Re: MCS error

[Tracy Reed <treed@xxxxxxxxxxxxxxx>]

On Fri, Feb 20, 2015 at 05:38:55AM PST, Stephen Smalley spake thusly:
> Can you show the actual constraints on RHEL6?  seinfo --constrain
> output, or grab the .src.rpm and pull out the mcs file.

Here is the seinfo --constrain output from RHEL6. Thanks for having a look!

Constraints: 90
constrain { netlink_audit_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { tcp_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { tcp_socket } { node_bind  } 
(  h1 h2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

mlsconstrain { db_procedure } { drop getattr setattr relabelfrom execute install  } 
(  h1 h2  dom );

mlsconstrain { db_procedure } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  && );

constrain { dir } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { dir } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  &&  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

mlsconstrain { dir } { relabelfrom  } 
(  h1 h2  dom );

mlsconstrain { dir } { write setattr append unlink link rename add_name remove_name  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

mlsconstrain { dir } { ioctl read lock search  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

mlsconstrain { peer } { recv  } 
(  l1 l2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  &&  || );

constrain { blk_file } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { blk_file } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  &&  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

mlsconstrain { blk_file } { relabelfrom  } 
(  h1 h2  dom );

mlsconstrain { blk_file } { write setattr  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

mlsconstrain { blk_file } { ioctl read getattr  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

constrain { chr_file } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { chr_file } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  &&  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

mlsconstrain { chr_file } { relabelfrom  } 
(  h1 h2  dom );

mlsconstrain { chr_file } { write setattr  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

mlsconstrain { chr_file } { ioctl read getattr  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

mlsconstrain { db_table } { drop getattr setattr relabelfrom use select update insert delete lock  } 
(  h1 h2  dom );

mlsconstrain { db_table } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  && );

mlsconstrain { db_tuple } { relabelfrom use select update delete  } 
(  h1 h2  dom );

mlsconstrain { db_tuple } { relabelto insert  } 
(  h1 h2  dom  l2 h2  ==  && );

constrain { lnk_file } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { lnk_file } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  &&  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

mlsconstrain { lnk_file } { relabelfrom  } 
(  h1 h2  dom );

mlsconstrain { lnk_file } { write setattr  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

mlsconstrain { lnk_file } { ioctl read getattr  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

constrain { process } { dyntransition  } 
(  r1 r2 ==  t1 { xdm_t local_login_t firstboot_t oddjob_t crond_t rshd_t sshd_t virtd_t remote_login_t openshift_t rlogind_t sulogin_t } ==  t2 { nx_server_t openshift_app_t logadm_t sysadm_t webadm_t qemu_t ricci_t oddjob_mkhomedir_t ricci_modservice_t ricci_modstorage_t openshift_initrc_t ricci_modlog_t ricci_modrpm_t xguest_t guest_t rssh_t staff_t svirt_t user_t unconfined_t openshift_t ricci_modcluster_t } ==  &&  || );

constrain { process } { dyntransition  } 
(  u1 u2 ==  t1 { xdm_t local_login_t firstboot_t oddjob_t crond_t rshd_t sshd_t virtd_t remote_login_t openshift_t rlogind_t sulogin_t } ==  t2 { nx_server_t openshift_app_t logadm_t sysadm_t webadm_t qemu_t ricci_t oddjob_mkhomedir_t ricci_modservice_t ricci_modstorage_t openshift_initrc_t ricci_modlog_t ricci_modrpm_t xguest_t guest_t rssh_t staff_t svirt_t user_t unconfined_t openshift_t ricci_modcluster_t } ==  &&  || );

constrain { process } { transition noatsecure siginh rlimitinh  } 
(  r1 r2 ==  t1 { initrc_t rpm_t xdm_t newrole_t staff_sudo_t local_login_t oddjob_t crond_t rshd_t sshd_t remote_login_t rlogind_t sulogin_t sysadm_sudo_t } ==  t2 { nx_server_t openshift_app_t logadm_t sysadm_t webadm_t qemu_t ricci_t oddjob_mkhomedir_t ricci_modservice_t ricci_modstorage_t openshift_initrc_t ricci_modlog_t ricci_modrpm_t xguest_t guest_t rssh_t staff_t svirt_t user_t unconfined_t openshift_t ricci_modcluster_t } ==  &&  ||  t1 crond_t ==  t2 { unconfined_cronjob_t cronjob_t } ==  &&  ||  t1 { logrotate_t logadm_t sysadm_t webadm_t rpm_t run_init_t rpm_script_t semanage_t unconfined_t ncftool_t } ==  r2 system_r ==  &&  ||  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { process } { transition noatsecure siginh rlimitinh  } 
(  u1 u2 ==  t1 { xdm_t local_login_t firstboot_t oddjob_t crond_t rshd_t sshd_t virtd_t remote_login_t openshift_t rlogind_t sulogin_t } ==  t2 { nx_server_t openshift_app_t logadm_t sysadm_t webadm_t qemu_t ricci_t oddjob_mkhomedir_t ricci_modservice_t ricci_modstorage_t openshift_initrc_t ricci_modlog_t ricci_modrpm_t xguest_t guest_t rssh_t staff_t svirt_t user_t unconfined_t openshift_t ricci_modcluster_t } ==  &&  ||  t1 crond_t ==  t2 { unconfined_cronjob_t cronjob_t } ==  u2 system_u ==  ||  &&  ||  t1 { logrotate_t logadm_t sysadm_t webadm_t rpm_t run_init_t rpm_script_t semanage_t unconfined_t ncftool_t } ==  u2 system_u ==  &&  ||  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { process } { signal  } 
(  h1 h2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

mlsconstrain { process } { sigkill sigstop  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { process } { ptrace  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t consolekit_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t policykit_resolve_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { process } { transition dyntransition  } 
(  h1 h2  dom  t1 { initrc_t getty_t openshift_initrc_t kernel_t oddjob_t init_t virtd_t condor_startd_t } ==  || );

mlsconstrain { packet } { recv  } 
(  l1 l2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  &&  || );

constrain { socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { fifo_file } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { fifo_file } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  &&  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

mlsconstrain { fifo_file } { relabelfrom  } 
(  h1 h2  dom );

mlsconstrain { fifo_file } { open  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

constrain { file } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { file } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  &&  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

mlsconstrain { file } { relabelfrom  } 
(  h1 h2  dom );

mlsconstrain { file } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  && );

mlsconstrain { file } { write setattr append unlink link rename  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

mlsconstrain { file } { ioctl read lock execute execute_no_trans  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

mlsconstrain { node } { recvfrom sendto  } 
(  l1 l2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

mlsconstrain { db_view } { drop getattr setattr relabelfrom expand  } 
(  h1 h2  dom );

mlsconstrain { db_view } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  && );

constrain { netlink_nflog_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { netlink_tcpdiag_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { unix_stream_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { db_database } { drop getattr setattr relabelfrom access install_module load_module get_param set_param  } 
(  h1 h2  dom );

mlsconstrain { db_database } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  && );

mlsconstrain { db_language } { drop getattr setattr relabelfrom execute  } 
(  h1 h2  dom );

mlsconstrain { db_language } { drop getattr setattr relabelfrom execute  } 
(  h1 h2  dom );

mlsconstrain { db_language } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  && );

constrain { netlink_route_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { db_sequence } { drop getattr setattr relabelfrom get_value next_value set_value  } 
(  h1 h2  dom );

mlsconstrain { db_sequence } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  && );

constrain { netlink_selinux_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { netlink_ip6fw_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { netlink_firewall_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { sock_file } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { sock_file } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  &&  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

mlsconstrain { sock_file } { relabelfrom  } 
(  h1 h2  dom );

mlsconstrain { sock_file } { write setattr  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t clvmd_t crond_t ctdbd_t drbd_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

mlsconstrain { sock_file } { ioctl read getattr  } 
(  h1 h2  dom  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t virtd_lxc_t postfix_showq_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t ada_t fsadm_t kudzu_t lvm_t mdadm_t mono_t postfix_postdrop_t rpm_t wine_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t nova_volume_t nova_scheduler_t vmware_host_t haproxy_t prelink_t anaconda_t glance_api_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t postfix_master_t postfix_pickup_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t depmod_t insmod_t kernel_t livecd_t lldpad_t mongod_t puppet_t apmd_t bcfg2_t cgred_t clvmd_t crond_t ctdbd_t drbd_t hald_t inetd_t init_t iwhd_t l2tpd_t mount_t numad_t rhnsd_t slpd_t smsd_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t matahari_sysconfigd_t readahead_t svnserve_t zarafa_server_t nova_direct_t matahari_hostd_t semanage_t sge_shepherd_t unconfined_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t neutron_t ricci_modcluster_t sensord_t sge_job_t zarafa_ical_t useradd_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  ||  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  t2 { sosreport_t git_session_t cfengine_execd_t bootloader_t netutils_t qmail_tcp_env_t devicekit_power_t sandbox_x_client_t nova_api_t sblim_reposd_t dkim_milter_t virt_qemu_ga_unconfined_t admin_crontab_t consolekit_t nova_compute_t nova_console_t pam_console_t zarafa_gateway_t policykit_grant_t logrotate_t openvswitch_t update_modules_t ssh_keysign_t nova_network_t qmail_rspawn_t uml_switch_t qmail_inject_t qmail_lspawn_t dirsrvadmin_unconfined_script_t gnomeclock_t httpd_cvs_script_t sandbox_net_client_t munin_mail_plugin_t ldconfig_t loadkeys_t smoltclient_t prelude_lml_t nova_objectstore_t dmidecode_t modemmanager_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t httpd_rotatelogs_t afs_kaserver_t munin_disk_plugin_t keystone_t kdumpgui_t httpd_bugzilla_script_t postfix_bounce_t httpd_smokeping_cgi_script_t nx_server_t policykit_auth_t ssh_keygen_t piranha_pulse_t sysadm_su_t virtd_lxc_t hald_mac_t iptables_t cachefilesd_t courier_sqwebmail_t postfix_cleanup_t munin_services_plugin_t postfix_showq_t openshift_app_t hostname_t shorewall_t showmount_t telepathy_gabble_t abrt_handle_event_t postfix_virtual_t dovecot_deliver_t ifconfig_t condor_startd_ssh_t qmail_clean_t qmail_local_t qmail_smtpd_t qmail_start_t sandbox_xserver_t setfiles_mac_t telepathy_sofiasip_t amanda_t initrc_t locate_t logadm_t mcelog_t nagios_t varnishd_t setkey_t sysadm_t tvtime_t tzdata_t vmware_t webadm_t ada_t afs_t aiccu_t aide_t alsa_t amtu_t apm_t avahi_t boinc_t canna_t ccs_t cdcc_t crack_t cvs_t cyrus_t dccm_t dhcpc_t dmesg_t dspam_t exim_t fsadm_t games_t getty_t gpg_t gpm_t ipsec_t irc_t irssi_t java_t kudzu_t lvm_t mdadm_t mono_t mrtg_t ndc_t nrpe_t pads_t pam_t ping_t postfix_postdrop_t postfix_postqueue_t qemu_t quota_t rdisc_t ricci_t rpm_t rsync_t rwho_t spamc_t vpnc_t wine_t xdm_t xfs_t xm_t zebra_t setroubleshoot_fixit_t staff_dbusd_t postfix_pipe_t virt_qmf_t nova_vncproxy_t httpd_nagios_script_t unconfined_dbusd_t unconfined_mount_t afs_fsserver_t prelink_cron_system_t sge_execd_t sysadm_ssh_agent_t cachefiles_kernel_t httpd_dirsrvadmin_script_t git_system_t httpd_suexec_t abrt_helper_t abrt_retrace_coredump_t usernetctl_t certwatch_t updfstab_t deltacloudd_t user_dbusd_t firewallgui_t glance_registry_t utempter_t setsebool_t telepathy_idle_t telepathy_mission_control_t webalizer_t cpucontrol_t gconfdefaultsm_t matahari_serviced_t httpd_php_t openoffice_t denyhosts_t memcached_t xguest_openoffice_t dirsrv_snmp_t dirsrvadmin_t smbcontrol_t oracleasm_t netlabel_mgmt_t oddjob_mkhomedir_t cyphesis_t gnomesystemmm_t kerneloops_t nova_volume_t varnishlog_t httpd_w3c_validator_script_t user_openoffice_t httpd_user_script_t accountsd_t cgconfig_t user_java_t user_mono_t user_wine_t ipsec_mgmt_t run_init_t sendmail_t shutdown_t audisp_remote_t dovecot_auth_t nova_scheduler_t dlm_controld_t gfs_controld_t smbmount_t asterisk_t bitlbee_t sepgsql_trusted_proc_t vmware_host_t checkpc_t saslauthd_t awstats_t munin_selinux_plugin_t gitosis_t dnsmasq_t krb5kdc_t openshift_cgroup_read_t sysadm_seunshare_t haproxy_t hotplug_t gpg_pinentry_t hwclock_t newrole_t zos_remote_t dcc_client_t mozilla_t plymouth_t procmail_t sanlock_t setrans_t traceroute_t pegasus_t prelink_t prelude_t privoxy_t staff_java_t staff_mono_t staff_sudo_t staff_wine_t wpa_cli_t httpd_awstats_script_t munin_system_plugin_t qmail_send_t anaconda_t glance_api_t piranha_fos_t piranha_lvs_t sandbox_x_t httpd_apcupsd_cgi_script_t local_login_t hald_dccm_t mysqld_safe_t ricci_modservice_t games_srv_t ricci_modstorage_t samba_net_t afs_bosserver_t httpd_nutups_cgi_script_t hald_sonypic_t openhpid_t boinc_project_t condor_procd_t nagios_mail_plugin_t virt_qemu_ga_t condor_negotiator_t nova_ajax_t nova_cert_t amanda_recover_t chrome_sandbox_t zarafa_spooler_t httpd_munin_script_t telepathy_salut_t rpm_script_t sysadm_passwd_t sysadm_screen_t nsplugin_t xguest_execmem_t zarafa_deliver_t sblim_gatherd_t antivirus_t bluetooth_helper_t dcc_dbclean_t nut_upsd_t staff_execmem_t user_execmem_t podsleuth_t system_cronjob_t sge_job_ssh_t zarafa_monitor_t openshift_initrc_t chroot_user_t httpd_openshift_script_t qmail_remote_t zarafa_indexer_t policykit_t httpd_sys_script_t tmpreaper_t staff_consolehelper_t svc_multilog_t ricci_modclusterd_t logwatch_t mailman_cgi_t pulseaudio_t mailman_mail_t mysqlmanagerd_t samba_unconfined_net_t bluetooth_t mencoder_t httpd_dspam_script_t plymouthd_t smokeping_t cfengine_monitord_t ksmtuned_t unconfined_notrans_t httpd_prewikka_script_t ricci_modlog_t ricci_modrpm_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t setroubleshootd_t nsplugin_config_t chrome_sandbox_nacl_t nagios_checkdisk_plugin_t postfix_master_t postfix_pickup_t devicekit_disk_t regex_milter_t firstboot_t hald_acl_t telepathy_sunshine_t postfix_local_t postfix_smtpd_t zabbix_agent_t samba_unconfined_script_t httpd_git_script_t nagios_services_plugin_t nagios_eventhandler_plugin_t rhsmcertd_t virt_bridgehelper_t munin_unconfined_plugin_t openshift_cron_t unconfined_java_t unconfined_mono_t courier_tcpd_t httpd_unconfined_script_t openvpn_unconfined_script_t NetworkManager_t qmail_queue_t sandbox_web_client_t groupadd_t audisp_t auditd_t chkpwd_t comsat_t dbskkd_t dccifd_t depmod_t dirsrv_t fenced_t gconfd_t groupd_t insmod_t iscsid_t kernel_t kismet_t kpropd_t ktalkd_t livecd_t lldpad_t lsassd_t lwregd_t mongod_t mysqld_t oddjob_t openct_t svc_start_t fail2ban_t passwd_t puppet_t qdiskd_t racoon_t soundd_t telepathy_stream_engine_t updpwd_t xguest_t xm_ssh_t ypbind_t ypserv_t zabbix_t abrt_t acct_t apmd_t bcfg2_t brctl_t cgred_t chfn_t ciped_t clogd_t clvmd_t crond_t ctdbd_t cupsd_t dccd_t dhcpd_t dictd_t drbd_t ftpd_t gpsd_t gssd_t guest_t hald_t howl_t hplip_t httpd_t inetd_t init_t innd_t iwhd_t kdump_t klogd_t l2tpd_t lircd_t lpd_t lpr_t lwiod_t lwsmd_t mount_t mpd_t munin_t named_t nfsd_t nmbd_t nscd_t nslcd_t ntop_t ntpd_t numad_t pcscd_t pingd_t pppd_t pptp_t psad_t ptal_t qpidd_t radvd_t rhgb_t rhnsd_t rpcd_t rshd_t rssh_t slapd_t slpd_t smbd_t smsd_t snmpd_t snort_t spamd_t squid_t ssh_t sshd_t sssd_t staff_t svirt_t swat_t tcpd_t tftpd_t tgtd_t thin_t tor_t tuned_t udev_t ulogd_t uml_t user_t uucpd_t uuidd_t uux_t virtd_t wdmd_t xauth_t xend_t ypxfr_t eventlogd_t nagios_system_plugin_t postfix_qmgr_t postfix_smtp_t prelude_audisp_t courier_authdaemon_t afs_vlserver_t fsdaemon_t watchdog_t abrt_retrace_worker_t mozilla_plugin_config_t jabberd_router_t policykit_resolve_t winbind_helper_t load_policy_t nut_upsmon_t cupsd_config_t hald_keymap_t httpd_helper_t rtkit_daemon_t nagios_unconfined_plugin_t glusterd_t sandbox_min_t sandbox_net_t sandbox_web_t user_seunshare_t xguest_java_t xguest_mono_t logwatch_mail_t cupsd_lpd_t devicekit_t postfix_map_t remote_login_t inetd_child_t automount_t ethereal_t fetchmail_t netlogond_t puppetmaster_t tethereal_t system_mail_t httpd_squid_script_t restorecond_t xdm_dbusd_t gpg_helper_t staff_ssh_agent_t matahari_sysconfigd_t portreserve_t cpufreqselector_t readahead_t abrt_dump_oops_t quota_nld_t staff_screen_t system_dbusd_t entropyd_t rhev_agentd_t xenstored_t sandbox_min_client_t cpuspeed_t nagios_admin_plugin_t svnserve_t guest_dbusd_t qmail_splogger_t xguest_dbusd_t cups_pdf_t postgresql_t mozilla_plugin_t courier_pcp_t courier_pop_t zarafa_server_t nova_direct_t matahari_hostd_t publicfile_t usbmodules_t sambagui_t staff_seunshare_t nx_server_ssh_t certmaster_t certmonger_t setfiles_t user_mail_t cdrecord_t sectoolm_t semanage_t checkpolicy_t portmap_helper_t sge_shepherd_t cobblerd_t consoletype_t unconfined_t xenconsoled_t user_ssh_agent_t cmirrord_t cronjob_t crontab_t logrotate_mail_t matahari_netd_t matahari_rpcd_t passenger_t arpwatch_t cardmgr_t cgclear_t chronyd_t cluster_t apcupsd_t fcoemon_t fingerd_t foghorn_t gpg_web_t rhev_agentd_consolehelper_t fprintd_t ftpdctl_t httpd_cobbler_script_t dcerpcd_t dovecot_t evtchnd_t gpg_agent_t telepathy_msn_t auditctl_t openshift_t jabberd_t kadmind_t hddtemp_t spamass_milter_t iceauth_t icecast_t prelude_correlator_t ncftool_t neutron_t openvpn_t postgrey_t lockdev_t mplayer_t ricci_modcluster_t irqbalance_t radiusd_t rlogind_t roundup_t srvsvcd_t stunnel_t sulogin_t svc_run_t syslogd_t sysstat_t nut_upsdrvctl_t rpcbind_t sandbox_t sensord_t sge_job_t portmap_t yppasswdd_t ptchown_t vbetool_t vdagent_t vhostmd_t zarafa_ical_t winbind_t sysadm_sudo_t telnetd_t usbmuxd_t useradd_t afs_ptserver_t namespace_init_t httpd_mediawiki_script_t xserver_t condor_schedd_t condor_startd_t piranha_web_t user_screen_t condor_master_t greylist_milter_t calamaris_t staff_openoffice_t mailman_queue_t } ==  &&  || );

constrain { unix_dgram_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { netlink_kobject_uevent_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { db_blob } { drop getattr setattr relabelfrom read write import export  } 
(  h1 h2  dom );

mlsconstrain { db_blob } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  && );

constrain { netlink_xfrm_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { db_schema } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  && );

constrain { netlink_dnrt_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { netif } { ingress egress  } 
(  l1 l2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

constrain { packet_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { tun_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { udp_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { udp_socket } { node_bind  } 
(  h1 h2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

constrain { appletalk_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

constrain { rawip_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );

mlsconstrain { rawip_socket } { node_bind  } 
(  h1 h2  dom  t1 { openshift_app_t qemu_t sandbox_x_t svirt_t user_t sandbox_min_t sandbox_net_t sandbox_web_t openshift_t sandbox_t } !=  || );

mlsconstrain { db_column } { drop getattr setattr relabelfrom use select update insert  } 
(  h1 h2  dom );

mlsconstrain { db_column } { create relabelto  } 
(  h1 h2  dom  l2 h2  ==  && );

constrain { netlink_socket } { create relabelfrom relabelto  } 
(  u1 u2 ==  t1 { sosreport_t cfengine_execd_t bootloader_t devicekit_power_t nova_api_t sblim_reposd_t virt_qemu_ga_unconfined_t nova_compute_t nova_console_t zarafa_gateway_t logrotate_t openvswitch_t nova_network_t dirsrvadmin_unconfined_script_t ldconfig_t nova_objectstore_t certmonger_unconfined_t condor_collector_t unconfined_cronjob_t unconfined_sendmail_t keystone_t ssh_keygen_t sysadm_su_t virtd_lxc_t openshift_app_t abrt_handle_event_t condor_startd_ssh_t setfiles_mac_t initrc_t sysadm_t ada_t dhcpc_t fsadm_t kudzu_t lvm_t mdadm_t mono_t rpm_t wine_t xdm_t virt_qmf_t nova_vncproxy_t unconfined_dbusd_t unconfined_mount_t sge_execd_t cachefiles_kernel_t deltacloudd_t glance_registry_t matahari_serviced_t oracleasm_t oddjob_mkhomedir_t nova_volume_t nova_scheduler_t vmware_host_t saslauthd_t krb5kdc_t haproxy_t newrole_t prelink_t anaconda_t glance_api_t local_login_t openhpid_t condor_procd_t condor_negotiator_t nova_ajax_t nova_cert_t zarafa_spooler_t rpm_script_t sysadm_passwd_t zarafa_deliver_t sblim_gatherd_t system_cronjob_t zarafa_monitor_t openshift_initrc_t zarafa_indexer_t tmpreaper_t staff_consolehelper_t samba_unconfined_net_t cfengine_monitord_t unconfined_notrans_t unconfined_execmem_t pkcsslotd_t cfengine_serverd_t devicekit_disk_t firstboot_t samba_unconfined_script_t nagios_eventhandler_plugin_t rhsmcertd_t munin_unconfined_plugin_t unconfined_java_t unconfined_mono_t httpd_unconfined_script_t openvpn_unconfined_script_t groupadd_t depmod_t dirsrv_t insmod_t kernel_t kpropd_t livecd_t lldpad_t lsassd_t mongod_t oddjob_t passwd_t puppet_t racoon_t updpwd_t apmd_t bcfg2_t chfn_t clvmd_t crond_t ctdbd_t cupsd_t drbd_t ftpd_t inetd_t init_t iwhd_t l2tpd_t numad_t rhnsd_t rshd_t slpd_t smsd_t squid_t sshd_t sssd_t staff_t thin_t udev_t uuidd_t virtd_t xend_t watchdog_t nagios_unconfined_plugin_t glusterd_t devicekit_t remote_login_t inetd_child_t puppetmaster_t restorecond_t matahari_sysconfigd_t svnserve_t postgresql_t zarafa_server_t nova_direct_t matahari_hostd_t setfiles_t semanage_t sge_shepherd_t unconfined_t cmirrord_t matahari_netd_t matahari_rpcd_t cluster_t fcoemon_t foghorn_t rhev_agentd_consolehelper_t openshift_t kadmind_t ncftool_t neutron_t openvpn_t ricci_modcluster_t rlogind_t sulogin_t syslogd_t sensord_t sge_job_t yppasswdd_t zarafa_ical_t telnetd_t useradd_t namespace_init_t xserver_t condor_schedd_t condor_startd_t condor_master_t } ==  || );


-- 
Tracy Reed

Attachment: pgpN0B3ztpwLJ.pgp
Description: PGP signature

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.