /var/lib
 </summary>
@@ -63664,7 +63685,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_urandom_seed" lineno="6234">
+<interface name="files_manage_urandom_seed" lineno="6253">
 <summary>
 Create, read, write, and delete the
 pseudorandom number generator seed.
@@ -63675,7 +63696,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_mounttab" lineno="6254">
+<interface name="files_manage_mounttab" lineno="6273">
 <summary>
 Allow domain to manage mount tables
 necessary for rpcd, nfsd, etc.
@@ -63686,7 +63707,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_lock_dirs" lineno="6273">
+<interface name="files_setattr_lock_dirs" lineno="6292">
 <summary>
 Set the attributes of the generic lock directories.
 </summary>
@@ -63696,7 +63717,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_locks" lineno="6291">
+<interface name="files_search_locks" lineno="6310">
 <summary>
 Search the locks directory (/var/lock).
 </summary>
@@ -63706,7 +63727,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_locks" lineno="6311">
+<interface name="files_dontaudit_search_locks" lineno="6330">
 <summary>
 Do not audit attempts to search the
 locks directory (/var/lock).
@@ -63717,7 +63738,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_locks" lineno="6330">
+<interface name="files_list_locks" lineno="6349">
 <summary>
 List generic lock directories.
 </summary>
@@ -63727,7 +63748,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_check_write_lock_dirs" lineno="6349">
+<interface name="files_check_write_lock_dirs" lineno="6368">
 <summary>
 Test write access on lock directories.
 </summary>
@@ -63737,7 +63758,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_add_entry_lock_dirs" lineno="6368">
+<interface name="files_add_entry_lock_dirs" lineno="6387">
 <summary>
 Add entries in the /var/lock directories.
 </summary>
@@ -63747,7 +63768,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_lock_dirs" lineno="6388">
+<interface name="files_rw_lock_dirs" lineno="6407">
 <summary>
 Add and remove entries in the /var/lock
 directories.
@@ -63758,7 +63779,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_create_lock_dirs" lineno="6407">
+<interface name="files_create_lock_dirs" lineno="6426">
 <summary>
 Create lock directories
 </summary>
@@ -63768,7 +63789,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_lock_dirs" lineno="6428">
+<interface name="files_relabel_all_lock_dirs" lineno="6447">
 <summary>
 Relabel to and from all lock directory types.
 </summary>
@@ -63779,7 +63800,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_getattr_generic_locks" lineno="6449">
+<interface name="files_getattr_generic_locks" lineno="6468">
 <summary>
 Get the attributes of generic lock files.
 </summary>
@@ -63789,7 +63810,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_generic_locks" lineno="6470">
+<interface name="files_delete_generic_locks" lineno="6489">
 <summary>
 Delete generic lock files.
 </summary>
@@ -63799,7 +63820,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_generic_locks" lineno="6491">
+<interface name="files_manage_generic_locks" lineno="6510">
 <summary>
 Create, read, write, and delete generic
 lock files.
@@ -63810,7 +63831,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_all_locks" lineno="6513">
+<interface name="files_delete_all_locks" lineno="6532">
 <summary>
 Delete all lock files.
 </summary>
@@ -63821,7 +63842,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_read_all_locks" lineno="6534">
+<interface name="files_read_all_locks" lineno="6553">
 <summary>
 Read all lock files.
 </summary>
@@ -63831,7 +63852,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_all_locks" lineno="6557">
+<interface name="files_manage_all_locks" lineno="6576">
 <summary>
 manage all lock files.
 </summary>
@@ -63841,7 +63862,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_locks" lineno="6580">
+<interface name="files_relabel_all_locks" lineno="6599">
 <summary>
 Relabel from/to all lock files.
 </summary>
@@ -63851,7 +63872,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_lock_filetrans" lineno="6619">
+<interface name="files_lock_filetrans" lineno="6638">
 <summary>
 Create an object in the locks directory, with a private
 type using a type transition.
@@ -63877,7 +63898,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_runtime_dirs" lineno="6640">
+<interface name="files_dontaudit_getattr_runtime_dirs" lineno="6659">
 <summary>
 Do not audit attempts to get the attributes
 of the /var/run directory.
@@ -63888,7 +63909,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_mounton_runtime_dirs" lineno="6659">
+<interface name="files_mounton_runtime_dirs" lineno="6678">
 <summary>
 mounton a /var/run directory.
 </summary>
@@ -63898,7 +63919,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_setattr_runtime_dirs" lineno="6677">
+<interface name="files_setattr_runtime_dirs" lineno="6696">
 <summary>
 Set the attributes of the /var/run directory.
 </summary>
@@ -63908,7 +63929,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_runtime" lineno="6697">
+<interface name="files_search_runtime" lineno="6716">
 <summary>
 Search the contents of runtime process
 ID directories (/var/run).
@@ -63919,7 +63940,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_runtime" lineno="6717">
+<interface name="files_dontaudit_search_runtime" lineno="6736">
 <summary>
 Do not audit attempts to search
 the /var/run directory.
@@ -63930,7 +63951,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_runtime" lineno="6737">
+<interface name="files_list_runtime" lineno="6756">
 <summary>
 List the contents of the runtime process
 ID directories (/var/run).
@@ -63941,7 +63962,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_check_write_runtime_dirs" lineno="6756">
+<interface name="files_check_write_runtime_dirs" lineno="6775">
 <summary>
 Check write access on /var/run directories.
 </summary>
@@ -63951,7 +63972,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_create_runtime_dirs" lineno="6774">
+<interface name="files_create_runtime_dirs" lineno="6793">
 <summary>
 Create a /var/run directory.
 </summary>
@@ -63961,7 +63982,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_watch_runtime_dirs" lineno="6792">
+<interface name="files_watch_runtime_dirs" lineno="6811">
 <summary>
 Watch /var/run directories.
 </summary>
@@ -63971,7 +63992,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_runtime_files" lineno="6810">
+<interface name="files_read_runtime_files" lineno="6829">
 <summary>
 Read generic runtime files.
 </summary>
@@ -63981,7 +64002,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_exec_runtime" lineno="6830">
+<interface name="files_exec_runtime" lineno="6849">
 <summary>
 Execute generic programs in /var/run in the caller domain.
 </summary>
@@ -63991,7 +64012,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_rw_runtime_files" lineno="6848">
+<interface name="files_rw_runtime_files" lineno="6867">
 <summary>
 Read and write generic runtime files.
 </summary>
@@ -64001,7 +64022,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_runtime_symlinks" lineno="6868">
+<interface name="files_delete_runtime_symlinks" lineno="6887">
 <summary>
 Delete generic runtime symlinks.
 </summary>
@@ -64011,7 +64032,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_write_runtime_pipes" lineno="6886">
+<interface name="files_write_runtime_pipes" lineno="6905">
 <summary>
 Write named generic runtime pipes.
 </summary>
@@ -64021,7 +64042,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_all_runtime_dirs" lineno="6906">
+<interface name="files_delete_all_runtime_dirs" lineno="6925">
 <summary>
 Delete all runtime dirs.
 </summary>
@@ -64032,7 +64053,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_all_runtime_dirs" lineno="6924">
+<interface name="files_manage_all_runtime_dirs" lineno="6943">
 <summary>
 Create, read, write, and delete all runtime directories.
 </summary>
@@ -64042,7 +64063,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_runtime_dirs" lineno="6942">
+<interface name="files_relabel_all_runtime_dirs" lineno="6961">
 <summary>
 Relabel all runtime directories.
 </summary>
@@ -64052,7 +64073,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_getattr_all_runtime_files" lineno="6961">
+<interface name="files_dontaudit_getattr_all_runtime_files" lineno="6980">
 <summary>
 Do not audit attempts to get the attributes of
 all runtime data files.
@@ -64063,7 +64084,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_read_all_runtime_files" lineno="6982">
+<interface name="files_read_all_runtime_files" lineno="7001">
 <summary>
 Read all runtime files.
 </summary>
@@ -64074,7 +64095,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_dontaudit_ioctl_all_runtime_files" lineno="7003">
+<interface name="files_dontaudit_ioctl_all_runtime_files" lineno="7022">
 <summary>
 Do not audit attempts to ioctl all runtime files.
 </summary>
@@ -64084,7 +64105,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_write_all_runtime_files" lineno="7023">
+<interface name="files_dontaudit_write_all_runtime_files" lineno="7042">
 <summary>
 Do not audit attempts to write to all runtime files.
 </summary>
@@ -64094,7 +64115,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_all_runtime_files" lineno="7044">
+<interface name="files_delete_all_runtime_files" lineno="7063">
 <summary>
 Delete all runtime files.
 </summary>
@@ -64105,7 +64126,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_all_runtime_files" lineno="7063">
+<interface name="files_manage_all_runtime_files" lineno="7082">
 <summary>
 Create, read, write and delete all
 var_run (pid) files
@@ -64116,7 +64137,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_runtime_files" lineno="7081">
+<interface name="files_relabel_all_runtime_files" lineno="7100">
 <summary>
 Relabel all runtime files.
 </summary>
@@ -64126,7 +64147,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_all_runtime_symlinks" lineno="7100">
+<interface name="files_delete_all_runtime_symlinks" lineno="7119">
 <summary>
 Delete all runtime symlinks.
 </summary>
@@ -64137,7 +64158,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_all_runtime_symlinks" lineno="7119">
+<interface name="files_manage_all_runtime_symlinks" lineno="7138">
 <summary>
 Create, read, write and delete all
 var_run (pid) symbolic links.
@@ -64148,7 +64169,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_runtime_symlinks" lineno="7137">
+<interface name="files_relabel_all_runtime_symlinks" lineno="7156">
 <summary>
 Relabel all runtime symbolic links.
 </summary>
@@ -64158,7 +64179,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_create_all_runtime_pipes" lineno="7155">
+<interface name="files_create_all_runtime_pipes" lineno="7174">
 <summary>
 Create all runtime named pipes
 </summary>
@@ -64168,7 +64189,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_all_runtime_pipes" lineno="7174">
+<interface name="files_delete_all_runtime_pipes" lineno="7193">
 <summary>
 Delete all runtime named pipes
 </summary>
@@ -64178,7 +64199,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_create_all_runtime_sockets" lineno="7193">
+<interface name="files_create_all_runtime_sockets" lineno="7212">
 <summary>
 Create all runtime sockets.
 </summary>
@@ -64188,7 +64209,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_all_runtime_sockets" lineno="7211">
+<interface name="files_delete_all_runtime_sockets" lineno="7230">
 <summary>
 Delete all runtime sockets.
 </summary>
@@ -64198,7 +64219,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_runtime_sockets" lineno="7229">
+<interface name="files_relabel_all_runtime_sockets" lineno="7248">
 <summary>
 Relabel all runtime named sockets.
 </summary>
@@ -64208,7 +64229,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_runtime_filetrans" lineno="7289">
+<interface name="files_runtime_filetrans" lineno="7308">
 <summary>
 Create an object in the /run directory, with a private type.
 </summary>
@@ -64260,7 +64281,7 @@ The name of the object being created.
 </param>
 <infoflow type="write" weight="10"/>
 </interface>
-<interface name="files_runtime_filetrans_lock_dir" lineno="7314">
+<interface name="files_runtime_filetrans_lock_dir" lineno="7333">
 <summary>
 Create a generic lock directory within the run directories.
 </summary>
@@ -64275,7 +64296,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_create_all_spool_sockets" lineno="7332">
+<interface name="files_create_all_spool_sockets" lineno="7351">
 <summary>
 Create all spool sockets
 </summary>
@@ -64285,7 +64306,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_delete_all_spool_sockets" lineno="7350">
+<interface name="files_delete_all_spool_sockets" lineno="7369">
 <summary>
 Delete all spool sockets
 </summary>
@@ -64295,7 +64316,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_mounton_all_poly_members" lineno="7369">
+<interface name="files_mounton_all_poly_members" lineno="7388">
 <summary>
 Mount filesystems on all polyinstantiation
 member directories.
@@ -64306,7 +64327,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_search_spool" lineno="7388">
+<interface name="files_search_spool" lineno="7407">
 <summary>
 Search the contents of generic spool
 directories (/var/spool).
@@ -64317,7 +64338,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_dontaudit_search_spool" lineno="7407">
+<interface name="files_dontaudit_search_spool" lineno="7426">
 <summary>
 Do not audit attempts to search generic
 spool directories.
@@ -64328,7 +64349,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="files_list_spool" lineno="7426">
+<interface name="files_list_spool" lineno="7445">
 <summary>
 List the contents of generic spool
 (/var/spool) directories.
@@ -64339,7 +64360,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_generic_spool_dirs" lineno="7445">
+<interface name="files_manage_generic_spool_dirs" lineno="7464">
 <summary>
 Create, read, write, and delete generic
 spool directories (/var/spool).
@@ -64350,7 +64371,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_read_generic_spool" lineno="7464">
+<interface name="files_read_generic_spool" lineno="7483">
 <summary>
 Read generic spool files.
 </summary>
@@ -64360,7 +64381,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_generic_spool" lineno="7484">
+<interface name="files_manage_generic_spool" lineno="7503">
 <summary>
 Create, read, write, and delete generic
 spool files.
@@ -64371,7 +64392,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_spool_filetrans" lineno="7520">
+<interface name="files_spool_filetrans" lineno="7539">
 <summary>
 Create objects in the spool directory
 with a private type with a type transition.
@@ -64398,7 +64419,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="files_polyinstantiate_all" lineno="7540">
+<interface name="files_polyinstantiate_all" lineno="7559">
 <summary>
 Allow access to manage all polyinstantiated
 directories on the system.
@@ -64409,7 +64430,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_unconfined" lineno="7594">
+<interface name="files_unconfined" lineno="7613">
 <summary>
 Unconfined access to files.
 </summary>
@@ -64419,7 +64440,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_manage_etc_runtime_lnk_files" lineno="7616">
+<interface name="files_manage_etc_runtime_lnk_files" lineno="7635">
 <summary>
 Create, read, write, and delete symbolic links in
 /etc that are dynamically created on boot.
@@ -64431,7 +64452,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_dontaudit_read_etc_runtime" lineno="7634">
+<interface name="files_dontaudit_read_etc_runtime" lineno="7653">
 <summary>
 Do not audit attempts to read etc_runtime resources
 </summary>
@@ -64441,7 +64462,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="files_list_src" lineno="7652">
+<interface name="files_list_src" lineno="7671">
 <summary>
 List usr/src files
 </summary>
@@ -64451,7 +64472,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="files_read_src_files" lineno="7670">
+<interface name="files_read_src_files" lineno="7689">
 <summary>
 Read usr/src files
 </summary>
@@ -64461,7 +64482,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="files_manage_src_files" lineno="7688">
+<interface name="files_manage_src_files" lineno="7707">
 <summary>
 Manage /usr/src files
 </summary>
@@ -64471,7 +64492,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="files_lib_filetrans_kernel_modules" lineno="7719">
+<interface name="files_lib_filetrans_kernel_modules" lineno="7738">
 <summary>
 Create a resource in the generic lib location
 with an automatic type transition towards the kernel modules
@@ -64493,7 +64514,7 @@ Optional name of the resource
 </summary>
 </param>
 </interface>
-<interface name="files_read_etc_runtime" lineno="7737">
+<interface name="files_read_etc_runtime" lineno="7756">
 <summary>
 Read etc runtime resources
 </summary>
@@ -64503,7 +64524,7 @@ Domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="files_relabel_all_non_security_file_types" lineno="7759">
+<interface name="files_relabel_all_non_security_file_types" lineno="7778">
 <summary>
 Allow relabel from and to non-security types
 </summary>
@@ -64514,7 +64535,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_manage_all_non_security_file_types" lineno="7789">
+<interface name="files_manage_all_non_security_file_types" lineno="7808">
 <summary>
 Manage non-security-sensitive resource types
 </summary>
@@ -64525,7 +64546,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="files_relabel_all_pidfiles" lineno="7811">
+<interface name="files_relabel_all_pidfiles" lineno="7830">
 <summary>
 Allow relabeling from and to any pidfile associated type
 </summary>
@@ -65023,7 +65044,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_cgroup_dirs" lineno="818">
+<interface name="fs_list_cgroup_dirs" lineno="817">
 <summary>
 list cgroup directories.
 </summary>
@@ -65033,7 +65054,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_ioctl_cgroup_dirs" lineno="837">
+<interface name="fs_ioctl_cgroup_dirs" lineno="836">
 <summary>
 Ioctl cgroup directories.
 </summary>
@@ -65043,7 +65064,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_delete_cgroup_dirs" lineno="856">
+<interface name="fs_create_cgroup_dirs" lineno="855">
+<summary>
+Create cgroup directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_delete_cgroup_dirs" lineno="874">
 <summary>
 Delete cgroup directories.
 </summary>
@@ -65053,7 +65084,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cgroup_dirs" lineno="875">
+<interface name="fs_manage_cgroup_dirs" lineno="893">
 <summary>
 Manage cgroup directories.
 </summary>
@@ -65063,7 +65094,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabel_cgroup_dirs" lineno="895">
+<interface name="fs_relabel_cgroup_dirs" lineno="913">
 <summary>
 Relabel cgroup directories.
 </summary>
@@ -65073,7 +65104,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_cgroup_files" lineno="913">
+<interface name="fs_getattr_cgroup_files" lineno="931">
 <summary>
 Get attributes of cgroup files.
 </summary>
@@ -65083,7 +65114,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_cgroup_files" lineno="933">
+<interface name="fs_read_cgroup_files" lineno="951">
 <summary>
 Read cgroup files.
 </summary>
@@ -65093,7 +65124,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_watch_cgroup_files" lineno="954">
+<interface name="fs_create_cgroup_files" lineno="972">
+<summary>
+Create cgroup files.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="fs_watch_cgroup_files" lineno="992">
 <summary>
 Watch cgroup files.
 </summary>
@@ -65103,7 +65144,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_create_cgroup_links" lineno="973">
+<interface name="fs_create_cgroup_links" lineno="1011">
 <summary>
 Create cgroup lnk_files.
 </summary>
@@ -65113,7 +65154,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_write_cgroup_files" lineno="993">
+<interface name="fs_write_cgroup_files" lineno="1031">
 <summary>
 Write cgroup files.
 </summary>
@@ -65123,7 +65164,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_cgroup_files" lineno="1012">
+<interface name="fs_rw_cgroup_files" lineno="1050">
 <summary>
 Read and write cgroup files.
 </summary>
@@ -65133,7 +65174,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_rw_cgroup_files" lineno="1034">
+<interface name="fs_dontaudit_rw_cgroup_files" lineno="1072">
 <summary>
 Do not audit attempts to open,
 get attributes, read and write
@@ -65145,7 +65186,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cgroup_files" lineno="1052">
+<interface name="fs_manage_cgroup_files" lineno="1090">
 <summary>
 Manage cgroup files.
 </summary>
@@ -65155,7 +65196,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabel_cgroup_symlinks" lineno="1072">
+<interface name="fs_relabel_cgroup_symlinks" lineno="1110">
 <summary>
 Relabel cgroup symbolic links.
 </summary>
@@ -65165,7 +65206,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_watch_cgroup_dirs" lineno="1090">
+<interface name="fs_watch_cgroup_dirs" lineno="1128">
 <summary>
 Watch cgroup directories.
 </summary>
@@ -65175,7 +65216,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mounton_cgroup" lineno="1108">
+<interface name="fs_mounton_cgroup" lineno="1146">
 <summary>
 Mount on cgroup directories.
 </summary>
@@ -65185,7 +65226,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_cgroup_filetrans" lineno="1142">
+<interface name="fs_cgroup_filetrans" lineno="1180">
 <summary>
 Create an object in a cgroup tmpfs filesystem, with a private
 type using a type transition.
@@ -65211,7 +65252,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_cifs_dirs" lineno="1163">
+<interface name="fs_dontaudit_list_cifs_dirs" lineno="1201">
 <summary>
 Do not audit attempts to read
 dirs on a CIFS or SMB filesystem.
@@ -65222,7 +65263,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_cifs" lineno="1181">
+<interface name="fs_mount_cifs" lineno="1219">
 <summary>
 Mount a CIFS or SMB network filesystem.
 </summary>
@@ -65232,7 +65273,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_cifs" lineno="1200">
+<interface name="fs_remount_cifs" lineno="1238">
 <summary>
 Remount a CIFS or SMB network filesystem.
 This allows some mount options to be changed.
@@ -65243,7 +65284,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_cifs" lineno="1218">
+<interface name="fs_unmount_cifs" lineno="1256">
 <summary>
 Unmount a CIFS or SMB network filesystem.
 </summary>
@@ -65253,7 +65294,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_cifs" lineno="1238">
+<interface name="fs_getattr_cifs" lineno="1276">
 <summary>
 Get the attributes of a CIFS or
 SMB network filesystem.
@@ -65265,7 +65306,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_search_cifs" lineno="1256">
+<interface name="fs_search_cifs" lineno="1294">
 <summary>
 Search directories on a CIFS or SMB filesystem.
 </summary>
@@ -65275,7 +65316,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_cifs" lineno="1275">
+<interface name="fs_list_cifs" lineno="1313">
 <summary>
 List the contents of directories on a
 CIFS or SMB filesystem.
@@ -65286,7 +65327,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_cifs" lineno="1294">
+<interface name="fs_dontaudit_list_cifs" lineno="1332">
 <summary>
 Do not audit attempts to list the contents
 of directories on a CIFS or SMB filesystem.
@@ -65297,7 +65338,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_mounton_cifs" lineno="1312">
+<interface name="fs_mounton_cifs" lineno="1350">
 <summary>
 Mounton a CIFS filesystem.
 </summary>
@@ -65307,7 +65348,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_cifs_files" lineno="1331">
+<interface name="fs_read_cifs_files" lineno="1369">
 <summary>
 Read files on a CIFS or SMB filesystem.
 </summary>
@@ -65318,7 +65359,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_read_all_inherited_image_files" lineno="1351">
+<interface name="fs_read_all_inherited_image_files" lineno="1389">
 <summary>
 Read all inherited filesystem image files.
 </summary>
@@ -65329,7 +65370,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_read_all_image_files" lineno="1370">
+<interface name="fs_read_all_image_files" lineno="1408">
 <summary>
 Read all filesystem image files.
 </summary>
@@ -65340,7 +65381,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_mmap_read_all_image_files" lineno="1389">
+<interface name="fs_mmap_read_all_image_files" lineno="1427">
 <summary>
 Mmap-read all filesystem image files.
 </summary>
@@ -65351,7 +65392,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_rw_all_image_files" lineno="1408">
+<interface name="fs_rw_all_image_files" lineno="1446">
 <summary>
 Read and write all filesystem image files.
 </summary>
@@ -65362,7 +65403,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_mmap_rw_all_image_files" lineno="1427">
+<interface name="fs_mmap_rw_all_image_files" lineno="1465">
 <summary>
 Mmap-Read-write all filesystem image files.
 </summary>
@@ -65373,7 +65414,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_write_all_image_files" lineno="1446">
+<interface name="fs_dontaudit_write_all_image_files" lineno="1484">
 <summary>
 Do not audit attempts to write all filesystem image files.
 </summary>
@@ -65384,7 +65425,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_getattr_noxattr_fs" lineno="1466">
+<interface name="fs_getattr_noxattr_fs" lineno="1504">
 <summary>
 Get the attributes of filesystems that
 do not have extended attribute support.
@@ -65396,7 +65437,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_list_noxattr_fs" lineno="1484">
+<interface name="fs_list_noxattr_fs" lineno="1522">
 <summary>
 Read all noxattrfs directories.
 </summary>
@@ -65406,7 +65447,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_noxattr_fs" lineno="1503">
+<interface name="fs_dontaudit_list_noxattr_fs" lineno="1541">
 <summary>
 Do not audit attempts to list all
 noxattrfs directories.
@@ -65417,7 +65458,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_noxattr_fs_dirs" lineno="1521">
+<interface name="fs_manage_noxattr_fs_dirs" lineno="1559">
 <summary>
 Create, read, write, and delete all noxattrfs directories.
 </summary>
@@ -65427,7 +65468,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_noxattr_fs_files" lineno="1539">
+<interface name="fs_read_noxattr_fs_files" lineno="1577">
 <summary>
 Read all noxattrfs files.
 </summary>
@@ -65437,7 +65478,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_noxattr_fs_files" lineno="1559">
+<interface name="fs_dontaudit_read_noxattr_fs_files" lineno="1597">
 <summary>
 Do not audit attempts to read all
 noxattrfs files.
@@ -65448,7 +65489,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1577">
+<interface name="fs_dontaudit_write_noxattr_fs_files" lineno="1615">
 <summary>
 Dont audit attempts to write to noxattrfs files.
 </summary>
@@ -65458,7 +65499,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_noxattr_fs_files" lineno="1595">
+<interface name="fs_manage_noxattr_fs_files" lineno="1633">
 <summary>
 Create, read, write, and delete all noxattrfs files.
 </summary>
@@ -65468,7 +65509,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_noxattr_fs_symlinks" lineno="1614">
+<interface name="fs_read_noxattr_fs_symlinks" lineno="1652">
 <summary>
 Read all noxattrfs symbolic links.
 </summary>
@@ -65478,7 +65519,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_noxattr_fs_symlinks" lineno="1633">
+<interface name="fs_manage_noxattr_fs_symlinks" lineno="1671">
 <summary>
 Manage all noxattrfs symbolic links.
 </summary>
@@ -65488,7 +65529,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabelfrom_noxattr_fs" lineno="1653">
+<interface name="fs_relabelfrom_noxattr_fs" lineno="1691">
 <summary>
 Relabel all objects from filesystems that
 do not support extended attributes.
@@ -65499,7 +65540,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_cifs_files" lineno="1679">
+<interface name="fs_dontaudit_read_cifs_files" lineno="1717">
 <summary>
 Do not audit attempts to read
 files on a CIFS or SMB filesystem.
@@ -65510,7 +65551,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_append_cifs_files" lineno="1699">
+<interface name="fs_append_cifs_files" lineno="1737">
 <summary>
 Append files
 on a CIFS filesystem.
@@ -65522,7 +65563,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_append_cifs_files" lineno="1719">
+<interface name="fs_dontaudit_append_cifs_files" lineno="1757">
 <summary>
 dontaudit Append files
 on a CIFS filesystem.
@@ -65534,7 +65575,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_rw_cifs_files" lineno="1738">
+<interface name="fs_dontaudit_rw_cifs_files" lineno="1776">
 <summary>
 Do not audit attempts to read or
 write files on a CIFS or SMB filesystem.
@@ -65545,7 +65586,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_cifs_symlinks" lineno="1756">
+<interface name="fs_read_cifs_symlinks" lineno="1794">
 <summary>
 Read symbolic links on a CIFS or SMB filesystem.
 </summary>
@@ -65555,7 +65596,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_cifs_named_pipes" lineno="1776">
+<interface name="fs_read_cifs_named_pipes" lineno="1814">
 <summary>
 Read named pipes
 on a CIFS or SMB network filesystem.
@@ -65566,7 +65607,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_cifs_named_sockets" lineno="1795">
+<interface name="fs_read_cifs_named_sockets" lineno="1833">
 <summary>
 Read named sockets
 on a CIFS or SMB network filesystem.
@@ -65577,7 +65618,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_exec_cifs_files" lineno="1816">
+<interface name="fs_exec_cifs_files" lineno="1854">
 <summary>
 Execute files on a CIFS or SMB
 network filesystem, in the caller
@@ -65590,7 +65631,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_cifs_dirs" lineno="1837">
+<interface name="fs_manage_cifs_dirs" lineno="1875">
 <summary>
 Create, read, write, and delete directories
 on a CIFS or SMB network filesystem.
@@ -65602,7 +65643,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1857">
+<interface name="fs_dontaudit_manage_cifs_dirs" lineno="1895">
 <summary>
 Do not audit attempts to create, read,
 write, and delete directories
@@ -65614,7 +65655,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cifs_files" lineno="1877">
+<interface name="fs_manage_cifs_files" lineno="1915">
 <summary>
 Create, read, write, and delete files
 on a CIFS or SMB network filesystem.
@@ -65626,7 +65667,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_cifs_files" lineno="1897">
+<interface name="fs_dontaudit_manage_cifs_files" lineno="1935">
 <summary>
 Do not audit attempts to create, read,
 write, and delete files
@@ -65638,7 +65679,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cifs_symlinks" lineno="1916">
+<interface name="fs_manage_cifs_symlinks" lineno="1954">
 <summary>
 Create, read, write, and delete symbolic links
 on a CIFS or SMB network filesystem.
@@ -65649,7 +65690,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cifs_named_pipes" lineno="1935">
+<interface name="fs_manage_cifs_named_pipes" lineno="1973">
 <summary>
 Create, read, write, and delete named pipes
 on a CIFS or SMB network filesystem.
@@ -65660,7 +65701,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_cifs_named_sockets" lineno="1954">
+<interface name="fs_manage_cifs_named_sockets" lineno="1992">
 <summary>
 Create, read, write, and delete named sockets
 on a CIFS or SMB network filesystem.
@@ -65671,7 +65712,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_cifs_domtrans" lineno="1997">
+<interface name="fs_cifs_domtrans" lineno="2035">
 <summary>
 Execute a file on a CIFS or SMB filesystem
 in the specified domain.
@@ -65706,7 +65747,7 @@ The type of the new process.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_configfs_dirs" lineno="2017">
+<interface name="fs_manage_configfs_dirs" lineno="2055">
 <summary>
 Create, read, write, and delete dirs
 on a configfs filesystem.
@@ -65717,7 +65758,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_configfs_files" lineno="2036">
+<interface name="fs_manage_configfs_files" lineno="2074">
 <summary>
 Create, read, write, and delete files
 on a configfs filesystem.
@@ -65728,7 +65769,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_dos_fs" lineno="2055">
+<interface name="fs_mount_dos_fs" lineno="2093">
 <summary>
 Mount a DOS filesystem, such as
 FAT32 or NTFS.
@@ -65739,7 +65780,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_dos_fs" lineno="2075">
+<interface name="fs_remount_dos_fs" lineno="2113">
 <summary>
 Remount a DOS filesystem, such as
 FAT32 or NTFS.  This allows
@@ -65751,7 +65792,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_dos_fs" lineno="2094">
+<interface name="fs_unmount_dos_fs" lineno="2132">
 <summary>
 Unmount a DOS filesystem, such as
 FAT32 or NTFS.
@@ -65762,7 +65803,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_dos_fs" lineno="2114">
+<interface name="fs_getattr_dos_fs" lineno="2152">
 <summary>
 Get the attributes of a DOS
 filesystem, such as FAT32 or NTFS.
@@ -65774,7 +65815,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_relabelfrom_dos_fs" lineno="2133">
+<interface name="fs_relabelfrom_dos_fs" lineno="2171">
 <summary>
 Allow changing of the label of a
 DOS filesystem using the context= mount option.
@@ -65785,7 +65826,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_dos_dirs" lineno="2151">
+<interface name="fs_getattr_dos_dirs" lineno="2189">
 <summary>
 Get attributes of directories on a dosfs filesystem.
 </summary>
@@ -65795,7 +65836,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_dos" lineno="2169">
+<interface name="fs_search_dos" lineno="2207">
 <summary>
 Search dosfs filesystem.
 </summary>
@@ -65805,7 +65846,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_dos" lineno="2187">
+<interface name="fs_list_dos" lineno="2225">
 <summary>
 List dirs DOS filesystem.
 </summary>
@@ -65815,7 +65856,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_dos_dirs" lineno="2206">
+<interface name="fs_manage_dos_dirs" lineno="2244">
 <summary>
 Create, read, write, and delete dirs
 on a DOS filesystem.
@@ -65826,7 +65867,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_dos_files" lineno="2224">
+<interface name="fs_read_dos_files" lineno="2262">
 <summary>
 Read files on a DOS filesystem.
 </summary>
@@ -65836,7 +65877,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mmap_read_dos_files" lineno="2242">
+<interface name="fs_mmap_read_dos_files" lineno="2280">
 <summary>
 Read and map files on a DOS filesystem.
 </summary>
@@ -65846,7 +65887,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_dos_files" lineno="2262">
+<interface name="fs_manage_dos_files" lineno="2300">
 <summary>
 Create, read, write, and delete files
 on a DOS filesystem.
@@ -65857,7 +65898,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_ecryptfs" lineno="2280">
+<interface name="fs_list_ecryptfs" lineno="2318">
 <summary>
 Read symbolic links on an eCryptfs filesystem.
 </summary>
@@ -65867,7 +65908,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_ecryptfs_dirs" lineno="2301">
+<interface name="fs_manage_ecryptfs_dirs" lineno="2339">
 <summary>
 Create, read, write, and delete directories
 on an eCryptfs filesystem.
@@ -65879,7 +65920,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_ecryptfs_files" lineno="2321">
+<interface name="fs_manage_ecryptfs_files" lineno="2359">
 <summary>
 Create, read, write, and delete files
 on an eCryptfs filesystem.
@@ -65891,7 +65932,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_ecryptfs_named_sockets" lineno="2340">
+<interface name="fs_manage_ecryptfs_named_sockets" lineno="2378">
 <summary>
 Create, read, write, and delete named sockets
 on an eCryptfs filesystem.
@@ -65902,7 +65943,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_efivarfs" lineno="2358">
+<interface name="fs_getattr_efivarfs" lineno="2396">
 <summary>
 Get the attributes of efivarfs filesystems.
 </summary>
@@ -65912,7 +65953,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_efivars" lineno="2376">
+<interface name="fs_list_efivars" lineno="2414">
 <summary>
 List dirs in efivarfs filesystem.
 </summary>
@@ -65922,7 +65963,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_efivarfs_files" lineno="2396">
+<interface name="fs_read_efivarfs_files" lineno="2434">
 <summary>
 Read files in efivarfs
 - contains Linux Kernel configuration options for UEFI systems
@@ -65934,7 +65975,19 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_efivarfs_files" lineno="2416">
+<interface name="fs_setattr_efivarfs_files" lineno="2454">
+<summary>
+Set the attributes of files in efivarfs
+- contains Linux Kernel configuration options for UEFI systems
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+<rolecap/>
+</interface>
+<interface name="fs_manage_efivarfs_files" lineno="2474">
 <summary>
 Create, read, write, and delete files
 on a efivarfs filesystem.
@@ -65946,7 +65999,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_fusefs" lineno="2434">
+<interface name="fs_getattr_fusefs" lineno="2492">
 <summary>
 stat a FUSE filesystem
 </summary>
@@ -65956,7 +66009,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_fusefs" lineno="2452">
+<interface name="fs_mount_fusefs" lineno="2510">
 <summary>
 Mount a FUSE filesystem.
 </summary>
@@ -65966,7 +66019,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_fusefs" lineno="2470">
+<interface name="fs_unmount_fusefs" lineno="2528">
 <summary>
 Unmount a FUSE filesystem.
 </summary>
@@ -65976,7 +66029,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_fusefs" lineno="2488">
+<interface name="fs_remount_fusefs" lineno="2546">
 <summary>
 Remount a FUSE filesystem.
 </summary>
@@ -65986,7 +66039,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mounton_fusefs" lineno="2506">
+<interface name="fs_mounton_fusefs" lineno="2564">
 <summary>
 Mounton a FUSEFS filesystem.
 </summary>
@@ -65996,7 +66049,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_fusefs_entry_type" lineno="2525">
+<interface name="fs_fusefs_entry_type" lineno="2583">
 <summary>
 Make FUSEFS files an entrypoint for the
 specified domain.
@@ -66007,7 +66060,7 @@ The domain for which fusefs_t is an entrypoint.
 </summary>
 </param>
 </interface>
-<interface name="fs_fusefs_domtrans" lineno="2558">
+<interface name="fs_fusefs_domtrans" lineno="2616">
 <summary>
 Execute FUSEFS files in a specified domain.
 </summary>
@@ -66032,7 +66085,7 @@ Domain to transition to.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_fusefs" lineno="2578">
+<interface name="fs_search_fusefs" lineno="2636">
 <summary>
 Search directories
 on a FUSEFS filesystem.
@@ -66044,7 +66097,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_list_fusefs" lineno="2598">
+<interface name="fs_list_fusefs" lineno="2656">
 <summary>
 List the contents of directories
 on a FUSEFS filesystem.
@@ -66056,7 +66109,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_list_fusefs" lineno="2617">
+<interface name="fs_dontaudit_list_fusefs" lineno="2675">
 <summary>
 Do not audit attempts to list the contents
 of directories on a FUSEFS filesystem.
@@ -66067,7 +66120,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_setattr_fusefs_dirs" lineno="2637">
+<interface name="fs_setattr_fusefs_dirs" lineno="2695">
 <summary>
 Set the attributes of directories
 on a FUSEFS filesystem.
@@ -66079,7 +66132,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_fusefs_dirs" lineno="2657">
+<interface name="fs_manage_fusefs_dirs" lineno="2715">
 <summary>
 Create, read, write, and delete directories
 on a FUSEFS filesystem.
@@ -66091,7 +66144,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="2677">
+<interface name="fs_dontaudit_manage_fusefs_dirs" lineno="2735">
 <summary>
 Do not audit attempts to create, read,
 write, and delete directories
@@ -66103,7 +66156,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_fusefs_files" lineno="2697">
+<interface name="fs_getattr_fusefs_files" lineno="2755">
 <summary>
 Get the attributes of files on a
 FUSEFS filesystem.
@@ -66115,7 +66168,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_read_fusefs_files" lineno="2716">
+<interface name="fs_read_fusefs_files" lineno="2774">
 <summary>
 Read, a FUSEFS filesystem.
 </summary>
@@ -66126,7 +66179,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_exec_fusefs_files" lineno="2735">
+<interface name="fs_exec_fusefs_files" lineno="2793">
 <summary>
 Execute files on a FUSEFS filesystem.
 </summary>
@@ -66137,7 +66190,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_setattr_fusefs_files" lineno="2755">
+<interface name="fs_setattr_fusefs_files" lineno="2813">
 <summary>
 Set the attributes of files on a
 FUSEFS filesystem.
@@ -66149,7 +66202,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_fusefs_files" lineno="2775">
+<interface name="fs_manage_fusefs_files" lineno="2833">
 <summary>
 Create, read, write, and delete files
 on a FUSEFS filesystem.
@@ -66161,7 +66214,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_fusefs_files" lineno="2795">
+<interface name="fs_dontaudit_manage_fusefs_files" lineno="2853">
 <summary>
 Do not audit attempts to create,
 read, write, and delete files
@@ -66173,7 +66226,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_fusefs_symlinks" lineno="2815">
+<interface name="fs_getattr_fusefs_symlinks" lineno="2873">
 <summary>
 Get the attributes of symlinks
 on a FUSEFS filesystem.
@@ -66185,7 +66238,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_read_fusefs_symlinks" lineno="2833">
+<interface name="fs_read_fusefs_symlinks" lineno="2891">
 <summary>
 Read symbolic links on a FUSEFS filesystem.
 </summary>
@@ -66195,7 +66248,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_setattr_fusefs_symlinks" lineno="2854">
+<interface name="fs_setattr_fusefs_symlinks" lineno="2912">
 <summary>
 Set the attributes of symlinks
 on a FUSEFS filesystem.
@@ -66207,7 +66260,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_fusefs_symlinks" lineno="2873">
+<interface name="fs_manage_fusefs_symlinks" lineno="2931">
 <summary>
 Manage symlinks on a FUSEFS filesystem.
 </summary>
@@ -66218,7 +66271,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_getattr_fusefs_fifo_files" lineno="2893">
+<interface name="fs_getattr_fusefs_fifo_files" lineno="2951">
 <summary>
 Get the attributes of named pipes
 on a FUSEFS filesystem.
@@ -66230,7 +66283,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_setattr_fusefs_fifo_files" lineno="2913">
+<interface name="fs_setattr_fusefs_fifo_files" lineno="2971">
 <summary>
 Set the attributes of named pipes
 on a FUSEFS filesystem.
@@ -66242,7 +66295,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_fusefs_fifo_files" lineno="2933">
+<interface name="fs_manage_fusefs_fifo_files" lineno="2991">
 <summary>
 Manage named pipes on a FUSEFS
 filesystem.
@@ -66254,7 +66307,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_getattr_fusefs_sock_files" lineno="2953">
+<interface name="fs_getattr_fusefs_sock_files" lineno="3011">
 <summary>
 Get the attributes of named sockets
 on a FUSEFS filesystem.
@@ -66266,7 +66319,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_setattr_fusefs_sock_files" lineno="2973">
+<interface name="fs_setattr_fusefs_sock_files" lineno="3031">
 <summary>
 Set the attributes of named sockets
 on a FUSEFS filesystem.
@@ -66278,7 +66331,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_fusefs_sock_files" lineno="2993">
+<interface name="fs_manage_fusefs_sock_files" lineno="3051">
 <summary>
 Manage named sockets on a FUSEFS
 filesystem.
@@ -66290,7 +66343,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_getattr_fusefs_chr_files" lineno="3013">
+<interface name="fs_getattr_fusefs_chr_files" lineno="3071">
 <summary>
 Get the attributes of character files
 on a FUSEFS filesystem.
@@ -66302,7 +66355,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_setattr_fusefs_chr_files" lineno="3033">
+<interface name="fs_setattr_fusefs_chr_files" lineno="3091">
 <summary>
 Set the attributes of character files
 on a FUSEFS filesystem.
@@ -66314,7 +66367,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_fusefs_chr_files" lineno="3053">
+<interface name="fs_manage_fusefs_chr_files" lineno="3111">
 <summary>
 Manage character files on a FUSEFS
 filesystem.
@@ -66326,7 +66379,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_getattr_hugetlbfs" lineno="3072">
+<interface name="fs_getattr_hugetlbfs" lineno="3130">
 <summary>
 Get the attributes of an hugetlbfs
 filesystem.
@@ -66337,7 +66390,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_hugetlbfs" lineno="3090">
+<interface name="fs_list_hugetlbfs" lineno="3148">
 <summary>
 List hugetlbfs.
 </summary>
@@ -66347,7 +66400,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_hugetlbfs_dirs" lineno="3108">
+<interface name="fs_manage_hugetlbfs_dirs" lineno="3166">
 <summary>
 Manage hugetlbfs dirs.
 </summary>
@@ -66357,7 +66410,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_inherited_hugetlbfs_files" lineno="3126">
+<interface name="fs_rw_inherited_hugetlbfs_files" lineno="3184">
 <summary>
 Read and write inherited hugetlbfs files.
 </summary>
@@ -66367,7 +66420,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_hugetlbfs_files" lineno="3144">
+<interface name="fs_rw_hugetlbfs_files" lineno="3202">
 <summary>
 Read and write hugetlbfs files.
 </summary>
@@ -66377,7 +66430,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mmap_rw_hugetlbfs_files" lineno="3162">
+<interface name="fs_mmap_rw_hugetlbfs_files" lineno="3220">
 <summary>
 Read, map and write hugetlbfs files.
 </summary>
@@ -66387,7 +66440,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_associate_hugetlbfs" lineno="3181">
+<interface name="fs_associate_hugetlbfs" lineno="3239">
 <summary>
 Allow the type to associate to hugetlbfs filesystems.
 </summary>
@@ -66397,7 +66450,7 @@ The type of the object to be associated.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_inotifyfs" lineno="3199">
+<interface name="fs_search_inotifyfs" lineno="3257">
 <summary>
 Search inotifyfs filesystem.
 </summary>
@@ -66407,7 +66460,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_inotifyfs" lineno="3217">
+<interface name="fs_list_inotifyfs" lineno="3275">
 <summary>
 List inotifyfs filesystem.
 </summary>
@@ -66417,7 +66470,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_inotifyfs" lineno="3235">
+<interface name="fs_dontaudit_list_inotifyfs" lineno="3293">
 <summary>
 Dontaudit List inotifyfs filesystem.
 </summary>
@@ -66427,7 +66480,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_hugetlbfs_filetrans" lineno="3269">
+<interface name="fs_hugetlbfs_filetrans" lineno="3327">
 <summary>
 Create an object in a hugetlbfs filesystem, with a private
 type using a type transition.
@@ -66453,7 +66506,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_iso9660_fs" lineno="3289">
+<interface name="fs_mount_iso9660_fs" lineno="3347">
 <summary>
 Mount an iso9660 filesystem, which
 is usually used on CDs.
@@ -66464,7 +66517,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_iso9660_fs" lineno="3309">
+<interface name="fs_remount_iso9660_fs" lineno="3367">
 <summary>
 Remount an iso9660 filesystem, which
 is usually used on CDs.  This allows
@@ -66476,7 +66529,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabelfrom_iso9660_fs" lineno="3328">
+<interface name="fs_relabelfrom_iso9660_fs" lineno="3386">
 <summary>
 Allow changing of the label of a
 filesystem with iso9660 type
@@ -66487,7 +66540,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_iso9660_fs" lineno="3347">
+<interface name="fs_unmount_iso9660_fs" lineno="3405">
 <summary>
 Unmount an iso9660 filesystem, which
 is usually used on CDs.
@@ -66498,7 +66551,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_iso9660_fs" lineno="3367">
+<interface name="fs_getattr_iso9660_fs" lineno="3425">
 <summary>
 Get the attributes of an iso9660
 filesystem, which is usually used on CDs.
@@ -66510,7 +66563,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_getattr_iso9660_files" lineno="3386">
+<interface name="fs_getattr_iso9660_files" lineno="3444">
 <summary>
 Get the attributes of files on an iso9660
 filesystem, which is usually used on CDs.
@@ -66521,7 +66574,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_iso9660_files" lineno="3406">
+<interface name="fs_read_iso9660_files" lineno="3464">
 <summary>
 Read files on an iso9660 filesystem, which
 is usually used on CDs.
@@ -66532,7 +66585,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_nfs" lineno="3426">
+<interface name="fs_mount_nfs" lineno="3484">
 <summary>
 Mount a NFS filesystem.
 </summary>
@@ -66542,7 +66595,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_nfs" lineno="3445">
+<interface name="fs_remount_nfs" lineno="3503">
 <summary>
 Remount a NFS filesystem.  This allows
 some mount options to be changed.
@@ -66553,7 +66606,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_nfs" lineno="3463">
+<interface name="fs_unmount_nfs" lineno="3521">
 <summary>
 Unmount a NFS filesystem.
 </summary>
@@ -66563,7 +66616,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_nfs" lineno="3482">
+<interface name="fs_getattr_nfs" lineno="3540">
 <summary>
 Get the attributes of a NFS filesystem.
 </summary>
@@ -66574,7 +66627,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_search_nfs" lineno="3500">
+<interface name="fs_search_nfs" lineno="3558">
 <summary>
 Search directories on a NFS filesystem.
 </summary>
@@ -66584,7 +66637,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_nfs" lineno="3518">
+<interface name="fs_list_nfs" lineno="3576">
 <summary>
 List NFS filesystem.
 </summary>
@@ -66594,7 +66647,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_nfs" lineno="3537">
+<interface name="fs_dontaudit_list_nfs" lineno="3595">
 <summary>
 Do not audit attempts to list the contents
 of directories on a NFS filesystem.
@@ -66605,7 +66658,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_watch_nfs_dirs" lineno="3556">
+<interface name="fs_watch_nfs_dirs" lineno="3614">
 <summary>
 Add a watch on directories on an NFS
 filesystem.
@@ -66616,7 +66669,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mounton_nfs" lineno="3574">
+<interface name="fs_mounton_nfs" lineno="3632">
 <summary>
 Mounton a NFS filesystem.
 </summary>
@@ -66626,7 +66679,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_nfs_files" lineno="3593">
+<interface name="fs_read_nfs_files" lineno="3651">
 <summary>
 Read files on a NFS filesystem.
 </summary>
@@ -66637,7 +66690,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_read_nfs_files" lineno="3613">
+<interface name="fs_dontaudit_read_nfs_files" lineno="3671">
 <summary>
 Do not audit attempts to read
 files on a NFS filesystem.
@@ -66648,7 +66701,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_write_nfs_files" lineno="3631">
+<interface name="fs_write_nfs_files" lineno="3689">
 <summary>
 Read files on a NFS filesystem.
 </summary>
@@ -66658,7 +66711,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_exec_nfs_files" lineno="3651">
+<interface name="fs_exec_nfs_files" lineno="3709">
 <summary>
 Execute files on a NFS filesystem.
 </summary>
@@ -66669,7 +66722,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_append_nfs_files" lineno="3672">
+<interface name="fs_append_nfs_files" lineno="3730">
 <summary>
 Append files
 on a NFS filesystem.
@@ -66681,7 +66734,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_append_nfs_files" lineno="3692">
+<interface name="fs_dontaudit_append_nfs_files" lineno="3750">
 <summary>
 dontaudit Append files
 on a NFS filesystem.
@@ -66693,7 +66746,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_rw_nfs_files" lineno="3711">
+<interface name="fs_dontaudit_rw_nfs_files" lineno="3769">
 <summary>
 Do not audit attempts to read or
 write files on a NFS filesystem.
@@ -66704,7 +66757,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_watch_nfs_files" lineno="3729">
+<interface name="fs_watch_nfs_files" lineno="3787">
 <summary>
 Add a watch on files on an NFS filesystem.
 </summary>
@@ -66714,7 +66767,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_nfs_symlinks" lineno="3747">
+<interface name="fs_read_nfs_symlinks" lineno="3805">
 <summary>
 Read symbolic links on a NFS filesystem.
 </summary>
@@ -66724,7 +66777,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_nfs_symlinks" lineno="3766">
+<interface name="fs_dontaudit_read_nfs_symlinks" lineno="3824">
 <summary>
 Dontaudit read symbolic links on a NFS filesystem.
 </summary>
@@ -66734,7 +66787,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_nfs_named_sockets" lineno="3784">
+<interface name="fs_read_nfs_named_sockets" lineno="3842">
 <summary>
 Read named sockets on a NFS filesystem.
 </summary>
@@ -66744,7 +66797,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_nfs_named_pipes" lineno="3803">
+<interface name="fs_read_nfs_named_pipes" lineno="3861">
 <summary>
 Read named pipes on a NFS network filesystem.
 </summary>
@@ -66755,7 +66808,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_getattr_rpc_dirs" lineno="3822">
+<interface name="fs_getattr_rpc_dirs" lineno="3880">
 <summary>
 Get the attributes of directories of RPC
 file system pipes.
@@ -66766,7 +66819,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_rpc" lineno="3841">
+<interface name="fs_search_rpc" lineno="3899">
 <summary>
 Search directories of RPC file system pipes.
 </summary>
@@ -66776,7 +66829,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_removable" lineno="3859">
+<interface name="fs_search_removable" lineno="3917">
 <summary>
 Search removable storage directories.
 </summary>
@@ -66786,7 +66839,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_removable" lineno="3877">
+<interface name="fs_dontaudit_list_removable" lineno="3935">
 <summary>
 Do not audit attempts to list removable storage directories.
 </summary>
@@ -66796,7 +66849,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_removable_files" lineno="3895">
+<interface name="fs_read_removable_files" lineno="3953">
 <summary>
 Read removable storage files.
 </summary>
@@ -66806,7 +66859,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_removable_files" lineno="3913">
+<interface name="fs_dontaudit_read_removable_files" lineno="3971">
 <summary>
 Do not audit attempts to read removable storage files.
 </summary>
@@ -66816,7 +66869,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_write_removable_files" lineno="3931">
+<interface name="fs_dontaudit_write_removable_files" lineno="3989">
 <summary>
 Do not audit attempts to write removable storage files.
 </summary>
@@ -66826,7 +66879,7 @@ Domain not to audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_removable_symlinks" lineno="3949">
+<interface name="fs_read_removable_symlinks" lineno="4007">
 <summary>
 Read removable storage symbolic links.
 </summary>
@@ -66836,7 +66889,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_removable_blk_files" lineno="3967">
+<interface name="fs_read_removable_blk_files" lineno="4025">
 <summary>
 Read block nodes on removable filesystems.
 </summary>
@@ -66846,7 +66899,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_removable_blk_files" lineno="3986">
+<interface name="fs_rw_removable_blk_files" lineno="4044">
 <summary>
 Read and write block nodes on removable filesystems.
 </summary>
@@ -66856,7 +66909,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_rpc" lineno="4005">
+<interface name="fs_list_rpc" lineno="4063">
 <summary>
 Read directories of RPC file system pipes.
 </summary>
@@ -66866,7 +66919,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_rpc_files" lineno="4023">
+<interface name="fs_read_rpc_files" lineno="4081">
 <summary>
 Read files of RPC file system pipes.
 </summary>
@@ -66876,7 +66929,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_rpc_symlinks" lineno="4041">
+<interface name="fs_read_rpc_symlinks" lineno="4099">
 <summary>
 Read symbolic links of RPC file system pipes.
 </summary>
@@ -66886,7 +66939,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_rpc_sockets" lineno="4059">
+<interface name="fs_read_rpc_sockets" lineno="4117">
 <summary>
 Read sockets of RPC file system pipes.
 </summary>
@@ -66896,7 +66949,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_rpc_sockets" lineno="4077">
+<interface name="fs_rw_rpc_sockets" lineno="4135">
 <summary>
 Read and write sockets of RPC file system pipes.
 </summary>
@@ -66906,7 +66959,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_nfs_dirs" lineno="4097">
+<interface name="fs_manage_nfs_dirs" lineno="4155">
 <summary>
 Create, read, write, and delete directories
 on a NFS filesystem.
@@ -66918,7 +66971,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_nfs_dirs" lineno="4117">
+<interface name="fs_dontaudit_manage_nfs_dirs" lineno="4175">
 <summary>
 Do not audit attempts to create, read,
 write, and delete directories
@@ -66930,7 +66983,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_nfs_files" lineno="4137">
+<interface name="fs_manage_nfs_files" lineno="4195">
 <summary>
 Create, read, write, and delete files
 on a NFS filesystem.
@@ -66942,7 +66995,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_nfs_files" lineno="4157">
+<interface name="fs_dontaudit_manage_nfs_files" lineno="4215">
 <summary>
 Do not audit attempts to create,
 read, write, and delete files
@@ -66954,7 +67007,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_nfs_symlinks" lineno="4177">
+<interface name="fs_manage_nfs_symlinks" lineno="4235">
 <summary>
 Create, read, write, and delete symbolic links
 on a NFS network filesystem.
@@ -66966,7 +67019,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_manage_nfs_named_pipes" lineno="4196">
+<interface name="fs_manage_nfs_named_pipes" lineno="4254">
 <summary>
 Create, read, write, and delete named pipes
 on a NFS filesystem.
@@ -66977,7 +67030,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_nfs_named_sockets" lineno="4215">
+<interface name="fs_manage_nfs_named_sockets" lineno="4273">
 <summary>
 Create, read, write, and delete named sockets
 on a NFS filesystem.
@@ -66988,7 +67041,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_nfs_domtrans" lineno="4258">
+<interface name="fs_nfs_domtrans" lineno="4316">
 <summary>
 Execute a file on a NFS filesystem
 in the specified domain.
@@ -67023,7 +67076,7 @@ The type of the new process.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_nfsd_fs" lineno="4277">
+<interface name="fs_mount_nfsd_fs" lineno="4335">
 <summary>
 Mount a NFS server pseudo filesystem.
 </summary>
@@ -67033,7 +67086,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_nfsd_fs" lineno="4296">
+<interface name="fs_remount_nfsd_fs" lineno="4354">
 <summary>
 Mount a NFS server pseudo filesystem.
 This allows some mount options to be changed.
@@ -67044,7 +67097,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_nfsd_fs" lineno="4314">
+<interface name="fs_unmount_nfsd_fs" lineno="4372">
 <summary>
 Unmount a NFS server pseudo filesystem.
 </summary>
@@ -67054,7 +67107,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_nfsd_fs" lineno="4333">
+<interface name="fs_getattr_nfsd_fs" lineno="4391">
 <summary>
 Get the attributes of a NFS server
 pseudo filesystem.
@@ -67065,7 +67118,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_nfsd_fs" lineno="4351">
+<interface name="fs_search_nfsd_fs" lineno="4409">
 <summary>
 Search NFS server directories.
 </summary>
@@ -67075,7 +67128,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_nfsd_fs" lineno="4369">
+<interface name="fs_list_nfsd_fs" lineno="4427">
 <summary>
 List NFS server directories.
 </summary>
@@ -67085,7 +67138,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_watch_nfsd_dirs" lineno="4387">
+<interface name="fs_watch_nfsd_dirs" lineno="4445">
 <summary>
 Watch NFS server directories.
 </summary>
@@ -67095,7 +67148,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_nfsd_files" lineno="4405">
+<interface name="fs_getattr_nfsd_files" lineno="4463">
 <summary>
 Getattr files on an nfsd filesystem
 </summary>
@@ -67105,7 +67158,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_nfsd_fs" lineno="4423">
+<interface name="fs_rw_nfsd_fs" lineno="4481">
 <summary>
 Read and write NFS server files.
 </summary>
@@ -67115,7 +67168,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_nsfs_files" lineno="4441">
+<interface name="fs_getattr_nsfs_files" lineno="4499">
 <summary>
 Get the attributes of nsfs inodes (e.g. /proc/pid/ns/uts)
 </summary>
@@ -67125,7 +67178,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_nsfs_files" lineno="4459">
+<interface name="fs_read_nsfs_files" lineno="4517">
 <summary>
 Read nsfs inodes (e.g. /proc/pid/ns/uts)
 </summary>
@@ -67135,7 +67188,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_watch_nfsd_files" lineno="4477">
+<interface name="fs_watch_nfsd_files" lineno="4535">
 <summary>
 Watch NFS server files.
 </summary>
@@ -67145,7 +67198,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_nsfs" lineno="4495">
+<interface name="fs_getattr_nsfs" lineno="4553">
 <summary>
 Get the attributes of an nsfs filesystem.
 </summary>
@@ -67155,7 +67208,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_nsfs" lineno="4513">
+<interface name="fs_unmount_nsfs" lineno="4571">
 <summary>
 Unmount an nsfs filesystem.
 </summary>
@@ -67165,7 +67218,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_pstorefs" lineno="4531">
+<interface name="fs_getattr_pstorefs" lineno="4589">
 <summary>
 Get the attributes of a pstore filesystem.
 </summary>
@@ -67175,7 +67228,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_pstore_dirs" lineno="4550">
+<interface name="fs_getattr_pstore_dirs" lineno="4608">
 <summary>
 Get the attributes of directories
 of a pstore filesystem.
@@ -67186,7 +67239,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_create_pstore_dirs" lineno="4569">
+<interface name="fs_create_pstore_dirs" lineno="4627">
 <summary>
 Create pstore directories.
 </summary>
@@ -67196,7 +67249,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabel_pstore_dirs" lineno="4588">
+<interface name="fs_relabel_pstore_dirs" lineno="4646">
 <summary>
 Relabel to/from pstore_t directories.
 </summary>
@@ -67206,7 +67259,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_pstore_dirs" lineno="4607">
+<interface name="fs_list_pstore_dirs" lineno="4665">
 <summary>
 List the directories
 of a pstore filesystem.
@@ -67217,7 +67270,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_pstore_files" lineno="4626">
+<interface name="fs_read_pstore_files" lineno="4684">
 <summary>
 Read pstore_t files
 </summary>
@@ -67227,7 +67280,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_delete_pstore_files" lineno="4645">
+<interface name="fs_delete_pstore_files" lineno="4703">
 <summary>
 Delete the files
 of a pstore filesystem.
@@ -67238,7 +67291,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_associate_ramfs" lineno="4664">
+<interface name="fs_associate_ramfs" lineno="4722">
 <summary>
 Allow the type to associate to ramfs filesystems.
 </summary>
@@ -67248,7 +67301,7 @@ The type of the object to be associated.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_ramfs" lineno="4682">
+<interface name="fs_mount_ramfs" lineno="4740">
 <summary>
 Mount a RAM filesystem.
 </summary>
@@ -67258,7 +67311,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_ramfs" lineno="4701">
+<interface name="fs_remount_ramfs" lineno="4759">
 <summary>
 Remount a RAM filesystem.  This allows
 some mount options to be changed.
@@ -67269,7 +67322,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_ramfs" lineno="4719">
+<interface name="fs_unmount_ramfs" lineno="4777">
 <summary>
 Unmount a RAM filesystem.
 </summary>
@@ -67279,7 +67332,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_ramfs" lineno="4737">
+<interface name="fs_getattr_ramfs" lineno="4795">
 <summary>
 Get the attributes of a RAM filesystem.
 </summary>
@@ -67289,7 +67342,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_ramfs" lineno="4755">
+<interface name="fs_search_ramfs" lineno="4813">
 <summary>
 Search directories on a ramfs
 </summary>
@@ -67299,7 +67352,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_search_ramfs" lineno="4773">
+<interface name="fs_dontaudit_search_ramfs" lineno="4831">
 <summary>
 Dontaudit Search directories on a ramfs
 </summary>
@@ -67309,7 +67362,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_setattr_ramfs_dirs" lineno="4792">
+<interface name="fs_setattr_ramfs_dirs" lineno="4850">
 <summary>
 Set the attributes of directories on
 a ramfs.
@@ -67320,7 +67373,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_ramfs_dirs" lineno="4811">
+<interface name="fs_manage_ramfs_dirs" lineno="4869">
 <summary>
 Create, read, write, and delete
 directories on a ramfs.
@@ -67331,7 +67384,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_ramfs_files" lineno="4829">
+<interface name="fs_dontaudit_read_ramfs_files" lineno="4887">
 <summary>
 Dontaudit read on a ramfs files.
 </summary>
@@ -67341,7 +67394,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_read_ramfs_pipes" lineno="4847">
+<interface name="fs_dontaudit_read_ramfs_pipes" lineno="4905">
 <summary>
 Dontaudit read on a ramfs fifo_files.
 </summary>
@@ -67351,7 +67404,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_ramfs_files" lineno="4866">
+<interface name="fs_manage_ramfs_files" lineno="4924">
 <summary>
 Create, read, write, and delete
 files on a ramfs filesystem.
@@ -67362,7 +67415,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_write_ramfs_pipes" lineno="4884">
+<interface name="fs_write_ramfs_pipes" lineno="4942">
 <summary>
 Write to named pipe on a ramfs filesystem.
 </summary>
@@ -67372,7 +67425,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_write_ramfs_pipes" lineno="4903">
+<interface name="fs_dontaudit_write_ramfs_pipes" lineno="4961">
 <summary>
 Do not audit attempts to write to named
 pipes on a ramfs filesystem.
@@ -67383,7 +67436,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_ramfs_pipes" lineno="4921">
+<interface name="fs_rw_ramfs_pipes" lineno="4979">
 <summary>
 Read and write a named pipe on a ramfs filesystem.
 </summary>
@@ -67393,7 +67446,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_ramfs_pipes" lineno="4940">
+<interface name="fs_manage_ramfs_pipes" lineno="4998">
 <summary>
 Create, read, write, and delete
 named pipes on a ramfs filesystem.
@@ -67404,7 +67457,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_write_ramfs_sockets" lineno="4958">
+<interface name="fs_write_ramfs_sockets" lineno="5016">
 <summary>
 Write to named socket on a ramfs filesystem.
 </summary>
@@ -67414,7 +67467,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_ramfs_sockets" lineno="4977">
+<interface name="fs_manage_ramfs_sockets" lineno="5035">
 <summary>
 Create, read, write, and delete
 named sockets on a ramfs filesystem.
@@ -67425,7 +67478,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_romfs" lineno="4995">
+<interface name="fs_mount_romfs" lineno="5053">
 <summary>
 Mount a ROM filesystem.
 </summary>
@@ -67435,7 +67488,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_romfs" lineno="5014">
+<interface name="fs_remount_romfs" lineno="5072">
 <summary>
 Remount a ROM filesystem.  This allows
 some mount options to be changed.
@@ -67446,7 +67499,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_romfs" lineno="5032">
+<interface name="fs_unmount_romfs" lineno="5090">
 <summary>
 Unmount a ROM filesystem.
 </summary>
@@ -67456,7 +67509,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_romfs" lineno="5051">
+<interface name="fs_getattr_romfs" lineno="5109">
 <summary>
 Get the attributes of a ROM
 filesystem.
@@ -67467,7 +67520,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_rpc_pipefs" lineno="5069">
+<interface name="fs_mount_rpc_pipefs" lineno="5127">
 <summary>
 Mount a RPC pipe filesystem.
 </summary>
@@ -67477,7 +67530,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_rpc_pipefs" lineno="5088">
+<interface name="fs_remount_rpc_pipefs" lineno="5146">
 <summary>
 Remount a RPC pipe filesystem.  This
 allows some mount option to be changed.
@@ -67488,7 +67541,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_rpc_pipefs" lineno="5106">
+<interface name="fs_unmount_rpc_pipefs" lineno="5164">
 <summary>
 Unmount a RPC pipe filesystem.
 </summary>
@@ -67498,7 +67551,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_rpc_pipefs" lineno="5125">
+<interface name="fs_getattr_rpc_pipefs" lineno="5183">
 <summary>
 Get the attributes of a RPC pipe
 filesystem.
@@ -67509,7 +67562,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_rpc_named_pipes" lineno="5143">
+<interface name="fs_rw_rpc_named_pipes" lineno="5201">
 <summary>
 Read and write RPC pipe filesystem named pipes.
 </summary>
@@ -67519,7 +67572,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_watch_rpc_pipefs_dirs" lineno="5161">
+<interface name="fs_watch_rpc_pipefs_dirs" lineno="5219">
 <summary>
 Watch RPC pipe filesystem directories.
 </summary>
@@ -67529,7 +67582,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_tmpfs" lineno="5179">
+<interface name="fs_mount_tmpfs" lineno="5237">
 <summary>
 Mount a tmpfs filesystem.
 </summary>
@@ -67539,7 +67592,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_tmpfs" lineno="5197">
+<interface name="fs_remount_tmpfs" lineno="5255">
 <summary>
 Remount a tmpfs filesystem.
 </summary>
@@ -67549,7 +67602,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_tmpfs" lineno="5215">
+<interface name="fs_unmount_tmpfs" lineno="5273">
 <summary>
 Unmount a tmpfs filesystem.
 </summary>
@@ -67559,7 +67612,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_tmpfs" lineno="5233">
+<interface name="fs_dontaudit_getattr_tmpfs" lineno="5291">
 <summary>
 Do not audit getting the attributes of a tmpfs filesystem
 </summary>
@@ -67569,7 +67622,7 @@ Domain to not audit
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_tmpfs" lineno="5253">
+<interface name="fs_getattr_tmpfs" lineno="5311">
 <summary>
 Get the attributes of a tmpfs
 filesystem.
@@ -67581,7 +67634,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_associate_tmpfs" lineno="5271">
+<interface name="fs_associate_tmpfs" lineno="5329">
 <summary>
 Allow the type to associate to tmpfs filesystems.
 </summary>
@@ -67591,7 +67644,7 @@ The type of the object to be associated.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabelfrom_tmpfs" lineno="5289">
+<interface name="fs_relabelfrom_tmpfs" lineno="5347">
 <summary>
 Relabel from tmpfs filesystem.
 </summary>
@@ -67601,7 +67654,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_tmpfs_dirs" lineno="5307">
+<interface name="fs_getattr_tmpfs_dirs" lineno="5365">
 <summary>
 Get the attributes of tmpfs directories.
 </summary>
@@ -67611,7 +67664,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="5326">
+<interface name="fs_dontaudit_getattr_tmpfs_dirs" lineno="5384">
 <summary>
 Do not audit attempts to get the attributes
 of tmpfs directories.
@@ -67622,7 +67675,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_mounton_tmpfs" lineno="5344">
+<interface name="fs_mounton_tmpfs" lineno="5402">
 <summary>
 Mount on tmpfs directories.
 </summary>
@@ -67632,7 +67685,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mounton_tmpfs_files" lineno="5362">
+<interface name="fs_mounton_tmpfs_files" lineno="5420">
 <summary>
 Mount on tmpfs files.
 </summary>
@@ -67642,7 +67695,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_setattr_tmpfs_dirs" lineno="5380">
+<interface name="fs_setattr_tmpfs_dirs" lineno="5438">
 <summary>
 Set the attributes of tmpfs directories.
 </summary>
@@ -67652,7 +67705,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_tmpfs" lineno="5398">
+<interface name="fs_search_tmpfs" lineno="5456">
 <summary>
 Search tmpfs directories.
 </summary>
@@ -67662,7 +67715,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_tmpfs" lineno="5416">
+<interface name="fs_list_tmpfs" lineno="5474">
 <summary>
 List the contents of generic tmpfs directories.
 </summary>
@@ -67672,7 +67725,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_list_tmpfs" lineno="5435">
+<interface name="fs_dontaudit_list_tmpfs" lineno="5493">
 <summary>
 Do not audit attempts to list the
 contents of generic tmpfs directories.
@@ -67683,7 +67736,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_dirs" lineno="5454">
+<interface name="fs_manage_tmpfs_dirs" lineno="5512">
 <summary>
 Create, read, write, and delete
 tmpfs directories
@@ -67694,7 +67747,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_write_tmpfs_dirs" lineno="5473">
+<interface name="fs_dontaudit_write_tmpfs_dirs" lineno="5531">
 <summary>
 Do not audit attempts to write
 tmpfs directories
@@ -67705,7 +67758,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabelfrom_tmpfs_dirs" lineno="5491">
+<interface name="fs_relabelfrom_tmpfs_dirs" lineno="5549">
 <summary>
 Relabel from tmpfs_t dir
 </summary>
@@ -67715,7 +67768,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabel_tmpfs_dirs" lineno="5509">
+<interface name="fs_relabel_tmpfs_dirs" lineno="5567">
 <summary>
 Relabel directory on tmpfs filesystems.
 </summary>
@@ -67725,7 +67778,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_watch_tmpfs_dirs" lineno="5526">
+<interface name="fs_watch_tmpfs_dirs" lineno="5584">
 <summary>
 Watch directories on tmpfs filesystems.
 </summary>
@@ -67735,7 +67788,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_tmpfs_filetrans" lineno="5560">
+<interface name="fs_tmpfs_filetrans" lineno="5618">
 <summary>
 Create an object in a tmpfs filesystem, with a private
 type using a type transition.
@@ -67761,7 +67814,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="5580">
+<interface name="fs_dontaudit_getattr_tmpfs_files" lineno="5638">
 <summary>
 Do not audit attempts to getattr
 generic tmpfs files.
@@ -67772,7 +67825,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_rw_tmpfs_files" lineno="5599">
+<interface name="fs_dontaudit_rw_tmpfs_files" lineno="5657">
 <summary>
 Do not audit attempts to read or write
 generic tmpfs files.
@@ -67783,7 +67836,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_delete_tmpfs_symlinks" lineno="5617">
+<interface name="fs_delete_tmpfs_symlinks" lineno="5675">
 <summary>
 Delete tmpfs symbolic links.
 </summary>
@@ -67793,7 +67846,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_auto_mountpoints" lineno="5636">
+<interface name="fs_manage_auto_mountpoints" lineno="5694">
 <summary>
 Create, read, write, and delete
 auto moutpoints.
@@ -67804,7 +67857,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_tmpfs_files" lineno="5654">
+<interface name="fs_read_tmpfs_files" lineno="5712">
 <summary>
 Read generic tmpfs files.
 </summary>
@@ -67814,7 +67867,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_tmpfs_files" lineno="5672">
+<interface name="fs_rw_tmpfs_files" lineno="5730">
 <summary>
 Read and write generic tmpfs files.
 </summary>
@@ -67824,7 +67877,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabel_tmpfs_files" lineno="5690">
+<interface name="fs_relabel_tmpfs_files" lineno="5748">
 <summary>
 Relabel files on tmpfs filesystems.
 </summary>
@@ -67834,7 +67887,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_read_tmpfs_symlinks" lineno="5708">
+<interface name="fs_read_tmpfs_symlinks" lineno="5766">
 <summary>
 Read tmpfs link files.
 </summary>
@@ -67844,7 +67897,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabelfrom_tmpfs_sockets" lineno="5726">
+<interface name="fs_relabelfrom_tmpfs_sockets" lineno="5784">
 <summary>
 Relabelfrom socket files on tmpfs filesystems.
 </summary>
@@ -67854,7 +67907,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabelfrom_tmpfs_symlinks" lineno="5744">
+<interface name="fs_relabelfrom_tmpfs_symlinks" lineno="5802">
 <summary>
 Relabelfrom tmpfs link files.
 </summary>
@@ -67864,7 +67917,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_tmpfs_chr_files" lineno="5762">
+<interface name="fs_rw_tmpfs_chr_files" lineno="5820">
 <summary>
 Read and write character nodes on tmpfs filesystems.
 </summary>
@@ -67874,7 +67927,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="5781">
+<interface name="fs_dontaudit_use_tmpfs_chr_dev" lineno="5839">
 <summary>
 dontaudit Read and write character nodes on tmpfs filesystems.
 </summary>
@@ -67884,7 +67937,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabel_tmpfs_chr_files" lineno="5800">
+<interface name="fs_relabel_tmpfs_chr_files" lineno="5858">
 <summary>
 Relabel character nodes on tmpfs filesystems.
 </summary>
@@ -67894,7 +67947,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_rw_tmpfs_blk_files" lineno="5819">
+<interface name="fs_rw_tmpfs_blk_files" lineno="5877">
 <summary>
 Read and write block nodes on tmpfs filesystems.
 </summary>
@@ -67904,7 +67957,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabel_tmpfs_blk_files" lineno="5838">
+<interface name="fs_relabel_tmpfs_blk_files" lineno="5896">
 <summary>
 Relabel block nodes on tmpfs filesystems.
 </summary>
@@ -67914,7 +67967,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_relabel_tmpfs_fifo_files" lineno="5857">
+<interface name="fs_relabel_tmpfs_fifo_files" lineno="5915">
 <summary>
 Relabel named pipes on tmpfs filesystems.
 </summary>
@@ -67924,7 +67977,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_files" lineno="5877">
+<interface name="fs_manage_tmpfs_files" lineno="5935">
 <summary>
 Read and write, create and delete generic
 files on tmpfs filesystems.
@@ -67935,7 +67988,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_symlinks" lineno="5896">
+<interface name="fs_manage_tmpfs_symlinks" lineno="5954">
 <summary>
 Read and write, create and delete symbolic
 links on tmpfs filesystems.
@@ -67946,7 +67999,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_sockets" lineno="5915">
+<interface name="fs_manage_tmpfs_sockets" lineno="5973">
 <summary>
 Read and write, create and delete socket
 files on tmpfs filesystems.
@@ -67957,7 +68010,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_chr_files" lineno="5934">
+<interface name="fs_manage_tmpfs_chr_files" lineno="5992">
 <summary>
 Read and write, create and delete character
 nodes on tmpfs filesystems.
@@ -67968,7 +68021,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_tmpfs_blk_files" lineno="5953">
+<interface name="fs_manage_tmpfs_blk_files" lineno="6011">
 <summary>
 Read and write, create and delete block nodes
 on tmpfs filesystems.
@@ -67979,7 +68032,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_tracefs" lineno="5971">
+<interface name="fs_getattr_tracefs" lineno="6029">
 <summary>
 Get the attributes of a trace filesystem.
 </summary>
@@ -67989,7 +68042,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_tracefs_dirs" lineno="5989">
+<interface name="fs_getattr_tracefs_dirs" lineno="6047">
 <summary>
 Get attributes of dirs on tracefs filesystem.
 </summary>
@@ -67999,7 +68052,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_tracefs" lineno="6007">
+<interface name="fs_search_tracefs" lineno="6065">
 <summary>
 search directories on a tracefs filesystem
 </summary>
@@ -68009,7 +68062,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_tracefs_files" lineno="6026">
+<interface name="fs_getattr_tracefs_files" lineno="6084">
 <summary>
 Get the attributes of files
 on a trace filesystem.
@@ -68020,7 +68073,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_xenfs" lineno="6044">
+<interface name="fs_mount_xenfs" lineno="6102">
 <summary>
 Mount a XENFS filesystem.
 </summary>
@@ -68030,7 +68083,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_xenfs" lineno="6062">
+<interface name="fs_search_xenfs" lineno="6120">
 <summary>
 Search the XENFS filesystem.
 </summary>
@@ -68040,7 +68093,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_xenfs_dirs" lineno="6082">
+<interface name="fs_manage_xenfs_dirs" lineno="6140">
 <summary>
 Create, read, write, and delete directories
 on a XENFS filesystem.
@@ -68052,7 +68105,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="6102">
+<interface name="fs_dontaudit_manage_xenfs_dirs" lineno="6160">
 <summary>
 Do not audit attempts to create, read,
 write, and delete directories
@@ -68064,7 +68117,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_manage_xenfs_files" lineno="6122">
+<interface name="fs_manage_xenfs_files" lineno="6180">
 <summary>
 Create, read, write, and delete files
 on a XENFS filesystem.
@@ -68076,7 +68129,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_mmap_xenfs_files" lineno="6140">
+<interface name="fs_mmap_xenfs_files" lineno="6198">
 <summary>
 Map files a XENFS filesystem.
 </summary>
@@ -68086,7 +68139,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_manage_xenfs_files" lineno="6160">
+<interface name="fs_dontaudit_manage_xenfs_files" lineno="6218">
 <summary>
 Do not audit attempts to create,
 read, write, and delete files
@@ -68098,7 +68151,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_mount_all_fs" lineno="6178">
+<interface name="fs_mount_all_fs" lineno="6236">
 <summary>
 Mount all filesystems.
 </summary>
@@ -68108,7 +68161,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_remount_all_fs" lineno="6197">
+<interface name="fs_remount_all_fs" lineno="6255">
 <summary>
 Remount all filesystems.  This
 allows some mount options to be changed.
@@ -68119,7 +68172,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unmount_all_fs" lineno="6215">
+<interface name="fs_unmount_all_fs" lineno="6273">
 <summary>
 Unmount all filesystems.
 </summary>
@@ -68129,7 +68182,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_fs" lineno="6247">
+<interface name="fs_getattr_all_fs" lineno="6305">
 <summary>
 Get the attributes of all filesystems.
 </summary>
@@ -68153,7 +68206,7 @@ Domain allowed access.
 <infoflow type="read" weight="5"/>
 <rolecap/>
 </interface>
-<interface name="fs_dontaudit_getattr_all_fs" lineno="6267">
+<interface name="fs_dontaudit_getattr_all_fs" lineno="6325">
 <summary>
 Do not audit attempts to get the attributes
 all filesystems.
@@ -68164,7 +68217,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_get_all_fs_quotas" lineno="6286">
+<interface name="fs_get_all_fs_quotas" lineno="6344">
 <summary>
 Get the quotas of all filesystems.
 </summary>
@@ -68175,7 +68228,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_set_all_quotas" lineno="6305">
+<interface name="fs_set_all_quotas" lineno="6363">
 <summary>
 Set the quotas of all filesystems.
 </summary>
@@ -68186,7 +68239,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="fs_relabelfrom_all_fs" lineno="6323">
+<interface name="fs_relabelfrom_all_fs" lineno="6381">
 <summary>
 Relabelfrom all filesystems.
 </summary>
@@ -68196,7 +68249,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_dirs" lineno="6342">
+<interface name="fs_getattr_all_dirs" lineno="6400">
 <summary>
 Get the attributes of all directories
 with a filesystem type.
@@ -68207,7 +68260,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_search_all" lineno="6360">
+<interface name="fs_search_all" lineno="6418">
 <summary>
 Search all directories with a filesystem type.
 </summary>
@@ -68217,7 +68270,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_list_all" lineno="6378">
+<interface name="fs_list_all" lineno="6436">
 <summary>
 List all directories with a filesystem type.
 </summary>
@@ -68227,7 +68280,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_files" lineno="6397">
+<interface name="fs_getattr_all_files" lineno="6455">
 <summary>
 Get the attributes of all files with
 a filesystem type.
@@ -68238,7 +68291,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_all_files" lineno="6416">
+<interface name="fs_dontaudit_getattr_all_files" lineno="6474">
 <summary>
 Do not audit attempts to get the attributes
 of all files with a filesystem type.
@@ -68249,7 +68302,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_symlinks" lineno="6435">
+<interface name="fs_getattr_all_symlinks" lineno="6493">
 <summary>
 Get the attributes of all symbolic links with
 a filesystem type.
@@ -68260,7 +68313,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_all_symlinks" lineno="6454">
+<interface name="fs_dontaudit_getattr_all_symlinks" lineno="6512">
 <summary>
 Do not audit attempts to get the attributes
 of all symbolic links with a filesystem type.
@@ -68271,7 +68324,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_pipes" lineno="6473">
+<interface name="fs_getattr_all_pipes" lineno="6531">
 <summary>
 Get the attributes of all named pipes with
 a filesystem type.
@@ -68282,7 +68335,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_all_pipes" lineno="6492">
+<interface name="fs_dontaudit_getattr_all_pipes" lineno="6550">
 <summary>
 Do not audit attempts to get the attributes
 of all named pipes with a filesystem type.
@@ -68293,7 +68346,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_sockets" lineno="6511">
+<interface name="fs_getattr_all_sockets" lineno="6569">
 <summary>
 Get the attributes of all named sockets with
 a filesystem type.
@@ -68304,7 +68357,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_dontaudit_getattr_all_sockets" lineno="6530">
+<interface name="fs_dontaudit_getattr_all_sockets" lineno="6588">
 <summary>
 Do not audit attempts to get the attributes
 of all named sockets with a filesystem type.
@@ -68315,7 +68368,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_blk_files" lineno="6549">
+<interface name="fs_getattr_all_blk_files" lineno="6607">
 <summary>
 Get the attributes of all block device nodes with
 a filesystem type.
@@ -68326,7 +68379,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_getattr_all_chr_files" lineno="6568">
+<interface name="fs_getattr_all_chr_files" lineno="6626">
 <summary>
 Get the attributes of all character device nodes with
 a filesystem type.
@@ -68337,7 +68390,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="fs_unconfined" lineno="6586">
+<interface name="fs_unconfined" lineno="6644">
 <summary>
 Unconfined access to filesystems
 </summary>
@@ -71360,7 +71413,18 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="selinux_dontaudit_getattr_dir" lineno="214">
+<interface name="selinux_getattr_dirs" lineno="214">
+<summary>
+Get the attributes of the selinuxfs
+directory.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="selinux_dontaudit_getattr_dir" lineno="233">
 <summary>
 Do not audit attempts to get the
 attributes of the selinuxfs directory.
@@ -71371,7 +71435,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="selinux_search_fs" lineno="232">
+<interface name="selinux_search_fs" lineno="251">
 <summary>
 Search selinuxfs.
 </summary>
@@ -71381,7 +71445,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_dontaudit_search_fs" lineno="251">
+<interface name="selinux_dontaudit_search_fs" lineno="270">
 <summary>
 Do not audit attempts to search selinuxfs.
 </summary>
@@ -71391,7 +71455,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="selinux_dontaudit_read_fs" lineno="270">
+<interface name="selinux_dontaudit_read_fs" lineno="289">
 <summary>
 Do not audit attempts to read
 generic selinuxfs entries
@@ -71402,7 +71466,17 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="selinux_get_enforce_mode" lineno="291">
+<interface name="selinux_mounton_dirs" lineno="308">
+<summary>
+Mount on the selinuxfs directory.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="selinux_get_enforce_mode" lineno="328">
 <summary>
 Allows the caller to get the mode of policy enforcement
 (enforcing or permissive mode).
@@ -71414,7 +71488,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_set_enforce_mode" lineno="323">
+<interface name="selinux_set_enforce_mode" lineno="360">
 <summary>
 Allow caller to set the mode of policy enforcement
 (enforcing or permissive mode).
@@ -71436,7 +71510,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_load_policy" lineno="341">
+<interface name="selinux_load_policy" lineno="378">
 <summary>
 Allow caller to load the policy into the kernel.
 </summary>
@@ -71446,7 +71520,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_read_policy" lineno="359">
+<interface name="selinux_read_policy" lineno="396">
 <summary>
 Allow caller to read the policy from the kernel.
 </summary>
@@ -71456,7 +71530,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_set_generic_booleans" lineno="392">
+<interface name="selinux_set_generic_booleans" lineno="429">
 <summary>
 Allow caller to set the state of generic Booleans to
 enable or disable conditional portions of the policy.
@@ -71478,7 +71552,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_set_all_booleans" lineno="434">
+<interface name="selinux_set_all_booleans" lineno="471">
 <summary>
 Allow caller to set the state of all Booleans to
 enable or disable conditional portions of the policy.
@@ -71500,7 +71574,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_get_all_booleans" lineno="476">
+<interface name="selinux_get_all_booleans" lineno="513">
 <summary>
 Allow caller to get the state of all Booleans to
 view conditional portions of the policy.
@@ -71512,7 +71586,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_set_parameters" lineno="510">
+<interface name="selinux_set_parameters" lineno="547">
 <summary>
 Allow caller to set SELinux access vector cache parameters.
 </summary>
@@ -71534,7 +71608,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_validate_context" lineno="529">
+<interface name="selinux_validate_context" lineno="566">
 <summary>
 Allows caller to validate security contexts.
 </summary>
@@ -71545,7 +71619,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_dontaudit_validate_context" lineno="551">
+<interface name="selinux_dontaudit_validate_context" lineno="588">
 <summary>
 Do not audit attempts to validate security contexts.
 </summary>
@@ -71556,7 +71630,7 @@ Domain to not audit.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_compute_access_vector" lineno="572">
+<interface name="selinux_compute_access_vector" lineno="609">
 <summary>
 Allows caller to compute an access vector.
 </summary>
@@ -71567,7 +71641,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_compute_create_context" lineno="595">
+<interface name="selinux_compute_create_context" lineno="632">
 <summary>
 Calculate the default type for object creation.
 </summary>
@@ -71578,7 +71652,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_compute_member" lineno="617">
+<interface name="selinux_compute_member" lineno="654">
 <summary>
 Allows caller to compute polyinstatntiated
 directory members.
@@ -71589,7 +71663,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_compute_relabel_context" lineno="647">
+<interface name="selinux_compute_relabel_context" lineno="684">
 <summary>
 Calculate the context for relabeling objects.
 </summary>
@@ -71608,7 +71682,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_compute_user_contexts" lineno="668">
+<interface name="selinux_compute_user_contexts" lineno="705">
 <summary>
 Allows caller to compute possible contexts for a user.
 </summary>
@@ -71618,7 +71692,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="selinux_use_status_page" lineno="690">
+<interface name="selinux_use_status_page" lineno="727">
 <summary>
 Allows the caller to use the SELinux status page.
 </summary>
@@ -71629,7 +71703,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="selinux_unconfined" lineno="710">
+<interface name="selinux_unconfined" lineno="747">
 <summary>
 Unconfined access to the SELinux kernel security server.
 </summary>
@@ -77965,7 +78039,18 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_read_config" lineno="1087">
+<interface name="container_search_config" lineno="1087">
+<summary>
+Allow the specified domain to
+search container config directories.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="container_read_config" lineno="1107">
 <summary>
 Allow the specified domain to
 read container config files.
@@ -77976,7 +78061,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_watch_config_dirs" lineno="1107">
+<interface name="container_watch_config_dirs" lineno="1127">
 <summary>
 Allow the specified domain to
 watch container config directories.
@@ -77987,7 +78072,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_create_config_files" lineno="1126">
+<interface name="container_create_config_files" lineno="1146">
 <summary>
 Allow the specified domain to
 create container config files.
@@ -77998,7 +78083,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_rw_config_files" lineno="1145">
+<interface name="container_rw_config_files" lineno="1165">
 <summary>
 Allow the specified domain to read
 and write container config files.
@@ -78009,7 +78094,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_config_files" lineno="1164">
+<interface name="container_manage_config_files" lineno="1184">
 <summary>
 Allow the specified domain to
 manage container config files.
@@ -78020,7 +78105,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_file_root_filetrans" lineno="1185">
+<interface name="container_file_root_filetrans" lineno="1205">
 <summary>
 Allow the specified domain to
 create container files in the
@@ -78033,7 +78118,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_dirs" lineno="1204">
+<interface name="container_manage_dirs" lineno="1224">
 <summary>
 Allow the specified domain to
 manage container file directories.
@@ -78044,7 +78129,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_watch_dirs" lineno="1223">
+<interface name="container_watch_dirs" lineno="1243">
 <summary>
 Allow the specified domain to
 watch container file directories.
@@ -78055,7 +78140,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_files" lineno="1242">
+<interface name="container_manage_files" lineno="1262">
 <summary>
 Allow the specified domain to
 manage container files.
@@ -78066,7 +78151,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_dontaudit_relabel_dirs" lineno="1261">
+<interface name="container_dontaudit_relabel_dirs" lineno="1281">
 <summary>
 Do not audit attempts to relabel
 container file directories.
@@ -78077,7 +78162,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="container_dontaudit_relabel_files" lineno="1280">
+<interface name="container_dontaudit_relabel_files" lineno="1300">
 <summary>
 Do not audit attempts to relabel
 container files.
@@ -78088,7 +78173,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_lnk_files" lineno="1299">
+<interface name="container_manage_lnk_files" lineno="1319">
 <summary>
 Allow the specified domain to
 manage container lnk files.
@@ -78099,7 +78184,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_rw_fifo_files" lineno="1318">
+<interface name="container_rw_fifo_files" lineno="1338">
 <summary>
 Allow the specified domain to
 read and write container fifo files.
@@ -78110,7 +78195,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_fifo_files" lineno="1337">
+<interface name="container_manage_fifo_files" lineno="1357">
 <summary>
 Allow the specified domain to
 manage container fifo files.
@@ -78121,7 +78206,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_sock_files" lineno="1356">
+<interface name="container_manage_sock_files" lineno="1376">
 <summary>
 Allow the specified domain to
 manage container sock files.
@@ -78132,7 +78217,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_rw_chr_files" lineno="1375">
+<interface name="container_rw_chr_files" lineno="1395">
 <summary>
 Allow the specified domain to read
 and write container chr files.
@@ -78143,7 +78228,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_dontaudit_rw_chr_files" lineno="1394">
+<interface name="container_dontaudit_rw_chr_files" lineno="1414">
 <summary>
 Do not audit attempts to read
 and write container chr files.
@@ -78154,7 +78239,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_chr_files" lineno="1413">
+<interface name="container_manage_chr_files" lineno="1433">
 <summary>
 Allow the specified domain to
 manage container chr files.
@@ -78165,7 +78250,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_spec_filetrans_file" lineno="1449">
+<interface name="container_spec_filetrans_file" lineno="1469">
 <summary>
 Allow the specified domain to create
 objects in specified directories with
@@ -78193,7 +78278,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="container_list_ro_dirs" lineno="1469">
+<interface name="container_list_ro_dirs" lineno="1489">
 <summary>
 Allow the specified domain to list
 the contents of read-only container
@@ -78205,7 +78290,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_home_config" lineno="1488">
+<interface name="container_manage_home_config" lineno="1508">
 <summary>
 Allow the specified domain to
 manage container config home content.
@@ -78216,7 +78301,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_config_home_filetrans" lineno="1520">
+<interface name="container_config_home_filetrans" lineno="1540">
 <summary>
 Allow the specified domain to create
 objects in an xdg_config directory
@@ -78239,7 +78324,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_home_data_files" lineno="1540">
+<interface name="container_manage_home_data_files" lineno="1560">
 <summary>
 Allow the specified domain to
 manage container data home files.
@@ -78250,7 +78335,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_home_data_fifo_files" lineno="1560">
+<interface name="container_manage_home_data_fifo_files" lineno="1580">
 <summary>
 Allow the specified domain to
 manage container data home named
@@ -78262,7 +78347,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_home_data_sock_files" lineno="1580">
+<interface name="container_manage_home_data_sock_files" lineno="1600">
 <summary>
 Allow the specified domain to
 manage container data home named
@@ -78274,7 +78359,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_admin_all_files" lineno="1598">
+<interface name="container_admin_all_files" lineno="1618">
 <summary>
 Administrate all container files.
 </summary>
@@ -78284,7 +78369,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_admin_all_ro_files" lineno="1618">
+<interface name="container_admin_all_ro_files" lineno="1638">
 <summary>
 Administrate all container read-only files.
 </summary>
@@ -78294,7 +78379,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_admin_all_user_runtime_content" lineno="1640">
+<interface name="container_admin_all_user_runtime_content" lineno="1660">
 <summary>
 All of the rules necessary for a user
 to manage user container runtime data
@@ -78306,7 +78391,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_all_home_content" lineno="1660">
+<interface name="container_manage_all_home_content" lineno="1680">
 <summary>
 All of the rules necessary for a user
 to manage container data in their home
@@ -78318,7 +78403,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_relabel_all_content" lineno="1704">
+<interface name="container_relabel_all_content" lineno="1724">
 <summary>
 Allow the specified domain to
 relabel container files and
@@ -78330,7 +78415,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_remount_fs" lineno="1723">
+<interface name="container_remount_fs" lineno="1743">
 <summary>
 Allow the specified domain to
 remount container filesystems.
@@ -78341,7 +78426,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_relabel_fs" lineno="1742">
+<interface name="container_relabel_fs" lineno="1762">
 <summary>
 Allow the specified domain to
 relabel container filesystems.
@@ -78352,7 +78437,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_getattr_fs" lineno="1762">
+<interface name="container_getattr_fs" lineno="1782">
 <summary>
 Allow the specified domain to
 get the attributes of container
@@ -78364,7 +78449,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_search_runtime" lineno="1781">
+<interface name="container_search_runtime" lineno="1801">
 <summary>
 Allow the specified domain to search
 runtime container directories.
@@ -78375,7 +78460,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_read_runtime_files" lineno="1801">
+<interface name="container_read_runtime_files" lineno="1821">
 <summary>
 Allow the specified domain to read
 runtime container files.
@@ -78386,7 +78471,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_getattr_runtime_sock_files" lineno="1822">
+<interface name="container_getattr_runtime_sock_files" lineno="1842">
 <summary>
 Allow the specified domain to get
 the attributes runtime container of
@@ -78398,7 +78483,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_runtime_files" lineno="1841">
+<interface name="container_manage_runtime_files" lineno="1861">
 <summary>
 Allow the specified domain to manage
 runtime container files.
@@ -78409,7 +78494,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_runtime_fifo_files" lineno="1860">
+<interface name="container_manage_runtime_fifo_files" lineno="1880">
 <summary>
 Allow the specified domain to manage
 runtime container named pipes.
@@ -78420,7 +78505,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_runtime_lnk_files" lineno="1879">
+<interface name="container_manage_runtime_lnk_files" lineno="1899">
 <summary>
 Allow the specified domain to manage
 runtime container symlinks.
@@ -78431,7 +78516,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_runtime_sock_files" lineno="1898">
+<interface name="container_manage_runtime_sock_files" lineno="1918">
 <summary>
 Allow the specified domain to manage
 runtime container named sockets.
@@ -78442,7 +78527,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_user_runtime_files" lineno="1917">
+<interface name="container_manage_user_runtime_files" lineno="1937">
 <summary>
 Allow the specified domain to manage
 user runtime container files.
@@ -78453,7 +78538,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_rw_user_runtime_sock_files" lineno="1936">
+<interface name="container_rw_user_runtime_sock_files" lineno="1956">
 <summary>
 Allow the specified domain to read and
 write user runtime container named sockets.
@@ -78464,7 +78549,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_search_var_lib" lineno="1955">
+<interface name="container_search_var_lib" lineno="1975">
 <summary>
 Allow the specified domain to search
 container directories in /var/lib.
@@ -78475,7 +78560,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_list_var_lib" lineno="1976">
+<interface name="container_list_var_lib" lineno="1996">
 <summary>
 Allow the specified domain to list
 the contents of container directories
@@ -78487,7 +78572,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_var_lib_dirs" lineno="1996">
+<interface name="container_manage_var_lib_dirs" lineno="2016">
 <summary>
 Allow the specified domain to manage
 container file directories in /var/lib.
@@ -78498,7 +78583,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_read_var_lib_files" lineno="2015">
+<interface name="container_read_var_lib_files" lineno="2035">
 <summary>
 Allow the specified domain to read
 container files in /var/lib.
@@ -78509,7 +78594,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_var_lib_files" lineno="2034">
+<interface name="container_manage_var_lib_files" lineno="2054">
 <summary>
 Allow the specified domain to manage
 container files in /var/lib.
@@ -78520,7 +78605,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_map_var_lib_files" lineno="2053">
+<interface name="container_map_var_lib_files" lineno="2073">
 <summary>
 Allow the specified domain to memory
 map container files in /var/lib.
@@ -78531,7 +78616,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_var_lib_fifo_files" lineno="2072">
+<interface name="container_manage_var_lib_fifo_files" lineno="2092">
 <summary>
 Allow the specified domain to manage
 container named pipes in /var/lib.
@@ -78542,7 +78627,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_var_lib_lnk_files" lineno="2091">
+<interface name="container_manage_var_lib_lnk_files" lineno="2111">
 <summary>
 Allow the specified domain to manage
 container symlinks in /var/lib.
@@ -78553,7 +78638,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_var_lib_sock_files" lineno="2110">
+<interface name="container_manage_var_lib_sock_files" lineno="2130">
 <summary>
 Allow the specified domain to manage
 container named sockets in /var/lib.
@@ -78564,7 +78649,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_var_lib_filetrans" lineno="2140">
+<interface name="container_var_lib_filetrans" lineno="2160">
 <summary>
 Allow the specified domain to create
 objects in /var/lib with an automatic
@@ -78586,7 +78671,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="container_var_lib_filetrans_file" lineno="2170">
+<interface name="container_var_lib_filetrans_file" lineno="2190">
 <summary>
 Allow the specified domain to create
 objects in /var/lib with an automatic
@@ -78608,7 +78693,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="container_filetrans_var_lib_file" lineno="2201">
+<interface name="container_filetrans_var_lib_file" lineno="2221">
 <summary>
 Allow the specified domain to create
 objects in container /var/lib directories
@@ -78631,7 +78716,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="container_unlabeled_var_lib_filetrans" lineno="2233">
+<interface name="container_unlabeled_var_lib_filetrans" lineno="2253">
 <summary>
 Allow the specified domain to create
 objects in unlabeled directories with
@@ -78654,7 +78739,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="container_search_logs" lineno="2254">
+<interface name="container_search_logs" lineno="2274">
 <summary>
 Allow the specified domain to search
 container log file directories.
@@ -78665,7 +78750,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_list_log_dirs" lineno="2274">
+<interface name="container_list_log_dirs" lineno="2294">
 <summary>
 Allow the specified domain to list
 the contents of container log directories.
@@ -78676,7 +78761,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_create_log_dirs" lineno="2293">
+<interface name="container_create_log_dirs" lineno="2313">
 <summary>
 Allow the specified domain to create
 container log file directories.
@@ -78687,7 +78772,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_log_dirs" lineno="2312">
+<interface name="container_manage_log_dirs" lineno="2332">
 <summary>
 Allow the specified domain to manage
 container log file directories.
@@ -78698,7 +78783,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_watch_log_dirs" lineno="2331">
+<interface name="container_watch_log_dirs" lineno="2351">
 <summary>
 Allow the specified domain to watch
 container log file directories.
@@ -78709,7 +78794,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_create_log_files" lineno="2350">
+<interface name="container_create_log_files" lineno="2370">
 <summary>
 Allow the specified domain to create
 container log files.
@@ -78720,7 +78805,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_append_log_files" lineno="2369">
+<interface name="container_append_log_files" lineno="2389">
 <summary>
 Allow the specified domain to append
 data to container log files.
@@ -78731,7 +78816,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_log_files" lineno="2388">
+<interface name="container_manage_log_files" lineno="2408">
 <summary>
 Allow the specified domain to manage
 container log files.
@@ -78742,7 +78827,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_watch_log_files" lineno="2407">
+<interface name="container_watch_log_files" lineno="2427">
 <summary>
 Allow the specified domain to watch
 container log files.
@@ -78753,7 +78838,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_log_filetrans" lineno="2438">
+<interface name="container_log_filetrans" lineno="2458">
 <summary>
 Allow the specified domain to create
 objects in log directories with an
@@ -78776,7 +78861,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="container_manage_log_symlinks" lineno="2458">
+<interface name="container_manage_log_symlinks" lineno="2478">
 <summary>
 Allow the specified domain to manage
 container log symlinks.
@@ -78787,7 +78872,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_start_units" lineno="2477">
+<interface name="container_start_units" lineno="2497">
 <summary>
 Allow the specified domain to start
 systemd units for containers.
@@ -78798,7 +78883,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="container_admin" lineno="2504">
+<interface name="container_admin" lineno="2524">
 <summary>
 All of the rules required to
 administrate a container
@@ -86526,7 +86611,17 @@ Domain prefix to be used.
 </summary>
 </param>
 </template>
-<interface name="munin_stream_connect" lineno="55">
+<interface name="munin_rw_tcp_sockets" lineno="54">
+<summary>
+Permit to read/write Munin TCP sockets
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="munin_stream_connect" lineno="72">
 <summary>
 Connect to munin over a unix domain
 stream socket.
@@ -86537,7 +86632,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="munin_read_config" lineno="75">
+<interface name="munin_read_config" lineno="92">
 <summary>
 Read munin configuration content.
 </summary>
@@ -86548,7 +86643,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="munin_append_log" lineno="97">
+<interface name="munin_append_log" lineno="114">
 <summary>
 Append munin log files.
 </summary>
@@ -86559,7 +86654,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="munin_search_lib" lineno="117">
+<interface name="munin_search_lib" lineno="134">
 <summary>
 Search munin library directories.
 </summary>
@@ -86569,7 +86664,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="munin_dontaudit_search_lib" lineno="137">
+<interface name="munin_dontaudit_search_lib" lineno="154">
 <summary>
 Do not audit attempts to search
 munin library directories.
@@ -86580,7 +86675,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="munin_admin" lineno="162">
+<interface name="munin_admin" lineno="179">
 <summary>
 All of the rules required to
 administrate an munin environment.
@@ -98074,7 +98169,19 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="zfs_rw_zpool_cache" lineno="117">
+<interface name="zfs_filetrans_zpool_cache" lineno="119">
+<summary>
+Create the zpool cache with an
+automatic transition to the zpool
+cache type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="zfs_rw_zpool_cache" lineno="137">
 <summary>
 Read and write zpool cache files.
 </summary>
@@ -98084,7 +98191,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="zfs_admin" lineno="143">
+<interface name="zfs_admin" lineno="163">
 <summary>
 All of the rules required to
 administrate a ZFS environment.
@@ -105537,7 +105644,18 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_dontaudit_rw_dhcpc_unix_stream_sockets" lineno="97">
+<interface name="sysnet_dontaudit_rw_dhcpc_dgram_sockets" lineno="97">
+<summary>
+Do not audit attempts to read/write to the
+dhcp unix datagram socket descriptors.
+</summary>
+<param name="domain">
+<summary>
+Domain to not audit.
+</summary>
+</param>
+</interface>
+<interface name="sysnet_dontaudit_rw_dhcpc_unix_stream_sockets" lineno="116">
 <summary>
 Do not audit attempts to read/write to the
 dhcp unix stream socket descriptors.
@@ -105548,7 +105666,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_sigchld_dhcpc" lineno="115">
+<interface name="sysnet_sigchld_dhcpc" lineno="134">
 <summary>
 Send a SIGCHLD signal to the dhcp client.
 </summary>
@@ -105558,7 +105676,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_kill_dhcpc" lineno="134">
+<interface name="sysnet_kill_dhcpc" lineno="153">
 <summary>
 Send a kill signal to the dhcp client.
 </summary>
@@ -105569,7 +105687,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_sigstop_dhcpc" lineno="152">
+<interface name="sysnet_sigstop_dhcpc" lineno="171">
 <summary>
 Send a SIGSTOP signal to the dhcp client.
 </summary>
@@ -105579,7 +105697,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_signull_dhcpc" lineno="170">
+<interface name="sysnet_signull_dhcpc" lineno="189">
 <summary>
 Send a null signal to the dhcp client.
 </summary>
@@ -105589,7 +105707,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_signal_dhcpc" lineno="189">
+<interface name="sysnet_signal_dhcpc" lineno="208">
 <summary>
 Send a generic signal to the dhcp client.
 </summary>
@@ -105600,7 +105718,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_dbus_chat_dhcpc" lineno="208">
+<interface name="sysnet_dbus_chat_dhcpc" lineno="227">
 <summary>
 Send and receive messages from
 dhcpc over dbus.
@@ -105611,7 +105729,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_rw_dhcp_config" lineno="228">
+<interface name="sysnet_rw_dhcp_config" lineno="247">
 <summary>
 Read and write dhcp configuration files.
 </summary>
@@ -105621,7 +105739,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_search_dhcpc_state" lineno="248">
+<interface name="sysnet_search_dhcpc_state" lineno="267">
 <summary>
 Search the DHCP client state
 directories.
@@ -105632,7 +105750,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_read_dhcpc_state" lineno="267">
+<interface name="sysnet_read_dhcpc_state" lineno="286">
 <summary>
 Read dhcp client state files.
 </summary>
@@ -105642,7 +105760,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_delete_dhcpc_state" lineno="285">
+<interface name="sysnet_delete_dhcpc_state" lineno="304">
 <summary>
 Delete the dhcp client state files.
 </summary>
@@ -105652,7 +105770,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_setattr_config" lineno="303">
+<interface name="sysnet_setattr_config" lineno="322">
 <summary>
 Set the attributes of network config files.
 </summary>
@@ -105662,7 +105780,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_read_config" lineno="343">
+<interface name="sysnet_read_config" lineno="362">
 <summary>
 Read network config files.
 </summary>
@@ -105693,7 +105811,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_mmap_config_files" lineno="386">
+<interface name="sysnet_mmap_config_files" lineno="405">
 <summary>
 Map network config files.
 </summary>
@@ -105709,7 +105827,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_mmap_read_config" lineno="411">
+<interface name="sysnet_mmap_read_config" lineno="430">
 <summary>
 map network config files.
 </summary>
@@ -105725,7 +105843,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_dontaudit_read_config" lineno="430">
+<interface name="sysnet_dontaudit_read_config" lineno="449">
 <summary>
 Do not audit attempts to read network config files.
 </summary>
@@ -105735,7 +105853,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_write_config" lineno="448">
+<interface name="sysnet_write_config" lineno="467">
 <summary>
 Write network config files.
 </summary>
@@ -105745,7 +105863,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_create_config" lineno="467">
+<interface name="sysnet_create_config" lineno="486">
 <summary>
 Create network config files.
 </summary>
@@ -105755,7 +105873,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_relabel_config" lineno="486">
+<interface name="sysnet_relabel_config" lineno="505">
 <summary>
 Relabel network config files.
 </summary>
@@ -105765,7 +105883,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_etc_filetrans_config" lineno="511">
+<interface name="sysnet_etc_filetrans_config" lineno="530">
 <summary>
 Create files in /etc with the type used for
 the network config files.
@@ -105781,7 +105899,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_manage_config" lineno="529">
+<interface name="sysnet_manage_config" lineno="548">
 <summary>
 Create, read, write, and delete network config files.
 </summary>
@@ -105791,7 +105909,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_read_dhcpc_runtime_files" lineno="561">
+<interface name="sysnet_read_dhcpc_runtime_files" lineno="580">
 <summary>
 Read dhcp client runtime files.
 </summary>
@@ -105801,7 +105919,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_delete_dhcpc_runtime_files" lineno="580">
+<interface name="sysnet_delete_dhcpc_runtime_files" lineno="599">
 <summary>
 Delete the dhcp client runtime files.
 </summary>
@@ -105811,7 +105929,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_manage_dhcpc_runtime_files" lineno="598">
+<interface name="sysnet_manage_dhcpc_runtime_files" lineno="617">
 <summary>
 Create, read, write, and delete dhcp client runtime files.
 </summary>
@@ -105821,7 +105939,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_domtrans_ifconfig" lineno="616">
+<interface name="sysnet_domtrans_ifconfig" lineno="635">
 <summary>
 Execute ifconfig in the ifconfig domain.
 </summary>
@@ -105831,7 +105949,7 @@ Domain allowed to transition.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_run_ifconfig" lineno="643">
+<interface name="sysnet_run_ifconfig" lineno="662">
 <summary>
 Execute ifconfig in the ifconfig domain, and
 allow the specified role the ifconfig domain,
@@ -105849,7 +105967,7 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_exec_ifconfig" lineno="663">
+<interface name="sysnet_exec_ifconfig" lineno="682">
 <summary>
 Execute ifconfig in the caller domain.
 </summary>
@@ -105859,7 +105977,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_signal_ifconfig" lineno="683">
+<interface name="sysnet_signal_ifconfig" lineno="702">
 <summary>
 Send a generic signal to ifconfig.
 </summary>
@@ -105870,7 +105988,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_signull_ifconfig" lineno="702">
+<interface name="sysnet_signull_ifconfig" lineno="721">
 <summary>
 Send null signals to ifconfig.
 </summary>
@@ -105881,7 +105999,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_create_netns_dirs" lineno="721">
+<interface name="sysnet_create_netns_dirs" lineno="740">
 <summary>
 Create the /run/netns directory with
 an automatic type transition.
@@ -105892,7 +106010,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_netns_filetrans" lineno="755">
+<interface name="sysnet_netns_filetrans" lineno="774">
 <summary>
 Create an object in the /run/netns
 directory with a private type.
@@ -105918,7 +106036,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_read_dhcp_config" lineno="776">
+<interface name="sysnet_read_dhcp_config" lineno="795">
 <summary>
 Read the DHCP configuration files.
 </summary>
@@ -105928,7 +106046,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_search_dhcp_state" lineno="796">
+<interface name="sysnet_search_dhcp_state" lineno="815">
 <summary>
 Search the DHCP state data directory.
 </summary>
@@ -105938,7 +106056,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_dhcp_state_filetrans" lineno="840">
+<interface name="sysnet_dhcp_state_filetrans" lineno="859">
 <summary>
 Create DHCP state data.
 </summary>
@@ -105973,7 +106091,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_dns_name_resolve" lineno="860">
+<interface name="sysnet_dns_name_resolve" lineno="879">
 <summary>
 Perform a DNS name resolution.
 </summary>
@@ -105984,7 +106102,7 @@ Domain allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="sysnet_use_ldap" lineno="911">
+<interface name="sysnet_use_ldap" lineno="930">
 <summary>
 Connect and use a LDAP server.
 </summary>
@@ -105994,7 +106112,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_use_portmap" lineno="938">
+<interface name="sysnet_use_portmap" lineno="957">
 <summary>
 Connect and use remote port mappers.
 </summary>
@@ -106004,7 +106122,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="sysnet_dhcpc_script_entry" lineno="972">
+<interface name="sysnet_dhcpc_script_entry" lineno="991">
 <summary>
 Make the specified program domain
 accessable from the DHCP hooks/scripts.
@@ -106728,7 +106846,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_manage_userdb_runtime_sock_files" lineno="1415">
+<interface name="systemd_manage_userdb_runtime_symlinks" lineno="1415">
+<summary>
+Manage symbolic links under /run/systemd/userdb.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_manage_userdb_runtime_sock_files" lineno="1433">
 <summary>
 Manage socket files under /run/systemd/userdb .
 </summary>
@@ -106738,7 +106866,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_stream_connect_userdb" lineno="1433">
+<interface name="systemd_stream_connect_userdb" lineno="1451">
 <summary>
 Connect to /run/systemd/userdb/io.systemd.DynamicUser .
 </summary>
@@ -106748,7 +106876,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_read_machines" lineno="1455">
+<interface name="systemd_read_machines" lineno="1473">
 <summary>
 Allow reading /run/systemd/machines
 </summary>
@@ -106758,7 +106886,7 @@ Domain that can access the machines files
 </summary>
 </param>
 </interface>
-<interface name="systemd_watch_machines_dirs" lineno="1474">
+<interface name="systemd_watch_machines_dirs" lineno="1492">
 <summary>
 Allow watching /run/systemd/machines
 </summary>
@@ -106768,7 +106896,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_connect_machined" lineno="1492">
+<interface name="systemd_connect_machined" lineno="1510">
 <summary>
 Allow connecting to /run/systemd/userdb/io.systemd.Machine socket
 </summary>
@@ -106778,7 +106906,7 @@ Domain that can access the socket
 </summary>
 </param>
 </interface>
-<interface name="systemd_dbus_chat_machined" lineno="1511">
+<interface name="systemd_dbus_chat_machined" lineno="1529">
 <summary>
 Send and receive messages from
 systemd machined over dbus.
@@ -106789,7 +106917,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_dbus_chat_hostnamed" lineno="1532">
+<interface name="systemd_dbus_chat_hostnamed" lineno="1550">
 <summary>
 Send and receive messages from
 systemd hostnamed over dbus.
@@ -106800,7 +106928,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_use_passwd_agent_fds" lineno="1552">
+<interface name="systemd_use_passwd_agent_fds" lineno="1570">
 <summary>
 allow systemd_passwd_agent to inherit fds
 </summary>
@@ -106810,7 +106938,7 @@ Domain that owns the fds
 </summary>
 </param>
 </interface>
-<interface name="systemd_run_passwd_agent" lineno="1575">
+<interface name="systemd_run_passwd_agent" lineno="1593">
 <summary>
 allow systemd_passwd_agent to be run by admin
 </summary>
@@ -106825,7 +106953,7 @@ role that it runs in
 </summary>
 </param>
 </interface>
-<interface name="systemd_use_passwd_agent" lineno="1596">
+<interface name="systemd_use_passwd_agent" lineno="1614">
 <summary>
 Allow a systemd_passwd_agent_t process to interact with a daemon
 that needs a password from the sysadmin.
@@ -106836,7 +106964,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_filetrans_passwd_runtime_dirs" lineno="1620">
+<interface name="systemd_filetrans_passwd_runtime_dirs" lineno="1638">
 <summary>
 Transition to systemd_passwd_runtime_t when creating dirs
 </summary>
@@ -106846,7 +106974,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_filetrans_userdb_runtime_dirs" lineno="1641">
+<interface name="systemd_filetrans_userdb_runtime_dirs" lineno="1659">
 <summary>
 Transition to systemd_userdbd_runtime_t when
 creating the userdb directory inside an init runtime
@@ -106858,7 +106986,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_manage_passwd_runtime_symlinks" lineno="1659">
+<interface name="systemd_manage_passwd_runtime_symlinks" lineno="1677">
 <summary>
 Allow to domain to create systemd-passwd symlink
 </summary>
@@ -106868,7 +106996,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_watch_passwd_runtime_dirs" lineno="1677">
+<interface name="systemd_watch_passwd_runtime_dirs" lineno="1695">
 <summary>
 Allow a domain to watch systemd-passwd runtime dirs.
 </summary>
@@ -106878,7 +107006,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_list_journal_dirs" lineno="1695">
+<interface name="systemd_list_journal_dirs" lineno="1713">
 <summary>
 Allow domain to list the contents of systemd_journal_t dirs
 </summary>
@@ -106888,7 +107016,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_read_journal_files" lineno="1713">
+<interface name="systemd_read_journal_files" lineno="1731">
 <summary>
 Allow domain to read systemd_journal_t files
 </summary>
@@ -106898,7 +107026,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_manage_journal_files" lineno="1732">
+<interface name="systemd_manage_journal_files" lineno="1750">
 <summary>
 Allow domain to create/manage systemd_journal_t files
 </summary>
@@ -106908,7 +107036,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_watch_journal_dirs" lineno="1752">
+<interface name="systemd_watch_journal_dirs" lineno="1770">
 <summary>
 Allow domain to add a watch on systemd_journal_t directories
 </summary>
@@ -106918,7 +107046,17 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_relabelto_journal_dirs" lineno="1770">
+<interface name="systemd_relabelfrom_journal_files" lineno="1788">
+<summary>
+Relabel from systemd-journald file type.
+</summary>
+<param name="domain">
+<summary>
+Domain allowed access.
+</summary>
+</param>
+</interface>
+<interface name="systemd_relabelto_journal_dirs" lineno="1806">
 <summary>
 Relabel to systemd-journald directory type.
 </summary>
@@ -106928,7 +107066,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_relabelto_journal_files" lineno="1789">
+<interface name="systemd_relabelto_journal_files" lineno="1825">
 <summary>
 Relabel to systemd-journald file type.
 </summary>
@@ -106938,7 +107076,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_read_networkd_units" lineno="1809">
+<interface name="systemd_read_networkd_units" lineno="1845">
 <summary>
 Allow domain to read systemd_networkd_t unit files
 </summary>
@@ -106948,7 +107086,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_manage_networkd_units" lineno="1829">
+<interface name="systemd_manage_networkd_units" lineno="1865">
 <summary>
 Allow domain to create/manage systemd_networkd_t unit files
 </summary>
@@ -106958,7 +107096,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_enabledisable_networkd" lineno="1849">
+<interface name="systemd_enabledisable_networkd" lineno="1885">
 <summary>
 Allow specified domain to enable systemd-networkd units
 </summary>
@@ -106968,7 +107106,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_startstop_networkd" lineno="1868">
+<interface name="systemd_startstop_networkd" lineno="1904">
 <summary>
 Allow specified domain to start systemd-networkd units
 </summary>
@@ -106978,7 +107116,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_dbus_chat_networkd" lineno="1888">
+<interface name="systemd_dbus_chat_networkd" lineno="1924">
 <summary>
 Send and receive messages from
 systemd networkd over dbus.
@@ -106989,7 +107127,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_status_networkd" lineno="1908">
+<interface name="systemd_status_networkd" lineno="1944">
 <summary>
 Allow specified domain to get status of systemd-networkd
 </summary>
@@ -106999,7 +107137,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_relabelfrom_networkd_tun_sockets" lineno="1927">
+<interface name="systemd_relabelfrom_networkd_tun_sockets" lineno="1963">
 <summary>
 Relabel systemd_networkd tun socket.
 </summary>
@@ -107009,7 +107147,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_rw_networkd_netlink_route_sockets" lineno="1945">
+<interface name="systemd_rw_networkd_netlink_route_sockets" lineno="1981">
 <summary>
 Read/Write from systemd_networkd netlink route socket.
 </summary>
@@ -107019,7 +107157,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_list_networkd_runtime" lineno="1963">
+<interface name="systemd_list_networkd_runtime" lineno="1999">
 <summary>
 Allow domain to list dirs under /run/systemd/netif
 </summary>
@@ -107029,7 +107167,7 @@ domain permitted the access
 </summary>
 </param>
 </interface>
-<interface name="systemd_watch_networkd_runtime_dirs" lineno="1982">
+<interface name="systemd_watch_networkd_runtime_dirs" lineno="2018">
 <summary>
 Watch directories under /run/systemd/netif
 </summary>
@@ -107039,7 +107177,7 @@ Domain permitted the access
 </summary>
 </param>
 </interface>
-<interface name="systemd_read_networkd_runtime" lineno="2001">
+<interface name="systemd_read_networkd_runtime" lineno="2037">
 <summary>
 Allow domain to read files generated by systemd_networkd
 </summary>
@@ -107049,7 +107187,7 @@ domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="systemd_read_logind_state" lineno="2020">
+<interface name="systemd_read_logind_state" lineno="2056">
 <summary>
 Allow systemd_logind_t to read process state for cgroup file
 </summary>
@@ -107059,7 +107197,7 @@ Domain systemd_logind_t may access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_create_logind_linger_dir" lineno="2041">
+<interface name="systemd_create_logind_linger_dir" lineno="2077">
 <summary>
 Allow the specified domain to create
 the systemd-logind linger directory with
@@ -107071,7 +107209,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_start_user_manager_units" lineno="2061">
+<interface name="systemd_start_user_manager_units" lineno="2097">
 <summary>
 Allow the specified domain to start systemd
 user manager units (systemd --user).
@@ -107082,7 +107220,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_stop_user_manager_units" lineno="2081">
+<interface name="systemd_stop_user_manager_units" lineno="2117">
 <summary>
 Allow the specified domain to stop systemd
 user manager units (systemd --user).
@@ -107093,7 +107231,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_reload_user_manager_units" lineno="2101">
+<interface name="systemd_reload_user_manager_units" lineno="2137">
 <summary>
 Allow the specified domain to reload systemd
 user manager units (systemd --user).
@@ -107104,7 +107242,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_get_user_manager_units_status" lineno="2121">
+<interface name="systemd_get_user_manager_units_status" lineno="2157">
 <summary>
 Get the status of systemd user manager
 units (systemd --user).
@@ -107115,7 +107253,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_start_power_units" lineno="2140">
+<interface name="systemd_start_power_units" lineno="2176">
 <summary>
 Allow specified domain to start power units
 </summary>
@@ -107125,7 +107263,7 @@ Domain to not audit.
 </summary>
 </param>
 </interface>
-<interface name="systemd_status_power_units" lineno="2159">
+<interface name="systemd_status_power_units" lineno="2195">
 <summary>
 Get the system status information about power units
 </summary>
@@ -107135,7 +107273,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_stream_connect_socket_proxyd" lineno="2178">
+<interface name="systemd_stream_connect_socket_proxyd" lineno="2214">
 <summary>
 Allows connections to the systemd-socket-proxyd's socket.
 </summary>
@@ -107145,7 +107283,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_tmpfiles_conf_file" lineno="2197">
+<interface name="systemd_tmpfiles_conf_file" lineno="2233">
 <summary>
 Make the specified type usable for
 systemd tmpfiles config files.
@@ -107156,7 +107294,7 @@ Type to be used for systemd tmpfiles config files.
 </summary>
 </param>
 </interface>
-<interface name="systemd_tmpfiles_creator" lineno="2218">
+<interface name="systemd_tmpfiles_creator" lineno="2254">
 <summary>
 Allow the specified domain to create
 the tmpfiles config directory with
@@ -107168,7 +107306,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_tmpfiles_conf_filetrans" lineno="2254">
+<interface name="systemd_tmpfiles_conf_filetrans" lineno="2290">
 <summary>
 Create an object in the systemd tmpfiles config
 directory, with a private type
@@ -107195,7 +107333,7 @@ The name of the object being created.
 </summary>
 </param>
 </interface>
-<interface name="systemd_list_tmpfiles_conf" lineno="2273">
+<interface name="systemd_list_tmpfiles_conf" lineno="2309">
 <summary>
 Allow domain to list systemd tmpfiles config directory
 </summary>
@@ -107205,7 +107343,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_relabelto_tmpfiles_conf_dirs" lineno="2291">
+<interface name="systemd_relabelto_tmpfiles_conf_dirs" lineno="2327">
 <summary>
 Allow domain to relabel to systemd tmpfiles config directory
 </summary>
@@ -107215,7 +107353,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_relabelto_tmpfiles_conf_files" lineno="2309">
+<interface name="systemd_relabelto_tmpfiles_conf_files" lineno="2345">
 <summary>
 Allow domain to relabel to systemd tmpfiles config files
 </summary>
@@ -107225,7 +107363,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_tmpfilesd_managed" lineno="2327">
+<interface name="systemd_tmpfilesd_managed" lineno="2363">
 <summary>
 Allow systemd_tmpfiles_t to manage filesystem objects
 </summary>
@@ -107235,7 +107373,7 @@ Type of object to manage
 </summary>
 </param>
 </interface>
-<interface name="systemd_stream_connect_resolved" lineno="2354">
+<interface name="systemd_stream_connect_resolved" lineno="2390">
 <summary>
 Connect to systemd resolved over
 /run/systemd/resolve/io.systemd.Resolve .
@@ -107246,7 +107384,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_dbus_chat_resolved" lineno="2375">
+<interface name="systemd_dbus_chat_resolved" lineno="2411">
 <summary>
 Send and receive messages from
 systemd resolved over dbus.
@@ -107257,7 +107395,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_read_resolved_runtime" lineno="2395">
+<interface name="systemd_read_resolved_runtime" lineno="2431">
 <summary>
 Allow domain to read resolv.conf file generated by systemd_resolved
 </summary>
@@ -107267,7 +107405,7 @@ domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="systemd_exec_systemctl" lineno="2417">
+<interface name="systemd_exec_systemctl" lineno="2453">
 <summary>
 Execute the systemctl program.
 </summary>
@@ -107277,7 +107415,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_getattr_updated_runtime" lineno="2448">
+<interface name="systemd_getattr_updated_runtime" lineno="2484">
 <summary>
 Allow domain to getattr on .updated file (generated by systemd-update-done
 </summary>
@@ -107287,7 +107425,7 @@ domain allowed access
 </summary>
 </param>
 </interface>
-<interface name="systemd_search_all_user_keys" lineno="2466">
+<interface name="systemd_search_all_user_keys" lineno="2502">
 <summary>
 Search keys for the all systemd --user domains.
 </summary>
@@ -107297,7 +107435,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_create_all_user_keys" lineno="2484">
+<interface name="systemd_create_all_user_keys" lineno="2520">
 <summary>
 Create keys for the all systemd --user domains.
 </summary>
@@ -107307,7 +107445,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_write_all_user_keys" lineno="2502">
+<interface name="systemd_write_all_user_keys" lineno="2538">
 <summary>
 Write keys for the all systemd --user domains.
 </summary>
@@ -107317,7 +107455,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_domtrans_sysusers" lineno="2521">
+<interface name="systemd_domtrans_sysusers" lineno="2557">
 <summary>
 Execute systemd-sysusers in the
 systemd sysusers domain.
@@ -107328,7 +107466,7 @@ Domain allowed access.
 </summary>
 </param>
 </interface>
-<interface name="systemd_run_sysusers" lineno="2546">
+<interface name="systemd_run_sysusers" lineno="2582">
 <summary>
 Run systemd-sysusers with a domain transition.
 </summary>
@@ -107344,7 +107482,7 @@ Role allowed access.
 </param>
 <rolecap/>
 </interface>
-<interface name="systemd_use_inherited_machined_ptys" lineno="2566">
+<interface name="systemd_use_inherited_machined_ptys" lineno="2602">
 <summary>
 receive and use a systemd_machined_devpts_t file handle
 </summary>